./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3977040224 <...> Warning: Permanently added '10.128.1.83' (ED25519) to the list of known hosts. execve("./syz-executor3977040224", ["./syz-executor3977040224"], 0x7ffc39c9c110 /* 10 vars */) = 0 brk(NULL) = 0x5555867a3000 brk(0x5555867a3d40) = 0x5555867a3d40 arch_prctl(ARCH_SET_FS, 0x5555867a33c0) = 0 set_tid_address(0x5555867a3690) = 5824 set_robust_list(0x5555867a36a0, 24) = 0 rseq(0x5555867a3ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3977040224", 4096) = 28 getrandom("\x1d\x68\x2a\x30\x88\xd3\x2a\x8b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555867a3d40 brk(0x5555867c4d40) = 0x5555867c4d40 brk(0x5555867c5000) = 0x5555867c5000 mprotect(0x7f0aef97a000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 mkdir("./syzkaller.HXgzaR", 0700) = 0 chmod("./syzkaller.HXgzaR", 0777) = 0 chdir("./syzkaller.HXgzaR") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5825 attached , child_tidptr=0x5555867a3690) = 5825 [pid 5825] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5825] chdir("./0") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5825] write(1, "executing program\n", 18executing program ) = 18 [pid 5825] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 5825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 5825] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 5827 attached => {parent_tid=[5827]}, 88) = 5827 [pid 5827] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5827] <... rseq resumed>) = 0 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5827] set_robust_list(0x7f0aef8a99a0, 24) = 0 [pid 5825] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] <... futex resumed>) = 0 [pid 5827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5825] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5827] memfd_create("syzkaller", 0) = 3 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5827] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5827] close(3) = 0 [pid 5827] close(4) = 0 [pid 5827] mkdir("./file0", 0777) = 0 [ 85.775184][ T5827] loop0: detected capacity change from 0 to 32768 [ 85.810386][ T5827] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (5827) [ 85.844013][ T5827] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 85.855070][ T5827] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 85.864392][ T5827] BTRFS info (device loop0): using free-space-tree [pid 5827] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 5827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_CLR_FD) = 0 [pid 5827] close(4) = 0 [pid 5827] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5827] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... futex resumed>) = 0 [pid 5827] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 85.975622][ T5827] BTRFS info (device loop0): rebuilding free space tree [pid 5825] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 86.031496][ T5827] BTRFS info (device loop0): balance: start -d -m [ 86.043551][ T5827] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5825] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 5825] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 5846 attached [pid 5846] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 5825] <... clone3 resumed> => {parent_tid=[5846]}, 88) = 5846 [pid 5846] <... rseq resumed>) = 0 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5846] set_robust_list(0x7f0aef8889a0, 24 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] <... set_robust_list resumed>) = 0 [pid 5825] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] <... futex resumed>) = 0 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5825] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] chdir("./file0") = 0 [pid 5846] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5846] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... futex resumed>) = 0 [pid 5846] openat(AT_FDCWD, ".", O_RDONLY [pid 5825] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... openat resumed>) = 4 [pid 5846] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5846] <... futex resumed>) = 1 [pid 5825] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 5825] <... futex resumed>) = 0 [ 86.106485][ T5827] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5825] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5825] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 5825] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 5847 attached => {parent_tid=[5847]}, 88) = 5847 [pid 5847] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] <... rseq resumed>) = 0 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] set_robust_list(0x7f0aef8679a0, 24 [pid 5825] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5825] <... futex resumed>) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 5847] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5847] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... futex resumed>) = 0 [pid 5847] memfd_create("syzkaller", 0 [pid 5825] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5847] <... memfd_create resumed>) = 5 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5847] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5847] munmap(0x7f0ae7400000, 138412032 [pid 5846] <... ioctl resumed>) = 0 [pid 5847] <... munmap resumed>) = 0 [pid 5846] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5846] <... futex resumed>) = 0 [pid 5847] <... openat resumed>) = 6 [pid 5847] ioctl(6, LOOP_SET_FD, 5 [pid 5846] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] ioctl(6, LOOP_CLR_FD) = 0 [pid 5847] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5847] close(6) = 0 [pid 5847] close(5) = 0 [pid 5847] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5847] <... futex resumed>) = 1 [ 86.276533][ T5827] BTRFS info (device loop0): found 7 extents, stage: move data extents [ 86.323297][ T5827] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5847] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5827] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] exit_group(0 [pid 5847] <... futex resumed>) = ? [pid 5827] <... futex resumed>) = ? [pid 5825] <... exit_group resumed>) = ? [pid 5847] +++ exited with 0 +++ [pid 5827] +++ exited with 0 +++ [pid 5846] <... futex resumed>) = ? [pid 5846] +++ exited with 0 +++ [pid 5825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5825, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=43 /* 0.43 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 [ 86.382398][ T5827] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 86.490476][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached , child_tidptr=0x5555867a3690) = 5849 [pid 5849] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5849] chdir("./1") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5849] write(1, "executing program\n", 18) = 18 [pid 5849] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 5849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 5849] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 5850 attached [pid 5850] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 5849] <... clone3 resumed> => {parent_tid=[5850]}, 88) = 5850 [pid 5850] set_robust_list(0x7f0aef8a99a0, 24 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] <... set_robust_list resumed>) = 0 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] <... futex resumed>) = 0 [pid 5850] memfd_create("syzkaller", 0 [pid 5849] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5850] <... memfd_create resumed>) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [ 87.037596][ T47] cfg80211: failed to load regulatory.db [pid 5850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5850] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file0", 0777) = 0 [ 87.230140][ T5850] loop0: detected capacity change from 0 to 32768 [ 87.260045][ T5850] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (5850) [ 87.316870][ T5850] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 87.331774][ T5850] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 87.341639][ T5850] BTRFS info (device loop0): using free-space-tree [pid 5850] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 5850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_CLR_FD) = 0 [pid 5850] close(4) = 0 [pid 5850] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 87.436078][ T5850] BTRFS info (device loop0): rebuilding free space tree [pid 5850] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 1 [pid 5850] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 87.508190][ T5850] BTRFS info (device loop0): balance: start -d -m [ 87.517068][ T5850] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5849] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5849] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 5849] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [ 87.551368][ T5850] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 5868 attached [pid 5868] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 5868] set_robust_list(0x7f0aef8889a0, 24 [pid 5849] <... clone3 resumed> => {parent_tid=[5868]}, 88) = 5868 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] chdir("./file0" [pid 5849] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... chdir resumed>) = 0 [pid 5849] <... futex resumed>) = 0 [pid 5868] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5849] <... futex resumed>) = 0 [pid 5868] openat(AT_FDCWD, ".", O_RDONLY [pid 5849] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... openat resumed>) = 4 [pid 5868] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5868] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 5849] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 87.593145][ T5850] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5849] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5849] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 5849] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE [pid 5868] <... ioctl resumed>) = 0 [ 87.643882][ T5850] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5849] <... mprotect resumed>) = 0 [pid 5868] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 5869 attached [pid 5869] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 5849] <... clone3 resumed> => {parent_tid=[5869]}, 88) = 5869 [pid 5869] <... rseq resumed>) = 0 [pid 5850] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] set_robust_list(0x7f0aef8679a0, 24 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5849] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 5850] <... futex resumed>) = 0 [pid 5849] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5849] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5850] <... futex resumed>) = 0 [pid 5850] memfd_create("syzkaller", 0) = 5 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5849] <... futex resumed>) = 1 [pid 5849] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5850] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5850] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5850] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [ 87.706297][ T5850] BTRFS info (device loop0): balance: ended with status: 0 [pid 5850] ioctl(6, LOOP_CLR_FD) = 0 [pid 5850] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5850] close(6) = 0 [pid 5850] close(5) = 0 [pid 5850] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5850] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] exit_group(0 [pid 5869] <... futex resumed>) = ? [pid 5868] <... futex resumed>) = ? [pid 5850] <... futex resumed>) = ? [pid 5849] <... exit_group resumed>) = ? [pid 5869] +++ exited with 0 +++ [pid 5868] +++ exited with 0 +++ [pid 5850] +++ exited with 0 +++ [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 87.904311][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached , child_tidptr=0x5555867a3690) = 5871 [pid 5871] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5871] chdir("./2") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] write(1, "executing program\n", 18executing program ) = 18 [pid 5871] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 5871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 5871] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 5872 attached [pid 5872] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 5872] set_robust_list(0x7f0aef8a99a0, 24) = 0 [pid 5871] <... clone3 resumed> => {parent_tid=[5872]}, 88) = 5872 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5872] memfd_create("syzkaller", 0 [pid 5871] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] <... memfd_create resumed>) = 3 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5872] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [pid 5872] close(4) = 0 [pid 5872] mkdir("./file0", 0777) = 0 [ 88.306971][ T5872] loop0: detected capacity change from 0 to 32768 [ 88.347137][ T5872] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (5872) [ 88.369587][ T5872] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 88.380317][ T5872] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.390288][ T5872] BTRFS info (device loop0): using free-space-tree [pid 5872] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 5872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_CLR_FD) = 0 [ 88.468736][ T5872] BTRFS info (device loop0): rebuilding free space tree [pid 5872] close(4) = 0 [pid 5872] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5872] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5872] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5871] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5871] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.560379][ T5872] BTRFS info (device loop0): balance: start -d -m [ 88.569063][ T5872] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 5871] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 5890 attached => {parent_tid=[5890]}, 88) = 5890 [pid 5890] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] <... rseq resumed>) = 0 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] set_robust_list(0x7f0aef8889a0, 24 [pid 5871] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... set_robust_list resumed>) = 0 [pid 5871] <... futex resumed>) = 0 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] chdir("./file0") = 0 [pid 5890] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5890] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5890] openat(AT_FDCWD, ".", O_RDONLY [pid 5871] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] <... openat resumed>) = 4 [pid 5890] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5890] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 5871] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.608509][ T5872] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5871] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5871] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 5871] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 5891 attached => {parent_tid=[5891]}, 88) = 5891 [pid 5891] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] <... rseq resumed>) = 0 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 5871] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... futex resumed>) = 0 [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 5891] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5891] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5891] memfd_create("syzkaller", 0) = 5 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5891] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5891] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5891] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5891] ioctl(6, LOOP_CLR_FD) = 0 [pid 5891] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5891] close(6) = 0 [pid 5891] close(5 [pid 5890] <... ioctl resumed>) = 0 [pid 5890] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] <... close resumed>) = 0 [pid 5891] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [ 88.795435][ T5872] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 88.846931][ T5872] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5891] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5872] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] exit_group(0 [pid 5891] <... futex resumed>) = ? [pid 5890] <... futex resumed>) = ? [pid 5872] <... futex resumed>) = ? [pid 5871] <... exit_group resumed>) = ? [pid 5891] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ [pid 5872] +++ exited with 0 +++ [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=41 /* 0.41 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 88.890026][ T5872] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 88.957091][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5893 attached [pid 5893] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 5893 [pid 5893] chdir("./3") = 0 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] setpgid(0, 0) = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5893] write(3, "1000", 4) = 4 [pid 5893] close(3) = 0 [pid 5893] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5893] write(1, "executing program\n", 18) = 18 [pid 5893] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 5893] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 5893] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 5894 attached [pid 5894] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 5893] <... clone3 resumed> => {parent_tid=[5894]}, 88) = 5894 [pid 5894] set_robust_list(0x7f0aef8a99a0, 24 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5894] <... set_robust_list resumed>) = 0 [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5894] memfd_create("syzkaller", 0) = 3 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5894] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5894] close(3) = 0 [pid 5894] close(4) = 0 [pid 5894] mkdir("./file0", 0777) = 0 [ 89.610277][ T5894] loop0: detected capacity change from 0 to 32768 [ 89.651755][ T5894] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (5894) [ 89.672257][ T5894] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 89.683124][ T5894] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.693564][ T5894] BTRFS info (device loop0): using free-space-tree [pid 5894] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 5894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_CLR_FD) = 0 [pid 5894] close(4) = 0 [pid 5894] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5894] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 89.791602][ T5894] BTRFS info (device loop0): rebuilding free space tree [ 89.826157][ T5894] BTRFS info (device loop0): balance: start -d -m [pid 5893] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5893] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 5893] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 5912 attached => {parent_tid=[5912]}, 88) = 5912 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 5912] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5912] chdir("./file0") = 0 [pid 5912] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5912] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] openat(AT_FDCWD, ".", O_RDONLY [pid 5893] <... futex resumed>) = 0 [pid 5912] <... openat resumed>) = 4 [pid 5893] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5912] <... futex resumed>) = 0 [pid 5893] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 5893] <... futex resumed>) = 0 [ 89.840824][ T5894] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 89.874355][ T5894] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5893] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5893] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 5893] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 5913 attached => {parent_tid=[5913]}, 88) = 5913 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 5893] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... rseq resumed>) = 0 [pid 5913] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 5913] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5913] memfd_create("syzkaller", 0 [pid 5893] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... memfd_create resumed>) = 5 [pid 5893] <... futex resumed>) = 0 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5893] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5913] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5913] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5913] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5913] ioctl(6, LOOP_CLR_FD) = 0 [pid 5913] ioctl(6, LOOP_SET_FD, 5 [pid 5912] <... ioctl resumed>) = 0 [pid 5913] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5912] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] close(6 [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] <... close resumed>) = 0 [pid 5913] close(5) = 0 [pid 5913] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... futex resumed>) = 0 [ 90.017173][ T5894] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5894] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5894] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] exit_group(0 [pid 5913] <... futex resumed>) = ? [pid 5913] +++ exited with 0 +++ [pid 5912] <... futex resumed>) = ? [pid 5894] <... futex resumed>) = ? [pid 5893] <... exit_group resumed>) = ? [pid 5894] +++ exited with 0 +++ [pid 5912] +++ exited with 0 +++ [pid 5893] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 90.057617][ T5894] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 90.087602][ T5894] BTRFS info (device loop0): balance: ended with status: 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 90.248113][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5914 attached [pid 5914] set_robust_list(0x5555867a36a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 5914 [pid 5914] <... set_robust_list resumed>) = 0 [pid 5914] chdir("./4") = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5914] setpgid(0, 0) = 0 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5914] write(3, "1000", 4) = 4 [pid 5914] close(3) = 0 [pid 5914] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5914] write(1, "executing program\n", 18) = 18 [pid 5914] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 5914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 5914] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 5915 attached [pid 5915] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 5914] <... clone3 resumed> => {parent_tid=[5915]}, 88) = 5915 [pid 5915] set_robust_list(0x7f0aef8a99a0, 24 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] <... set_robust_list resumed>) = 0 [pid 5914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5914] <... futex resumed>) = 0 [pid 5915] memfd_create("syzkaller", 0 [pid 5914] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5915] <... memfd_create resumed>) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5915] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] close(4) = 0 [pid 5915] mkdir("./file0", 0777) = 0 [ 90.876731][ T5915] loop0: detected capacity change from 0 to 32768 [ 90.920077][ T5915] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (5915) [ 90.939696][ T5915] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 90.952782][ T5915] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 90.962942][ T5915] BTRFS info (device loop0): using free-space-tree [pid 5915] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 5915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_CLR_FD) = 0 [pid 5915] close(4) = 0 [pid 5915] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... futex resumed>) = 1 [ 91.047115][ T5915] BTRFS info (device loop0): rebuilding free space tree [ 91.087058][ T5915] BTRFS info (device loop0): balance: start -d -m [pid 5915] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5914] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5914] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 5914] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 5933 attached [pid 5933] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 5914] <... clone3 resumed> => {parent_tid=[5933]}, 88) = 5933 [pid 5933] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 5933] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5914] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5933] chdir("./file0") = 0 [pid 5933] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5933] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5914] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] openat(AT_FDCWD, ".", O_RDONLY [pid 5914] <... futex resumed>) = 0 [pid 5933] <... openat resumed>) = 4 [pid 5914] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5933] <... futex resumed>) = 0 [pid 5914] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 5914] <... futex resumed>) = 0 [ 91.095730][ T5915] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 91.130511][ T5915] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5914] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5914] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 5914] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[5934]}, 88) = 5934 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5934 attached NULL, 8) = 0 [pid 5914] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 5934] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5934] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 5934] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5934] <... futex resumed>) = 1 [pid 5934] memfd_create("syzkaller", 0) = 5 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5934] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5934] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5934] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5934] ioctl(6, LOOP_CLR_FD) = 0 [pid 5934] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5934] close(6) = 0 [pid 5934] close(5) = 0 [pid 5934] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = 0 [pid 5934] <... futex resumed>) = 1 [pid 5934] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] <... ioctl resumed>) = 0 [pid 5933] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.289907][ T5915] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 91.320277][ T5915] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5933] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5915] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] exit_group(0 [pid 5934] <... futex resumed>) = ? [pid 5933] <... futex resumed>) = ? [pid 5915] <... futex resumed>) = ? [pid 5914] <... exit_group resumed>) = ? [pid 5934] +++ exited with 0 +++ [pid 5933] +++ exited with 0 +++ [pid 5915] +++ exited with 0 +++ [pid 5914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [ 91.348200][ T5915] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 91.541657][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5935 attached , child_tidptr=0x5555867a3690) = 5935 [pid 5935] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5935] chdir("./5") = 0 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4) = 4 [pid 5935] close(3) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5935] write(1, "executing program\n", 18) = 18 [pid 5935] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 5935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 5935] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 5936 attached => {parent_tid=[5936]}, 88) = 5936 [pid 5936] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5936] <... rseq resumed>) = 0 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5936] set_robust_list(0x7f0aef8a99a0, 24 [pid 5935] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5935] <... futex resumed>) = 0 [pid 5936] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5936] memfd_create("syzkaller", 0) = 3 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5936] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] close(4) = 0 [pid 5936] mkdir("./file0", 0777) = 0 [ 91.869239][ T5936] loop0: detected capacity change from 0 to 32768 [ 91.910857][ T5936] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (5936) [ 91.931381][ T5936] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 91.941751][ T5936] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 91.954916][ T5936] BTRFS info (device loop0): using free-space-tree [pid 5936] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 5936] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_CLR_FD) = 0 [pid 5936] close(4) = 0 [pid 5936] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5936] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5935] <... futex resumed>) = 0 [pid 5936] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 91.983491][ T5936] BTRFS info (device loop0): rebuilding free space tree [ 92.017873][ T5936] BTRFS info (device loop0): balance: start -d -m [pid 5935] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5935] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [ 92.028449][ T5936] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5935] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 5953 attached [pid 5953] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 5953] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5953] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] <... clone3 resumed> => {parent_tid=[5953]}, 88) = 5953 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5935] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5953] chdir("./file0" [pid 5935] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... chdir resumed>) = 0 [pid 5953] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5953] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] <... futex resumed>) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5935] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5935] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = 0 [pid 5935] <... futex resumed>) = 1 [pid 5953] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 92.065134][ T5936] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5935] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5935] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] <... ioctl resumed>) = 0 [pid 5953] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5953] <... futex resumed>) = 0 [pid 5935] <... mmap resumed>) = 0x7f0aef847000 [pid 5953] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 5954 attached [pid 5954] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 5954] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 5954] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] <... clone3 resumed> => {parent_tid=[5954]}, 88) = 5954 [pid 5954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5954] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5935] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5935] <... futex resumed>) = 1 [pid 5935] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 5954] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5954] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = 0 [pid 5935] <... futex resumed>) = 1 [pid 5953] memfd_create("syzkaller", 0 [pid 5935] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5953] <... memfd_create resumed>) = 5 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [ 92.177267][ T5936] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 92.207068][ T5936] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5953] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5953] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5953] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5953] ioctl(6, LOOP_CLR_FD) = 0 [pid 5936] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5936] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] ioctl(6, LOOP_SET_FD, 5 [pid 5936] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5953] close(6) = 0 [pid 5953] close(5) = 0 [pid 5953] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [ 92.240642][ T5936] BTRFS info (device loop0): balance: ended with status: 0 [pid 5953] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] exit_group(0 [pid 5954] <... futex resumed>) = ? [pid 5953] <... futex resumed>) = ? [pid 5936] <... futex resumed>) = ? [pid 5935] <... exit_group resumed>) = ? [pid 5954] +++ exited with 0 +++ [pid 5953] +++ exited with 0 +++ [pid 5936] +++ exited with 0 +++ [pid 5935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 92.360935][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 rmdir("./5/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5956 attached , child_tidptr=0x5555867a3690) = 5956 [pid 5956] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5956] chdir("./6") = 0 [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5956] setpgid(0, 0) = 0 [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5956] write(3, "1000", 4) = 4 [pid 5956] close(3) = 0 [pid 5956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5956] write(1, "executing program\n", 18executing program ) = 18 [pid 5956] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 5956] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 5956] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 5957 attached [pid 5957] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 5956] <... clone3 resumed> => {parent_tid=[5957]}, 88) = 5957 [pid 5957] <... rseq resumed>) = 0 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], [pid 5957] set_robust_list(0x7f0aef8a99a0, 24 [pid 5956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5957] <... set_robust_list resumed>) = 0 [pid 5956] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] <... futex resumed>) = 0 [pid 5957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5956] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5957] memfd_create("syzkaller", 0) = 3 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5957] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5957] close(3) = 0 [pid 5957] close(4) = 0 [pid 5957] mkdir("./file0", 0777) = 0 [ 92.698705][ T5957] loop0: detected capacity change from 0 to 32768 [ 92.730769][ T5957] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (5957) [ 92.754232][ T5957] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 92.765139][ T5957] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.774413][ T5957] BTRFS info (device loop0): using free-space-tree [pid 5957] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 5957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_CLR_FD) = 0 [pid 5957] close(4) = 0 [pid 5957] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5957] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5956] <... futex resumed>) = 0 [pid 5957] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 92.850295][ T5957] BTRFS info (device loop0): rebuilding free space tree [pid 5956] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5956] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [ 92.917563][ T5957] BTRFS info (device loop0): balance: start -d -m [ 92.925916][ T5957] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5956] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0} => {parent_tid=[5975]}, 88) = 5975 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5956] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5975 attached [pid 5975] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 5975] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 5975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5975] chdir("./file0") = 0 [pid 5975] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5975] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5956] <... futex resumed>) = 0 [pid 5956] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5975] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5975] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 5956] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 92.963076][ T5957] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5956] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5956] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 5956] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 5976 attached => {parent_tid=[5976]}, 88) = 5976 [pid 5976] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], [pid 5976] <... rseq resumed>) = 0 [pid 5956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5976] set_robust_list(0x7f0aef8679a0, 24 [pid 5956] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... set_robust_list resumed>) = 0 [pid 5956] <... futex resumed>) = 0 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5976] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 5976] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5976] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5956] <... futex resumed>) = 0 [pid 5976] memfd_create("syzkaller", 0 [pid 5956] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5976] <... memfd_create resumed>) = 5 [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5976] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5976] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5976] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5976] ioctl(6, LOOP_CLR_FD) = 0 [pid 5976] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5976] close(6) = 0 [pid 5976] close(5) = 0 [pid 5975] <... ioctl resumed>) = 0 [pid 5976] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5976] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5975] <... futex resumed>) = 0 [ 93.113573][ T5957] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 93.145571][ T5957] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5975] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5957] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] exit_group(0 [pid 5976] <... futex resumed>) = ? [pid 5975] <... futex resumed>) = ? [pid 5956] <... exit_group resumed>) = ? [pid 5976] +++ exited with 0 +++ [pid 5975] +++ exited with 0 +++ [pid 5957] <... futex resumed>) = ? [pid 5957] +++ exited with 0 +++ [pid 5956] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 93.171481][ T5957] BTRFS info (device loop0): balance: ended with status: 0 [ 93.205988][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5977 attached [pid 5977] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5977] chdir("./7" [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 5977 [pid 5977] <... chdir resumed>) = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5977] setpgid(0, 0) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5977] write(3, "1000", 4) = 4 [pid 5977] close(3) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5977] write(1, "executing program\n", 18) = 18 [pid 5977] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 5977] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 5977] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 5978 attached [pid 5978] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 5977] <... clone3 resumed> => {parent_tid=[5978]}, 88) = 5978 [pid 5978] <... rseq resumed>) = 0 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], [pid 5978] set_robust_list(0x7f0aef8a99a0, 24 [pid 5977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5978] <... set_robust_list resumed>) = 0 [pid 5978] rt_sigprocmask(SIG_SETMASK, [], [pid 5977] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5978] memfd_create("syzkaller", 0 [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5978] <... memfd_create resumed>) = 3 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5978] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5978] close(3) = 0 [pid 5978] close(4) = 0 [pid 5978] mkdir("./file0", 0777) = 0 [ 93.675087][ T5978] loop0: detected capacity change from 0 to 32768 [ 93.706992][ T5978] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (5978) [ 93.730796][ T5978] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 93.741567][ T5978] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.751808][ T5978] BTRFS info (device loop0): using free-space-tree [pid 5978] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 5978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5978] ioctl(4, LOOP_CLR_FD) = 0 [pid 5978] close(4) = 0 [pid 5978] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5977] <... futex resumed>) = 0 [ 93.856224][ T5978] BTRFS info (device loop0): rebuilding free space tree [ 93.892688][ T5978] BTRFS info (device loop0): balance: start -d -m [ 93.901988][ T5978] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5977] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5977] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 5977] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 5996 attached => {parent_tid=[5996]}, 88) = 5996 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5996] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 5996] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 5996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5996] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 1 [pid 5996] chdir("./file0" [pid 5977] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... chdir resumed>) = 0 [pid 5996] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5996] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... futex resumed>) = 1 [ 93.941465][ T5978] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5996] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 5977] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5977] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 5977] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 5997 attached => {parent_tid=[5997]}, 88) = 5997 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5977] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 5977] <... futex resumed>) = 0 [pid 5997] <... rseq resumed>) = 0 [pid 5977] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 5997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5997] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 5997] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [pid 5997] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5977] <... futex resumed>) = 0 [pid 5997] memfd_create("syzkaller", 0 [pid 5977] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5997] <... memfd_create resumed>) = 5 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5997] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5997] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5996] <... ioctl resumed>) = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5996] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... openat resumed>) = 6 [pid 5996] <... futex resumed>) = 0 [pid 5997] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5996] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] ioctl(6, LOOP_CLR_FD) = 0 [pid 5997] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5997] close(6) = 0 [pid 5997] close(5) = 0 [pid 5997] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5977] <... futex resumed>) = 0 [ 94.072082][ T5978] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5997] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5978] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] exit_group(0 [pid 5997] <... futex resumed>) = ? [pid 5996] <... futex resumed>) = ? [pid 5977] <... exit_group resumed>) = ? [pid 5997] +++ exited with 0 +++ [pid 5996] +++ exited with 0 +++ [pid 5978] <... futex resumed>) = ? [pid 5978] +++ exited with 0 +++ [pid 5977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- [ 94.121067][ T5978] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 94.149709][ T5978] BTRFS info (device loop0): balance: ended with status: 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 94.318939][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5998 attached , child_tidptr=0x5555867a3690) = 5998 [pid 5998] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5998] chdir("./8") = 0 [pid 5998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5998] setpgid(0, 0) = 0 [pid 5998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5998] write(3, "1000", 4) = 4 [pid 5998] close(3) = 0 [pid 5998] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5998] write(1, "executing program\n", 18) = 18 [pid 5998] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 5998] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 5998] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5998] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 5999 attached [pid 5999] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 5998] <... clone3 resumed> => {parent_tid=[5999]}, 88) = 5999 [pid 5999] <... rseq resumed>) = 0 [pid 5999] set_robust_list(0x7f0aef8a99a0, 24) = 0 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5999] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5998] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5998] <... futex resumed>) = 1 [pid 5999] memfd_create("syzkaller", 0 [pid 5998] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5999] <... memfd_create resumed>) = 3 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 5999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5999] munmap(0x7f0ae7400000, 138412032) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5999] close(3) = 0 [pid 5999] close(4) = 0 [pid 5999] mkdir("./file0", 0777) = 0 [ 95.021257][ T5999] loop0: detected capacity change from 0 to 32768 [ 95.065086][ T5999] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (5999) [ 95.086997][ T5999] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 95.097845][ T5999] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 95.107676][ T5999] BTRFS info (device loop0): using free-space-tree [pid 5999] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 5999] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5999] ioctl(4, LOOP_CLR_FD) = 0 [pid 5999] close(4) = 0 [pid 5999] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 5999] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] <... futex resumed>) = 0 [pid 5999] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 95.183269][ T5999] BTRFS info (device loop0): rebuilding free space tree [pid 5998] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5998] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 5998] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5998] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6017 attached [pid 6017] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6017] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 95.245347][ T5999] BTRFS info (device loop0): balance: start -d -m [ 95.257651][ T5999] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6017] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] <... clone3 resumed> => {parent_tid=[6017]}, 88) = 6017 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5998] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = 0 [pid 5998] <... futex resumed>) = 1 [pid 6017] chdir("./file0" [pid 5998] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] <... chdir resumed>) = 0 [pid 6017] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] <... futex resumed>) = 0 [pid 6017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] openat(AT_FDCWD, ".", O_RDONLY [pid 5998] <... futex resumed>) = 0 [pid 6017] <... openat resumed>) = 4 [pid 5998] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [pid 6017] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] <... futex resumed>) = 0 [pid 6017] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 95.294928][ T5999] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5998] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5998] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 5998] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5998] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6018 attached [pid 6018] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 5998] <... clone3 resumed> => {parent_tid=[6018]}, 88) = 6018 [pid 6018] <... rseq resumed>) = 0 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] set_robust_list(0x7f0aef8679a0, 24 [pid 5998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] <... set_robust_list resumed>) = 0 [pid 5998] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], [pid 5998] <... futex resumed>) = 0 [pid 6018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6018] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... futex resumed>) = 0 [pid 5998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] <... futex resumed>) = 0 [pid 6018] memfd_create("syzkaller", 0 [pid 5998] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6018] <... memfd_create resumed>) = 5 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6018] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6017] <... ioctl resumed>) = 0 [pid 6018] <... write resumed>) = 524288 [pid 6017] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] munmap(0x7f0ae7400000, 138412032 [pid 6017] <... futex resumed>) = 0 [pid 6018] <... munmap resumed>) = 0 [pid 6017] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6018] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6018] ioctl(6, LOOP_CLR_FD) = 0 [pid 6018] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6018] close(6) = 0 [pid 6018] close(5) = 0 [pid 6018] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... futex resumed>) = 0 [ 95.434126][ T5999] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6018] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5999] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] exit_group(0 [pid 6018] <... futex resumed>) = ? [pid 6017] <... futex resumed>) = ? [pid 5999] <... futex resumed>) = ? [pid 6018] +++ exited with 0 +++ [pid 6017] +++ exited with 0 +++ [pid 5999] +++ exited with 0 +++ [pid 5998] <... exit_group resumed>) = ? [pid 5998] +++ exited with 0 +++ [ 95.478280][ T5999] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 95.504123][ T5999] BTRFS info (device loop0): balance: ended with status: 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5998, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 95.650911][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6019 attached [pid 6019] set_robust_list(0x5555867a36a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 6019 [pid 6019] <... set_robust_list resumed>) = 0 [pid 6019] chdir("./9") = 0 [pid 6019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6019] setpgid(0, 0) = 0 [pid 6019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6019] write(3, "1000", 4) = 4 [pid 6019] close(3) = 0 [pid 6019] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6019] write(1, "executing program\n", 18executing program ) = 18 [pid 6019] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6019] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6019] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6019] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6020 attached [pid 6020] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6019] <... clone3 resumed> => {parent_tid=[6020]}, 88) = 6020 [pid 6020] set_robust_list(0x7f0aef8a99a0, 24 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], [pid 6020] <... set_robust_list resumed>) = 0 [pid 6019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6020] rt_sigprocmask(SIG_SETMASK, [], [pid 6019] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6019] <... futex resumed>) = 0 [pid 6020] memfd_create("syzkaller", 0 [pid 6019] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6020] <... memfd_create resumed>) = 3 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6020] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6020] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6020] close(3) = 0 [pid 6020] close(4) = 0 [pid 6020] mkdir("./file0", 0777) = 0 [ 96.092035][ T6020] loop0: detected capacity change from 0 to 32768 [ 96.125577][ T6020] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6020) [ 96.145755][ T6020] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 96.157684][ T6020] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 96.167663][ T6020] BTRFS info (device loop0): using free-space-tree [pid 6020] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6020] ioctl(4, LOOP_CLR_FD) = 0 [pid 6020] close(4) = 0 [pid 6020] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6020] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6019] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 96.243484][ T6020] BTRFS info (device loop0): rebuilding free space tree [ 96.291971][ T6020] BTRFS info (device loop0): balance: start -d -m [ 96.303192][ T6020] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6019] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6019] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6019] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6019] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6038 attached [pid 6038] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6019] <... clone3 resumed> => {parent_tid=[6038]}, 88) = 6038 [pid 6038] <... rseq resumed>) = 0 [pid 6038] set_robust_list(0x7f0aef8889a0, 24 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], [pid 6038] <... set_robust_list resumed>) = 0 [pid 6019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6038] rt_sigprocmask(SIG_SETMASK, [], [pid 6019] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6019] <... futex resumed>) = 0 [pid 6038] chdir("./file0") = 0 [pid 6019] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6038] openat(AT_FDCWD, ".", O_RDONLY [pid 6019] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... openat resumed>) = 4 [pid 6019] <... futex resumed>) = 0 [pid 6038] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6038] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] <... futex resumed>) = 0 [pid 6038] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 96.335301][ T6020] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6019] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6019] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6019] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6019] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6039 attached => {parent_tid=[6039]}, 88) = 6039 [pid 6039] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], [pid 6039] set_robust_list(0x7f0aef8679a0, 24 [pid 6019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6039] <... set_robust_list resumed>) = 0 [pid 6019] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] rt_sigprocmask(SIG_SETMASK, [], [pid 6019] <... futex resumed>) = 0 [pid 6039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6019] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6039] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [pid 6039] memfd_create("syzkaller", 0 [pid 6019] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... memfd_create resumed>) = 5 [pid 6019] <... futex resumed>) = 0 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6019] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6039] <... mmap resumed>) = 0x7f0ae7400000 [pid 6039] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6039] munmap(0x7f0ae7400000, 138412032 [pid 6038] <... ioctl resumed>) = 0 [pid 6038] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] <... munmap resumed>) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6039] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6039] ioctl(6, LOOP_CLR_FD) = 0 [pid 6039] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6039] close(6) = 0 [pid 6039] close(5) = 0 [pid 6039] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] <... futex resumed>) = 0 [ 96.487927][ T6020] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 96.523661][ T6020] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6039] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6020] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6020] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] exit_group(0 [pid 6039] <... futex resumed>) = ? [pid 6038] <... futex resumed>) = ? [pid 6020] <... futex resumed>) = ? [pid 6019] <... exit_group resumed>) = ? [pid 6020] +++ exited with 0 +++ [pid 6039] +++ exited with 0 +++ [pid 6038] +++ exited with 0 +++ [pid 6019] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6019, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 96.562382][ T6020] BTRFS info (device loop0): balance: ended with status: 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 96.615850][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6041 attached , child_tidptr=0x5555867a3690) = 6041 [pid 6041] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6041] chdir("./10") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6041] close(3) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6041] write(1, "executing program\n", 18) = 18 [pid 6041] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6041] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6042 attached [pid 6042] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6041] <... clone3 resumed> => {parent_tid=[6042]}, 88) = 6042 [pid 6042] set_robust_list(0x7f0aef8a99a0, 24 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], [pid 6042] <... set_robust_list resumed>) = 0 [pid 6041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], [pid 6041] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6041] <... futex resumed>) = 0 [pid 6042] memfd_create("syzkaller", 0 [pid 6041] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6042] <... memfd_create resumed>) = 3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6042] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6042] close(3) = 0 [pid 6042] close(4) = 0 [pid 6042] mkdir("./file0", 0777) = 0 [ 97.034996][ T6042] loop0: detected capacity change from 0 to 32768 [ 97.076472][ T6042] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6042) [ 97.098247][ T6042] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 97.109697][ T6042] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 97.119563][ T6042] BTRFS info (device loop0): using free-space-tree [pid 6042] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6042] ioctl(4, LOOP_CLR_FD) = 0 [pid 6042] close(4) = 0 [pid 6042] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6041] <... futex resumed>) = 0 [ 97.197201][ T6042] BTRFS info (device loop0): rebuilding free space tree [pid 6041] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6041] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6041] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 97.238629][ T6042] BTRFS info (device loop0): balance: start -d -m [ 97.250247][ T6042] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0} => {parent_tid=[6060]}, 88) = 6060 ./strace-static-x86_64: Process 6060 attached [pid 6041] rt_sigprocmask(SIG_SETMASK, [], [pid 6060] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6060] <... rseq resumed>) = 0 [pid 6041] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] set_robust_list(0x7f0aef8889a0, 24 [pid 6041] <... futex resumed>) = 0 [pid 6060] <... set_robust_list resumed>) = 0 [pid 6041] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6060] chdir("./file0") = 0 [pid 6060] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = 0 [pid 6041] <... futex resumed>) = 1 [pid 6060] openat(AT_FDCWD, ".", O_RDONLY [pid 6041] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] <... openat resumed>) = 4 [pid 6060] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] <... futex resumed>) = 0 [pid 6060] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6041] <... futex resumed>) = 0 [pid 6060] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 97.287803][ T6042] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6041] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6041] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6041] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6061 attached => {parent_tid=[6061]}, 88) = 6061 [pid 6061] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6041] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... rseq resumed>) = 0 [pid 6041] <... futex resumed>) = 0 [pid 6061] set_robust_list(0x7f0aef8679a0, 24 [pid 6041] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... set_robust_list resumed>) = 0 [pid 6061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6061] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP [pid 6060] <... ioctl resumed>) = 0 [pid 6061] <... move_mount resumed>) = -1 EFAULT (Bad address) [pid 6061] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 1 [pid 6060] <... futex resumed>) = 0 [pid 6041] <... futex resumed>) = 0 [pid 6061] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] memfd_create("syzkaller", 0 [pid 6041] <... futex resumed>) = 0 [pid 6060] <... memfd_create resumed>) = 5 [pid 6041] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6060] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6060] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6060] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6060] ioctl(6, LOOP_CLR_FD) = 0 [pid 6060] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6060] close(6) = 0 [pid 6060] close(5) = 0 [pid 6060] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] <... futex resumed>) = 0 [ 97.438978][ T6042] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 97.473323][ T6042] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6060] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6042] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] exit_group(0 [pid 6042] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] <... futex resumed>) = ? [pid 6060] <... futex resumed>) = ? [pid 6042] <... futex resumed>) = ? [pid 6041] <... exit_group resumed>) = ? [pid 6061] +++ exited with 0 +++ [pid 6060] +++ exited with 0 +++ [pid 6042] +++ exited with 0 +++ [pid 6041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 97.520253][ T6042] BTRFS info (device loop0): balance: ended with status: 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 97.622126][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6063 attached [pid 6063] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 6063 [pid 6063] chdir("./11") = 0 [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6063] setpgid(0, 0) = 0 [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6063] write(3, "1000", 4) = 4 [pid 6063] close(3) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6063] write(1, "executing program\n", 18) = 18 [pid 6063] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6063] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6064 attached [pid 6064] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6063] <... clone3 resumed> => {parent_tid=[6064]}, 88) = 6064 [pid 6064] <... rseq resumed>) = 0 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], [pid 6064] set_robust_list(0x7f0aef8a99a0, 24 [pid 6063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6064] <... set_robust_list resumed>) = 0 [pid 6063] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], [pid 6063] <... futex resumed>) = 0 [pid 6064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6063] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6064] memfd_create("syzkaller", 0) = 3 [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6064] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6064] close(3) = 0 [pid 6064] close(4) = 0 [pid 6064] mkdir("./file0", 0777) = 0 [ 98.128966][ T6064] loop0: detected capacity change from 0 to 32768 [ 98.154336][ T6064] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6064) [ 98.173810][ T6064] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 98.184914][ T6064] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 98.194193][ T6064] BTRFS info (device loop0): using free-space-tree [pid 6064] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6064] ioctl(4, LOOP_CLR_FD) = 0 [pid 6064] close(4) = 0 [pid 6064] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [ 98.259536][ T6064] BTRFS info (device loop0): rebuilding free space tree [pid 6064] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6063] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.324657][ T6064] BTRFS info (device loop0): balance: start -d -m [ 98.335153][ T6064] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6063] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6063] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6063] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6082 attached [pid 6082] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6063] <... clone3 resumed> => {parent_tid=[6082]}, 88) = 6082 [pid 6082] <... rseq resumed>) = 0 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], [pid 6082] set_robust_list(0x7f0aef8889a0, 24 [pid 6063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6082] <... set_robust_list resumed>) = 0 [pid 6063] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], [pid 6063] <... futex resumed>) = 0 [pid 6082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6063] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] chdir("./file0") = 0 [pid 6082] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = 1 [pid 6063] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] openat(AT_FDCWD, ".", O_RDONLY [pid 6063] <... futex resumed>) = 0 [pid 6082] <... openat resumed>) = 4 [pid 6063] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6082] <... futex resumed>) = 0 [pid 6063] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6063] <... futex resumed>) = 0 [ 98.367749][ T6064] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6063] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6063] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6063] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6083 attached => {parent_tid=[6083]}, 88) = 6083 [pid 6083] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], [pid 6083] <... rseq resumed>) = 0 [pid 6063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6063] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] set_robust_list(0x7f0aef8679a0, 24 [pid 6063] <... futex resumed>) = 0 [pid 6083] <... set_robust_list resumed>) = 0 [pid 6063] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6083] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6083] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6083] memfd_create("syzkaller", 0 [pid 6063] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... memfd_create resumed>) = 5 [pid 6063] <... futex resumed>) = 0 [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6063] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6083] <... mmap resumed>) = 0x7f0ae7400000 [pid 6083] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6082] <... ioctl resumed>) = 0 [pid 6082] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... write resumed>) = 524288 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6083] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6083] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6083] ioctl(6, LOOP_CLR_FD) = 0 [pid 6083] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6083] close(6) = 0 [pid 6083] close(5) = 0 [pid 6083] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... futex resumed>) = 0 [ 98.507580][ T6064] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 98.544086][ T6064] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6064] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6064] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] exit_group(0 [pid 6064] <... futex resumed>) = 0 [pid 6083] <... futex resumed>) = ? [pid 6082] <... futex resumed>) = ? [pid 6083] +++ exited with 0 +++ [pid 6082] +++ exited with 0 +++ [pid 6063] <... exit_group resumed>) = ? [pid 6064] +++ exited with 0 +++ [pid 6063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 98.572650][ T6064] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 98.743066][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6084 attached , child_tidptr=0x5555867a3690) = 6084 [pid 6084] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6084] chdir("./12") = 0 [pid 6084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6084] setpgid(0, 0) = 0 [pid 6084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6084] write(3, "1000", 4) = 4 [pid 6084] close(3) = 0 [pid 6084] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6084] write(1, "executing program\n", 18) = 18 [pid 6084] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6084] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6085 attached [pid 6085] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6084] <... clone3 resumed> => {parent_tid=[6085]}, 88) = 6085 [pid 6085] set_robust_list(0x7f0aef8a99a0, 24 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], [pid 6085] <... set_robust_list resumed>) = 0 [pid 6084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6085] rt_sigprocmask(SIG_SETMASK, [], [pid 6084] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6084] <... futex resumed>) = 0 [pid 6085] memfd_create("syzkaller", 0 [pid 6084] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6085] <... memfd_create resumed>) = 3 [pid 6085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6085] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6085] close(3) = 0 [pid 6085] close(4) = 0 [pid 6085] mkdir("./file0", 0777) = 0 [ 99.167367][ T6085] loop0: detected capacity change from 0 to 32768 [ 99.199399][ T6085] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6085) [ 99.217960][ T6085] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 99.228707][ T6085] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 99.238056][ T6085] BTRFS info (device loop0): using free-space-tree [pid 6085] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6085] ioctl(4, LOOP_CLR_FD) = 0 [pid 6085] close(4) = 0 [pid 6085] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6085] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6084] <... futex resumed>) = 0 [pid 6085] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 99.293000][ T6085] BTRFS info (device loop0): rebuilding free space tree [ 99.328361][ T6085] BTRFS info (device loop0): balance: start -d -m [ 99.336556][ T6085] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6084] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6084] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6084] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6102 attached [pid 6102] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6084] <... clone3 resumed> => {parent_tid=[6102]}, 88) = 6102 [pid 6102] <... rseq resumed>) = 0 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], [pid 6102] set_robust_list(0x7f0aef8889a0, 24 [pid 6084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6102] <... set_robust_list resumed>) = 0 [pid 6084] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], [pid 6084] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6102] chdir("./file0") = 0 [pid 6102] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6102] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6084] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6102] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6084] <... futex resumed>) = 0 [pid 6102] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 99.369960][ T6085] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 99.409447][ T6085] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6084] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... ioctl resumed>) = 0 [pid 6084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6102] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6084] <... futex resumed>) = 0 [pid 6102] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6084] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6103]}, 88) = 6103 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6084] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6103 attached [pid 6103] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6103] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6103] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6103] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6103] <... futex resumed>) = 1 [pid 6084] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] <... futex resumed>) = 0 [pid 6084] <... futex resumed>) = 1 [pid 6102] memfd_create("syzkaller", 0 [pid 6084] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6102] <... memfd_create resumed>) = 5 [pid 6102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6102] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6085] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6085] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] munmap(0x7f0ae7400000, 138412032 [pid 6085] <... futex resumed>) = 0 [pid 6102] <... munmap resumed>) = 0 [pid 6085] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6102] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6102] ioctl(6, LOOP_CLR_FD) = 0 [pid 6102] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [ 99.493887][ T6085] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 99.523009][ T6085] BTRFS info (device loop0): balance: ended with status: 0 [pid 6102] close(6) = 0 [pid 6102] close(5) = 0 [pid 6102] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] <... futex resumed>) = 0 [pid 6102] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] exit_group(0 [pid 6103] <... futex resumed>) = ? [pid 6102] <... futex resumed>) = ? [pid 6085] <... futex resumed>) = ? [pid 6084] <... exit_group resumed>) = ? [pid 6103] +++ exited with 0 +++ [pid 6102] +++ exited with 0 +++ [pid 6085] +++ exited with 0 +++ [pid 6084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6084, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 99.646908][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6105 attached , child_tidptr=0x5555867a3690) = 6105 [pid 6105] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6105] chdir("./13") = 0 [pid 6105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6105] setpgid(0, 0) = 0 [pid 6105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6105] write(3, "1000", 4) = 4 [pid 6105] close(3) = 0 [pid 6105] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6105] write(1, "executing program\n", 18) = 18 [pid 6105] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6105] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6106 attached [pid 6106] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6105] <... clone3 resumed> => {parent_tid=[6106]}, 88) = 6106 [pid 6105] rt_sigprocmask(SIG_SETMASK, [], [pid 6106] <... rseq resumed>) = 0 [pid 6105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6106] set_robust_list(0x7f0aef8a99a0, 24 [pid 6105] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] <... set_robust_list resumed>) = 0 [pid 6105] <... futex resumed>) = 0 [pid 6106] rt_sigprocmask(SIG_SETMASK, [], [pid 6105] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6106] memfd_create("syzkaller", 0) = 3 [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6106] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6106] close(3) = 0 [pid 6106] close(4) = 0 [pid 6106] mkdir("./file0", 0777) = 0 [ 100.081741][ T6106] loop0: detected capacity change from 0 to 32768 [ 100.125439][ T6106] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6106) [ 100.147177][ T6106] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 100.157687][ T6106] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 100.167601][ T6106] BTRFS info (device loop0): using free-space-tree [pid 6106] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6106] ioctl(4, LOOP_CLR_FD) = 0 [pid 6106] close(4) = 0 [pid 6106] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6105] <... futex resumed>) = 0 [ 100.226037][ T6106] BTRFS info (device loop0): rebuilding free space tree [pid 6105] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6105] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6105] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6123 attached [pid 6123] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6105] <... clone3 resumed> => {parent_tid=[6123]}, 88) = 6123 [pid 6123] set_robust_list(0x7f0aef8889a0, 24) = 0 [ 100.273703][ T6106] BTRFS info (device loop0): balance: start -d -m [ 100.281684][ T6106] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 100.307787][ T6106] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6105] rt_sigprocmask(SIG_SETMASK, [], [pid 6123] rt_sigprocmask(SIG_SETMASK, [], [pid 6105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6123] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 0 [pid 6105] <... futex resumed>) = 1 [pid 6123] chdir("./file0" [pid 6105] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... chdir resumed>) = 0 [pid 6123] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] <... futex resumed>) = 0 [pid 6105] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6105] <... futex resumed>) = 0 [pid 6123] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6105] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 0 [pid 6105] <... futex resumed>) = 1 [pid 6123] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 100.348664][ T6106] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6105] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6105] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6105] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6105] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6123] <... ioctl resumed>) = 0 [pid 6123] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6124 attached [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6124] set_robust_list(0x7f0aef8679a0, 24 [pid 6105] <... clone3 resumed> => {parent_tid=[6124]}, 88) = 6124 [pid 6124] <... set_robust_list resumed>) = 0 [pid 6105] rt_sigprocmask(SIG_SETMASK, [], [pid 6124] rt_sigprocmask(SIG_SETMASK, [], [pid 6105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6105] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [ 100.394204][ T6106] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6124] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP [pid 6105] <... futex resumed>) = 0 [pid 6124] <... move_mount resumed>) = -1 EFAULT (Bad address) [pid 6124] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6105] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 0 [pid 6105] <... futex resumed>) = 1 [pid 6105] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6123] memfd_create("syzkaller", 0) = 5 [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6123] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6106] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6123] munmap(0x7f0ae7400000, 138412032 [pid 6106] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6106] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... munmap resumed>) = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6123] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6123] ioctl(6, LOOP_CLR_FD) = 0 [pid 6123] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [ 100.465511][ T6106] BTRFS info (device loop0): balance: ended with status: 0 [pid 6123] close(6) = 0 [pid 6123] close(5) = 0 [pid 6123] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] <... futex resumed>) = 0 [pid 6105] exit_group(0 [pid 6124] <... futex resumed>) = ? [pid 6123] <... futex resumed>) = ? [pid 6106] <... futex resumed>) = ? [pid 6105] <... exit_group resumed>) = ? [pid 6124] +++ exited with 0 +++ [pid 6123] +++ exited with 0 +++ [pid 6106] +++ exited with 0 +++ [pid 6105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6105, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 100.578377][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555867a3690) = 6126 ./strace-static-x86_64: Process 6126 attached [pid 6126] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6126] chdir("./14") = 0 [pid 6126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6126] setpgid(0, 0) = 0 [pid 6126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6126] write(3, "1000", 4) = 4 [pid 6126] close(3) = 0 [pid 6126] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6126] write(1, "executing program\n", 18) = 18 [pid 6126] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6126] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6126] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6127 attached [pid 6127] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6126] <... clone3 resumed> => {parent_tid=[6127]}, 88) = 6127 [pid 6127] set_robust_list(0x7f0aef8a99a0, 24 [pid 6126] rt_sigprocmask(SIG_SETMASK, [], [pid 6127] <... set_robust_list resumed>) = 0 [pid 6126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6126] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] memfd_create("syzkaller", 0 [pid 6126] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6127] <... memfd_create resumed>) = 3 [pid 6127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6127] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6127] close(3) = 0 [pid 6127] close(4) = 0 [pid 6127] mkdir("./file0", 0777) = 0 [ 100.958010][ T6127] loop0: detected capacity change from 0 to 32768 [ 100.990800][ T6127] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6127) [ 101.009464][ T6127] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 101.020165][ T6127] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 101.031560][ T6127] BTRFS info (device loop0): using free-space-tree [pid 6127] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6127] ioctl(4, LOOP_CLR_FD) = 0 [pid 6127] close(4) = 0 [pid 6127] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6127] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] <... futex resumed>) = 0 [pid 6126] <... futex resumed>) = 1 [pid 6127] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 101.088873][ T6127] BTRFS info (device loop0): rebuilding free space tree [pid 6126] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 101.142071][ T6127] BTRFS info (device loop0): balance: start -d -m [ 101.149573][ T6127] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 101.173927][ T6127] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6126] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6126] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6144 attached => {parent_tid=[6144]}, 88) = 6144 [pid 6126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6126] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6144] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6144] chdir("./file0") = 0 [pid 6144] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6144] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6126] <... futex resumed>) = 0 [pid 6144] openat(AT_FDCWD, ".", O_RDONLY [pid 6126] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] <... openat resumed>) = 4 [pid 6144] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6144] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6126] <... futex resumed>) = 0 [pid 6144] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 101.210638][ T6127] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6126] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6126] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6144] <... ioctl resumed>) = 0 [pid 6126] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE [pid 6144] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... mprotect resumed>) = 0 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6145 attached => {parent_tid=[6145]}, 88) = 6145 [pid 6145] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6126] rt_sigprocmask(SIG_SETMASK, [], [pid 6145] <... rseq resumed>) = 0 [pid 6145] set_robust_list(0x7f0aef8679a0, 24 [pid 6126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6145] <... set_robust_list resumed>) = 0 [pid 6126] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], [pid 6126] <... futex resumed>) = 0 [pid 6145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6126] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6145] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] <... futex resumed>) = 0 [pid 6126] <... futex resumed>) = 1 [pid 6144] memfd_create("syzkaller", 0 [pid 6126] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6144] <... memfd_create resumed>) = 5 [pid 6144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [ 101.262441][ T6127] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6144] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6144] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6144] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6144] ioctl(6, LOOP_CLR_FD) = 0 [pid 6144] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6144] close(6) = 0 [pid 6144] close(5) = 0 [pid 6144] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = 0 [pid 6144] <... futex resumed>) = 1 [pid 6144] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6127] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6127] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] exit_group(0 [pid 6145] <... futex resumed>) = ? [pid 6144] <... futex resumed>) = ? [pid 6127] <... futex resumed>) = ? [pid 6145] +++ exited with 0 +++ [pid 6144] +++ exited with 0 +++ [pid 6127] +++ exited with 0 +++ [pid 6126] <... exit_group resumed>) = ? [pid 6126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6126, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 101.334404][ T6127] BTRFS info (device loop0): balance: ended with status: 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 101.401877][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6147 attached , child_tidptr=0x5555867a3690) = 6147 [pid 6147] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6147] chdir("./15") = 0 [pid 6147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6147] setpgid(0, 0) = 0 [pid 6147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6147] write(3, "1000", 4) = 4 [pid 6147] close(3) = 0 [pid 6147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6147] write(1, "executing program\n", 18executing program ) = 18 [pid 6147] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6147] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6148 attached [pid 6148] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6147] <... clone3 resumed> => {parent_tid=[6148]}, 88) = 6148 [pid 6148] <... rseq resumed>) = 0 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], [pid 6148] set_robust_list(0x7f0aef8a99a0, 24 [pid 6147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6148] <... set_robust_list resumed>) = 0 [pid 6147] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] rt_sigprocmask(SIG_SETMASK, [], [pid 6147] <... futex resumed>) = 0 [pid 6148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6148] memfd_create("syzkaller", 0) = 3 [pid 6148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6148] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6148] close(3) = 0 [pid 6148] close(4) = 0 [pid 6148] mkdir("./file0", 0777) = 0 [ 101.737452][ T6148] loop0: detected capacity change from 0 to 32768 [ 101.771716][ T6148] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6148) [ 101.792521][ T6148] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 101.803731][ T6148] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 101.815231][ T6148] BTRFS info (device loop0): using free-space-tree [pid 6148] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6148] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6148] ioctl(4, LOOP_CLR_FD) = 0 [pid 6148] close(4) = 0 [ 101.886831][ T6148] BTRFS info (device loop0): rebuilding free space tree [pid 6148] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6148] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6148] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6147] <... futex resumed>) = 0 [ 101.967076][ T6148] BTRFS info (device loop0): balance: start -d -m [ 101.975775][ T6148] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6147] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6147] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6147] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6166 attached => {parent_tid=[6166]}, 88) = 6166 [pid 6166] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], [pid 6166] <... rseq resumed>) = 0 [pid 6147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6166] set_robust_list(0x7f0aef8889a0, 24 [pid 6147] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... set_robust_list resumed>) = 0 [pid 6147] <... futex resumed>) = 0 [pid 6166] rt_sigprocmask(SIG_SETMASK, [], [pid 6147] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6166] chdir("./file0") = 0 [pid 6166] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6166] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6147] <... futex resumed>) = 0 [pid 6166] openat(AT_FDCWD, ".", O_RDONLY [pid 6147] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... openat resumed>) = 4 [pid 6166] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6166] <... futex resumed>) = 1 [pid 6147] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6147] <... futex resumed>) = 0 [ 102.010725][ T6148] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6147] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6147] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6147] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6167 attached [pid 6167] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6147] <... clone3 resumed> => {parent_tid=[6167]}, 88) = 6167 [pid 6167] <... rseq resumed>) = 0 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], [pid 6167] set_robust_list(0x7f0aef8679a0, 24 [pid 6147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6167] <... set_robust_list resumed>) = 0 [pid 6167] rt_sigprocmask(SIG_SETMASK, [], [pid 6147] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] <... futex resumed>) = 0 [pid 6167] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP [pid 6147] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6167] <... move_mount resumed>) = -1 EFAULT (Bad address) [pid 6167] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6167] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6147] <... futex resumed>) = 0 [pid 6167] memfd_create("syzkaller", 0 [pid 6147] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6167] <... memfd_create resumed>) = 5 [pid 6167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6167] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6166] <... ioctl resumed>) = 0 [pid 6166] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6166] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6167] <... write resumed>) = 524288 [pid 6167] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6167] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6167] ioctl(6, LOOP_CLR_FD) = 0 [pid 6167] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6167] close(6) = 0 [pid 6167] close(5) = 0 [pid 6167] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [ 102.161404][ T6148] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 102.190289][ T6148] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6167] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6148] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6148] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] exit_group(0 [pid 6167] <... futex resumed>) = ? [pid 6166] <... futex resumed>) = ? [pid 6148] <... futex resumed>) = ? [pid 6147] <... exit_group resumed>) = ? [pid 6167] +++ exited with 0 +++ [pid 6166] +++ exited with 0 +++ [pid 6148] +++ exited with 0 +++ [pid 6147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6147, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 102.215149][ T6148] BTRFS info (device loop0): balance: ended with status: 0 [ 102.253589][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6168 attached , child_tidptr=0x5555867a3690) = 6168 [pid 6168] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6168] chdir("./16") = 0 [pid 6168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6168] setpgid(0, 0) = 0 [pid 6168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6168] write(3, "1000", 4) = 4 [pid 6168] close(3) = 0 [pid 6168] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6168] write(1, "executing program\n", 18) = 18 [pid 6168] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6168] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6168] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6169 attached [pid 6169] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6169] set_robust_list(0x7f0aef8a99a0, 24 [pid 6168] <... clone3 resumed> => {parent_tid=[6169]}, 88) = 6169 [pid 6169] <... set_robust_list resumed>) = 0 [pid 6168] rt_sigprocmask(SIG_SETMASK, [], [pid 6169] rt_sigprocmask(SIG_SETMASK, [], [pid 6168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6168] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] memfd_create("syzkaller", 0 [pid 6168] <... futex resumed>) = 0 [pid 6169] <... memfd_create resumed>) = 3 [pid 6168] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6169] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6169] close(3) = 0 [pid 6169] close(4) = 0 [pid 6169] mkdir("./file0", 0777) = 0 [ 102.775848][ T6169] loop0: detected capacity change from 0 to 32768 [ 102.817737][ T6169] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6169) [ 102.837345][ T6169] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 102.848170][ T6169] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 102.858219][ T6169] BTRFS info (device loop0): using free-space-tree [pid 6169] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6169] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6169] ioctl(4, LOOP_CLR_FD) = 0 [pid 6169] close(4) = 0 [ 102.936214][ T6169] BTRFS info (device loop0): rebuilding free space tree [pid 6169] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6168] <... futex resumed>) = 0 [ 103.011991][ T6169] BTRFS info (device loop0): balance: start -d -m [ 103.021601][ T6169] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6168] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6168] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6168] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6187 attached => {parent_tid=[6187]}, 88) = 6187 [pid 6168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6168] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6187] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6187] chdir("./file0") = 0 [pid 6187] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6187] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6187] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] <... futex resumed>) = 0 [pid 6168] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 103.056311][ T6169] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6187] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6168] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6168] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6168] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6188 attached => {parent_tid=[6188]}, 88) = 6188 [pid 6168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6168] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6188] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6188] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6188] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6188] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6188] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] memfd_create("syzkaller", 0 [pid 6168] <... futex resumed>) = 0 [pid 6188] <... memfd_create resumed>) = 5 [pid 6168] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6188] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6187] <... ioctl resumed>) = 0 [pid 6188] munmap(0x7f0ae7400000, 138412032 [pid 6187] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... munmap resumed>) = 0 [pid 6187] <... futex resumed>) = 0 [pid 6187] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6188] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6188] ioctl(6, LOOP_CLR_FD) = 0 [pid 6188] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [ 103.199493][ T6169] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 103.228424][ T6169] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6188] close(6) = 0 [pid 6188] close(5) = 0 [pid 6188] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6188] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6169] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6169] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] exit_group(0 [pid 6188] <... futex resumed>) = ? [pid 6187] <... futex resumed>) = ? [pid 6169] <... futex resumed>) = ? [pid 6188] +++ exited with 0 +++ [pid 6187] +++ exited with 0 +++ [pid 6169] +++ exited with 0 +++ [pid 6168] <... exit_group resumed>) = ? [pid 6168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6168, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 103.255338][ T6169] BTRFS info (device loop0): balance: ended with status: 0 [ 103.303541][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6190 attached , child_tidptr=0x5555867a3690) = 6190 [pid 6190] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6190] chdir("./17") = 0 [pid 6190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6190] setpgid(0, 0) = 0 [pid 6190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6190] write(3, "1000", 4) = 4 [pid 6190] close(3) = 0 [pid 6190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6190] write(1, "executing program\n", 18executing program ) = 18 [pid 6190] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6190] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6190] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6190] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6191 attached [pid 6191] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6190] <... clone3 resumed> => {parent_tid=[6191]}, 88) = 6191 [pid 6191] set_robust_list(0x7f0aef8a99a0, 24 [pid 6190] rt_sigprocmask(SIG_SETMASK, [], [pid 6191] <... set_robust_list resumed>) = 0 [pid 6190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6191] rt_sigprocmask(SIG_SETMASK, [], [pid 6190] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6190] <... futex resumed>) = 0 [pid 6191] memfd_create("syzkaller", 0 [pid 6190] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6191] <... memfd_create resumed>) = 3 [pid 6191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6191] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6191] close(3) = 0 [pid 6191] close(4) = 0 [pid 6191] mkdir("./file0", 0777) = 0 [ 103.675562][ T6191] loop0: detected capacity change from 0 to 32768 [ 103.726219][ T6191] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6191) [ 103.751071][ T6191] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 103.763707][ T6191] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 103.773334][ T6191] BTRFS info (device loop0): using free-space-tree [pid 6191] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6191] ioctl(4, LOOP_CLR_FD) = 0 [pid 6191] close(4) = 0 [pid 6191] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6191] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6190] <... futex resumed>) = 0 [pid 6191] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 103.846755][ T6191] BTRFS info (device loop0): rebuilding free space tree [ 103.881693][ T6191] BTRFS info (device loop0): balance: start -d -m [pid 6190] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6190] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6190] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6190] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6209 attached [ 103.891765][ T6191] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata => {parent_tid=[6209]}, 88) = 6209 [pid 6190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6190] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6209] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6209] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6209] chdir("./file0") = 0 [pid 6209] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6209] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6190] <... futex resumed>) = 0 [pid 6209] openat(AT_FDCWD, ".", O_RDONLY [pid 6190] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6209] <... openat resumed>) = 4 [pid 6209] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6209] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6190] <... futex resumed>) = 0 [pid 6209] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 103.943259][ T6191] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6190] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6190] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6190] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6190] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6210]}, 88) = 6210 [pid 6190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6190] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6210 attached [pid 6210] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6210] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6210] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6210] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6210] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6210] memfd_create("syzkaller", 0 [pid 6190] <... futex resumed>) = 0 [pid 6210] <... memfd_create resumed>) = 5 [pid 6190] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6210] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6210] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6210] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6210] ioctl(6, LOOP_CLR_FD) = 0 [pid 6210] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6210] close(6) = 0 [pid 6210] close(5 [pid 6209] <... ioctl resumed>) = 0 [pid 6209] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] <... close resumed>) = 0 [pid 6210] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... futex resumed>) = 0 [pid 6210] <... futex resumed>) = 1 [ 104.140212][ T6191] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 104.177675][ T6191] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6210] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6191] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6191] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] exit_group(0 [pid 6209] <... futex resumed>) = ? [pid 6210] <... futex resumed>) = ? [pid 6210] +++ exited with 0 +++ [pid 6209] +++ exited with 0 +++ [pid 6191] <... futex resumed>) = ? [pid 6190] <... exit_group resumed>) = ? [pid 6191] +++ exited with 0 +++ [pid 6190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6190, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 104.222637][ T6191] BTRFS info (device loop0): balance: ended with status: 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 104.308999][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6211 attached , child_tidptr=0x5555867a3690) = 6211 [pid 6211] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6211] chdir("./18") = 0 [pid 6211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6211] setpgid(0, 0) = 0 [pid 6211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6211] write(3, "1000", 4) = 4 [pid 6211] close(3) = 0 [pid 6211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6211] write(1, "executing program\n", 18executing program ) = 18 [pid 6211] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6211] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6211] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6212 attached [pid 6212] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6212] set_robust_list(0x7f0aef8a99a0, 24 [pid 6211] <... clone3 resumed> => {parent_tid=[6212]}, 88) = 6212 [pid 6212] <... set_robust_list resumed>) = 0 [pid 6211] rt_sigprocmask(SIG_SETMASK, [], [pid 6212] rt_sigprocmask(SIG_SETMASK, [], [pid 6211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6211] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6212] memfd_create("syzkaller", 0) = 3 [pid 6212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6212] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6212] close(3) = 0 [pid 6212] close(4) = 0 [pid 6212] mkdir("./file0", 0777) = 0 [ 104.843968][ T6212] loop0: detected capacity change from 0 to 32768 [ 104.867551][ T6212] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6212) [ 104.885969][ T6212] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 104.898915][ T6212] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 104.909628][ T6212] BTRFS info (device loop0): using free-space-tree [pid 6212] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6212] ioctl(4, LOOP_CLR_FD) = 0 [pid 6212] close(4) = 0 [pid 6212] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] <... futex resumed>) = 0 [pid 6212] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6211] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6211] <... futex resumed>) = 0 [pid 6212] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 104.995308][ T6212] BTRFS info (device loop0): rebuilding free space tree [pid 6211] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6211] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [ 105.046677][ T6212] BTRFS info (device loop0): balance: start -d -m [ 105.057555][ T6212] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6211] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6230 attached => {parent_tid=[6230]}, 88) = 6230 [pid 6230] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6230] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6230] rt_sigprocmask(SIG_SETMASK, [], [pid 6211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6230] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6211] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6230] <... futex resumed>) = 0 [pid 6211] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6230] chdir("./file0") = 0 [pid 6230] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6211] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = 0 [pid 6211] <... futex resumed>) = 1 [pid 6230] openat(AT_FDCWD, ".", O_RDONLY [pid 6211] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6230] <... openat resumed>) = 4 [pid 6230] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6230] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6211] <... futex resumed>) = 0 [pid 6230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6211] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6211] <... futex resumed>) = 0 [ 105.091124][ T6212] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6211] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6211] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6211] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6231]}, 88) = 6231 [pid 6211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6211] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6231 attached ) = 0 [pid 6211] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6231] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6231] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6231] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6231] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6211] <... futex resumed>) = 0 [pid 6211] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6231] memfd_create("syzkaller", 0) = 5 [pid 6231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6231] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [ 105.178539][ T6212] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6231] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6231] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6230] <... ioctl resumed>) = 0 [pid 6230] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... openat resumed>) = 6 [pid 6231] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6231] ioctl(6, LOOP_CLR_FD) = 0 [pid 6231] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6231] close(6) = 0 [pid 6231] close(5) = 0 [pid 6231] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = 0 [pid 6231] <... futex resumed>) = 1 [ 105.277207][ T6212] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6231] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6212] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6212] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6211] exit_group(0 [pid 6212] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... futex resumed>) = ? [pid 6212] <... futex resumed>) = ? [pid 6211] <... exit_group resumed>) = ? [pid 6231] +++ exited with 0 +++ [pid 6230] <... futex resumed>) = ? [pid 6212] +++ exited with 0 +++ [pid 6230] +++ exited with 0 +++ [pid 6211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6211, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 105.321580][ T6212] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 105.404701][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6233 attached , child_tidptr=0x5555867a3690) = 6233 [pid 6233] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6233] chdir("./19") = 0 [pid 6233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6233] setpgid(0, 0) = 0 [pid 6233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6233] write(3, "1000", 4) = 4 [pid 6233] close(3) = 0 [pid 6233] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6233] write(1, "executing program\n", 18) = 18 [pid 6233] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6233] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6234 attached [pid 6234] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6233] <... clone3 resumed> => {parent_tid=[6234]}, 88) = 6234 [pid 6234] <... rseq resumed>) = 0 [pid 6233] rt_sigprocmask(SIG_SETMASK, [], [pid 6234] set_robust_list(0x7f0aef8a99a0, 24 [pid 6233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6234] <... set_robust_list resumed>) = 0 [pid 6234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6233] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] memfd_create("syzkaller", 0 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6234] <... memfd_create resumed>) = 3 [pid 6234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6234] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6234] close(3) = 0 [pid 6234] close(4) = 0 [pid 6234] mkdir("./file0", 0777) = 0 [ 105.878014][ T6234] loop0: detected capacity change from 0 to 32768 [ 105.912801][ T6234] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6234) [ 105.932947][ T6234] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 105.945089][ T6234] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 105.954361][ T6234] BTRFS info (device loop0): using free-space-tree [pid 6234] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6234] ioctl(4, LOOP_CLR_FD) = 0 [pid 6234] close(4) = 0 [pid 6234] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6234] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 0 [pid 6233] <... futex resumed>) = 1 [pid 6234] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 106.050726][ T6234] BTRFS info (device loop0): rebuilding free space tree [ 106.084622][ T6234] BTRFS info (device loop0): balance: start -d -m [ 106.093660][ T6234] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6233] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6233] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6233] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6252 attached => {parent_tid=[6252]}, 88) = 6252 [pid 6233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6233] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6252] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6252] chdir("./file0") = 0 [pid 6252] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] openat(AT_FDCWD, ".", O_RDONLY [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] <... openat resumed>) = 4 [pid 6252] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6233] <... futex resumed>) = 0 [ 106.135588][ T6234] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6233] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6233] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6233] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6253]}, 88) = 6253 [pid 6233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6233] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6253 attached [pid 6253] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6253] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6253] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6253] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6253] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6253] memfd_create("syzkaller", 0) = 5 [pid 6253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6253] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6253] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6253] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6253] ioctl(6, LOOP_CLR_FD) = 0 [pid 6253] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6253] close(6) = 0 [pid 6253] close(5) = 0 [pid 6253] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6253] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] <... ioctl resumed>) = 0 [pid 6252] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 106.306966][ T6234] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 106.335802][ T6234] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6252] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6234] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6234] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] exit_group(0 [pid 6252] <... futex resumed>) = ? [pid 6234] <... futex resumed>) = ? [pid 6253] <... futex resumed>) = ? [pid 6252] +++ exited with 0 +++ [pid 6234] +++ exited with 0 +++ [pid 6253] +++ exited with 0 +++ [pid 6233] <... exit_group resumed>) = ? [pid 6233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6233, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 106.361227][ T6234] BTRFS info (device loop0): balance: ended with status: 0 [ 106.396119][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6254 attached [pid 6254] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 6254 [pid 6254] chdir("./20") = 0 [pid 6254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6254] setpgid(0, 0) = 0 [pid 6254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6254] write(3, "1000", 4) = 4 [pid 6254] close(3) = 0 [pid 6254] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6254] write(1, "executing program\n", 18) = 18 [pid 6254] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6254] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6255 attached [pid 6255] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6255] set_robust_list(0x7f0aef8a99a0, 24 [pid 6254] <... clone3 resumed> => {parent_tid=[6255]}, 88) = 6255 [pid 6255] <... set_robust_list resumed>) = 0 [pid 6254] rt_sigprocmask(SIG_SETMASK, [], [pid 6255] rt_sigprocmask(SIG_SETMASK, [], [pid 6254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6254] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] memfd_create("syzkaller", 0 [pid 6254] <... futex resumed>) = 0 [pid 6255] <... memfd_create resumed>) = 3 [pid 6254] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6255] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6255] close(3) = 0 [pid 6255] close(4) = 0 [pid 6255] mkdir("./file0", 0777) = 0 [ 107.044582][ T6255] loop0: detected capacity change from 0 to 32768 [ 107.076451][ T6255] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6255) [ 107.095708][ T6255] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 107.107990][ T6255] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 107.117758][ T6255] BTRFS info (device loop0): using free-space-tree [pid 6255] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6255] ioctl(4, LOOP_CLR_FD) = 0 [pid 6255] close(4) = 0 [pid 6255] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6255] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6254] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 107.173568][ T6255] BTRFS info (device loop0): rebuilding free space tree [pid 6254] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6254] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6254] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6272 attached [pid 6272] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6254] <... clone3 resumed> => {parent_tid=[6272]}, 88) = 6272 [pid 6272] <... rseq resumed>) = 0 [pid 6254] rt_sigprocmask(SIG_SETMASK, [], [pid 6272] set_robust_list(0x7f0aef8889a0, 24 [pid 6254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6272] <... set_robust_list resumed>) = 0 [pid 6272] rt_sigprocmask(SIG_SETMASK, [], [pid 6254] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6254] <... futex resumed>) = 0 [pid 6272] chdir("./file0" [pid 6254] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] <... chdir resumed>) = 0 [pid 6272] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 107.230268][ T6255] BTRFS info (device loop0): balance: start -d -m [ 107.238036][ T6255] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 107.262707][ T6255] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6272] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6272] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6272] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6272] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 107.303767][ T6255] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6254] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6254] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6254] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6273 attached [pid 6273] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6254] <... clone3 resumed> => {parent_tid=[6273]}, 88) = 6273 [pid 6273] set_robust_list(0x7f0aef8679a0, 24 [pid 6254] rt_sigprocmask(SIG_SETMASK, [], [pid 6273] <... set_robust_list resumed>) = 0 [pid 6254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6273] rt_sigprocmask(SIG_SETMASK, [], [pid 6254] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6254] <... futex resumed>) = 0 [pid 6273] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP [pid 6254] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] <... ioctl resumed>) = 0 [pid 6273] <... move_mount resumed>) = -1 EFAULT (Bad address) [pid 6272] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6273] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = 0 [pid 6254] <... futex resumed>) = 1 [pid 6272] memfd_create("syzkaller", 0 [pid 6254] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6272] <... memfd_create resumed>) = 5 [pid 6272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6272] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6272] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6272] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6272] ioctl(6, LOOP_CLR_FD) = 0 [pid 6272] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6272] close(6) = 0 [pid 6272] close(5) = 0 [pid 6255] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6272] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 6272] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] exit_group(0 [pid 6273] <... futex resumed>) = ? [pid 6272] <... futex resumed>) = ? [pid 6255] <... futex resumed>) = ? [pid 6254] <... exit_group resumed>) = ? [pid 6273] +++ exited with 0 +++ [pid 6272] +++ exited with 0 +++ [pid 6255] +++ exited with 0 +++ [pid 6254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6254, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 107.389997][ T6255] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 107.416551][ T6255] BTRFS info (device loop0): balance: ended with status: 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 107.486216][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6275 attached [pid 6275] set_robust_list(0x5555867a36a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 6275 [pid 6275] <... set_robust_list resumed>) = 0 [pid 6275] chdir("./21") = 0 [pid 6275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6275] setpgid(0, 0) = 0 [pid 6275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6275] write(3, "1000", 4) = 4 [pid 6275] close(3) = 0 [pid 6275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6275] write(1, "executing program\n", 18executing program ) = 18 [pid 6275] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6275] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6276 attached => {parent_tid=[6276]}, 88) = 6276 [pid 6276] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6275] rt_sigprocmask(SIG_SETMASK, [], [pid 6276] set_robust_list(0x7f0aef8a99a0, 24 [pid 6275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6276] <... set_robust_list resumed>) = 0 [pid 6275] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] rt_sigprocmask(SIG_SETMASK, [], [pid 6275] <... futex resumed>) = 0 [pid 6276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6275] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6276] memfd_create("syzkaller", 0) = 3 [pid 6276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6276] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6276] close(3) = 0 [pid 6276] close(4) = 0 [pid 6276] mkdir("./file0", 0777) = 0 [ 107.893538][ T6276] loop0: detected capacity change from 0 to 32768 [ 107.945085][ T6276] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6276) [ 107.963283][ T6276] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 107.975067][ T6276] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 107.984351][ T6276] BTRFS info (device loop0): using free-space-tree [pid 6276] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6276] ioctl(4, LOOP_CLR_FD) = 0 [pid 6276] close(4) = 0 [pid 6276] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = 0 [pid 6275] <... futex resumed>) = 1 [pid 6276] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 108.016186][ T6276] BTRFS info (device loop0): rebuilding free space tree [pid 6275] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6275] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6275] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6293 attached [pid 6293] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6275] <... clone3 resumed> => {parent_tid=[6293]}, 88) = 6293 [pid 6293] <... rseq resumed>) = 0 [pid 6293] set_robust_list(0x7f0aef8889a0, 24 [pid 6275] rt_sigprocmask(SIG_SETMASK, [], [pid 6293] <... set_robust_list resumed>) = 0 [pid 6275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6293] rt_sigprocmask(SIG_SETMASK, [], [pid 6275] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6275] <... futex resumed>) = 0 [pid 6293] chdir("./file0" [pid 6275] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6293] <... chdir resumed>) = 0 [pid 6293] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6293] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6275] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6293] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6293] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6293] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6275] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 108.057790][ T6276] BTRFS info (device loop0): balance: start -d -m [ 108.068465][ T6276] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 108.093677][ T6276] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6275] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6275] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] <... ioctl resumed>) = 0 [pid 6293] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6275] <... mmap resumed>) = 0x7f0aef847000 [ 108.158931][ T6276] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6275] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6294 attached [pid 6294] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6275] <... clone3 resumed> => {parent_tid=[6294]}, 88) = 6294 [pid 6294] <... rseq resumed>) = 0 [pid 6275] rt_sigprocmask(SIG_SETMASK, [], [pid 6294] set_robust_list(0x7f0aef8679a0, 24 [pid 6275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6294] <... set_robust_list resumed>) = 0 [pid 6275] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] rt_sigprocmask(SIG_SETMASK, [], [pid 6275] <... futex resumed>) = 0 [pid 6294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6275] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6294] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... futex resumed>) = 0 [pid 6275] <... futex resumed>) = 1 [pid 6275] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6293] memfd_create("syzkaller", 0) = 5 [pid 6293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6294] <... futex resumed>) = 1 [pid 6294] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6293] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6276] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6293] <... write resumed>) = 524288 [pid 6276] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] munmap(0x7f0ae7400000, 138412032 [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6293] <... munmap resumed>) = 0 [pid 6293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6293] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [ 108.221690][ T6276] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 108.254178][ T6276] BTRFS info (device loop0): balance: ended with status: 0 [pid 6293] ioctl(6, LOOP_CLR_FD) = 0 [pid 6293] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6293] close(6) = 0 [pid 6293] close(5) = 0 [pid 6293] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6293] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6275] exit_group(0 [pid 6276] <... futex resumed>) = ? [pid 6294] <... futex resumed>) = ? [pid 6275] <... exit_group resumed>) = ? [pid 6293] <... futex resumed>) = ? [pid 6294] +++ exited with 0 +++ [pid 6276] +++ exited with 0 +++ [pid 6293] +++ exited with 0 +++ [pid 6275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6275, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 [ 108.392815][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555867a3690) = 6296 ./strace-static-x86_64: Process 6296 attached [pid 6296] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6296] chdir("./22") = 0 [pid 6296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6296] setpgid(0, 0) = 0 [pid 6296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6296] write(3, "1000", 4) = 4 [pid 6296] close(3) = 0 [pid 6296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6296] write(1, "executing program\n", 18executing program ) = 18 [pid 6296] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6296] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6297 attached [pid 6297] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6296] <... clone3 resumed> => {parent_tid=[6297]}, 88) = 6297 [pid 6297] set_robust_list(0x7f0aef8a99a0, 24 [pid 6296] rt_sigprocmask(SIG_SETMASK, [], [pid 6297] <... set_robust_list resumed>) = 0 [pid 6296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6297] rt_sigprocmask(SIG_SETMASK, [], [pid 6296] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6296] <... futex resumed>) = 0 [pid 6297] memfd_create("syzkaller", 0 [pid 6296] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6297] <... memfd_create resumed>) = 3 [pid 6297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6297] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6297] close(3) = 0 [pid 6297] close(4) = 0 [pid 6297] mkdir("./file0", 0777) = 0 [ 108.779206][ T6297] loop0: detected capacity change from 0 to 32768 [ 108.821443][ T6297] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6297) [ 108.841768][ T6297] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 108.852669][ T6297] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 108.862363][ T6297] BTRFS info (device loop0): using free-space-tree [pid 6297] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6297] ioctl(4, LOOP_CLR_FD) = 0 [ 108.951839][ T6297] BTRFS info (device loop0): rebuilding free space tree [pid 6297] close(4) = 0 [pid 6297] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6296] <... futex resumed>) = 0 [pid 6297] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6296] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.014103][ T6297] BTRFS info (device loop0): balance: start -d -m [ 109.025330][ T6297] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6296] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6296] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6296] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0} => {parent_tid=[6315]}, 88) = 6315 [pid 6296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6296] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6315 attached [pid 6315] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6315] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6315] chdir("./file0") = 0 [pid 6315] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] openat(AT_FDCWD, ".", O_RDONLY [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] <... openat resumed>) = 4 [pid 6315] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6315] <... futex resumed>) = 0 [pid 6315] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6296] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6296] <... futex resumed>) = 0 [pid 6315] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 109.057265][ T6297] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6296] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6296] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6296] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6316 attached => {parent_tid=[6316]}, 88) = 6316 [pid 6316] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6296] rt_sigprocmask(SIG_SETMASK, [], [pid 6316] <... rseq resumed>) = 0 [pid 6296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6316] set_robust_list(0x7f0aef8679a0, 24 [pid 6296] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... set_robust_list resumed>) = 0 [pid 6296] <... futex resumed>) = 0 [pid 6316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6296] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6316] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6316] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6296] <... futex resumed>) = 0 [pid 6316] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6296] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = 0 [pid 6296] <... futex resumed>) = 1 [pid 6316] memfd_create("syzkaller", 0 [pid 6296] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6316] <... memfd_create resumed>) = 5 [pid 6316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6316] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6315] <... ioctl resumed>) = 0 [pid 6315] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] munmap(0x7f0ae7400000, 138412032 [pid 6315] <... futex resumed>) = 0 [pid 6316] <... munmap resumed>) = 0 [pid 6315] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6316] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6316] ioctl(6, LOOP_CLR_FD) = 0 [pid 6316] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6316] close(6) = 0 [pid 6316] close(5) = 0 [pid 6316] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6316] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6296] <... futex resumed>) = 0 [ 109.212289][ T6297] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 109.247667][ T6297] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6297] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6297] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] exit_group(0 [pid 6297] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6316] <... futex resumed>) = ? [pid 6315] <... futex resumed>) = ? [pid 6297] <... futex resumed>) = ? [pid 6296] <... exit_group resumed>) = ? [pid 6316] +++ exited with 0 +++ [pid 6315] +++ exited with 0 +++ [pid 6297] +++ exited with 0 +++ [pid 6296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6296, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 109.273678][ T6297] BTRFS info (device loop0): balance: ended with status: 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 109.432645][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6317 attached , child_tidptr=0x5555867a3690) = 6317 [pid 6317] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6317] chdir("./23") = 0 [pid 6317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6317] setpgid(0, 0) = 0 [pid 6317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6317] write(3, "1000", 4) = 4 [pid 6317] close(3) = 0 [pid 6317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6317] write(1, "executing program\n", 18executing program ) = 18 [pid 6317] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6317] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6317] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6318 attached [pid 6318] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6317] <... clone3 resumed> => {parent_tid=[6318]}, 88) = 6318 [pid 6318] set_robust_list(0x7f0aef8a99a0, 24) = 0 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], [pid 6318] rt_sigprocmask(SIG_SETMASK, [], [pid 6317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6317] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] memfd_create("syzkaller", 0 [pid 6317] <... futex resumed>) = 0 [pid 6317] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6318] <... memfd_create resumed>) = 3 [pid 6318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6318] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6318] close(3) = 0 [pid 6318] close(4) = 0 [ 109.947689][ T6318] loop0: detected capacity change from 0 to 32768 [pid 6318] mkdir("./file0", 0777) = 0 [ 109.988840][ T6318] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6318) [ 110.020435][ T6318] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 110.032147][ T6318] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 110.043681][ T6318] BTRFS info (device loop0): using free-space-tree [pid 6318] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6318] ioctl(4, LOOP_CLR_FD) = 0 [pid 6318] close(4) = 0 [pid 6318] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6318] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6317] <... futex resumed>) = 0 [pid 6318] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 110.119929][ T6318] BTRFS info (device loop0): rebuilding free space tree [ 110.161756][ T6318] BTRFS info (device loop0): balance: start -d -m [ 110.170457][ T6318] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6317] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6317] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6317] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6336 attached [pid 6336] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6317] <... clone3 resumed> => {parent_tid=[6336]}, 88) = 6336 [pid 6336] <... rseq resumed>) = 0 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], [pid 6336] set_robust_list(0x7f0aef8889a0, 24 [pid 6317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6336] <... set_robust_list resumed>) = 0 [pid 6317] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] rt_sigprocmask(SIG_SETMASK, [], [pid 6317] <... futex resumed>) = 0 [pid 6336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6317] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6336] chdir("./file0") = 0 [pid 6336] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6336] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... futex resumed>) = 0 [pid 6317] <... futex resumed>) = 1 [pid 6336] openat(AT_FDCWD, ".", O_RDONLY [pid 6317] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6336] <... openat resumed>) = 4 [pid 6336] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6336] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6317] <... futex resumed>) = 0 [pid 6336] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 110.202858][ T6318] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6317] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6317] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6317] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6337 attached => {parent_tid=[6337]}, 88) = 6337 [pid 6337] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], [pid 6337] <... rseq resumed>) = 0 [pid 6317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6337] set_robust_list(0x7f0aef8679a0, 24 [pid 6317] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... set_robust_list resumed>) = 0 [pid 6317] <... futex resumed>) = 0 [pid 6337] rt_sigprocmask(SIG_SETMASK, [], [pid 6317] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6337] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6337] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6337] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6317] <... futex resumed>) = 0 [pid 6337] memfd_create("syzkaller", 0 [pid 6317] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6337] <... memfd_create resumed>) = 5 [pid 6337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6337] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6337] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6337] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6337] ioctl(6, LOOP_CLR_FD) = 0 [pid 6337] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6337] close(6) = 0 [pid 6337] close(5) = 0 [pid 6337] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6337] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] <... ioctl resumed>) = 0 [pid 6336] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 110.362356][ T6318] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 110.391333][ T6318] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6336] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6318] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6317] exit_group(0 [pid 6337] <... futex resumed>) = ? [pid 6336] <... futex resumed>) = ? [pid 6318] <... futex resumed>) = ? [pid 6317] <... exit_group resumed>) = ? [pid 6337] +++ exited with 0 +++ [pid 6336] +++ exited with 0 +++ [pid 6318] +++ exited with 0 +++ [pid 6317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6317, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 110.416058][ T6318] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 110.496471][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6338 attached , child_tidptr=0x5555867a3690) = 6338 [pid 6338] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6338] chdir("./24") = 0 [pid 6338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6338] setpgid(0, 0) = 0 [pid 6338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6338] write(3, "1000", 4) = 4 [pid 6338] close(3) = 0 [pid 6338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6338] write(1, "executing program\n", 18executing program ) = 18 [pid 6338] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6338] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6340 attached [pid 6340] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6338] <... clone3 resumed> => {parent_tid=[6340]}, 88) = 6340 [pid 6340] <... rseq resumed>) = 0 [pid 6340] set_robust_list(0x7f0aef8a99a0, 24) = 0 [pid 6338] rt_sigprocmask(SIG_SETMASK, [], [pid 6340] rt_sigprocmask(SIG_SETMASK, [], [pid 6338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6338] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6340] memfd_create("syzkaller", 0) = 3 [pid 6340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6340] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6340] close(3) = 0 [pid 6340] close(4) = 0 [pid 6340] mkdir("./file0", 0777) = 0 [ 111.102375][ T6340] loop0: detected capacity change from 0 to 32768 [ 111.134824][ T6340] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6340) [ 111.155447][ T6340] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 111.166628][ T6340] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 111.177679][ T6340] BTRFS info (device loop0): using free-space-tree [pid 6340] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 111.235503][ T6340] BTRFS info (device loop0): rebuilding free space tree [pid 6340] ioctl(4, LOOP_CLR_FD) = 0 [pid 6340] close(4) = 0 [pid 6340] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6340] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6338] <... futex resumed>) = 0 [pid 6338] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6340] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6338] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6338] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 111.330504][ T6340] BTRFS info (device loop0): balance: start -d -m [ 111.346854][ T6340] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6338] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0} => {parent_tid=[6359]}, 88) = 6359 [pid 6338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6338] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6359 attached [pid 6359] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6359] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6359] chdir("./file0") = 0 [pid 6359] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6338] <... futex resumed>) = 0 [pid 6338] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] <... futex resumed>) = 0 [pid 6359] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6359] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6338] <... futex resumed>) = 1 [pid 6338] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6338] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] <... futex resumed>) = 0 [pid 6359] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6338] <... futex resumed>) = 1 [ 111.379361][ T6340] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6338] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6338] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6338] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6338] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6360 attached => {parent_tid=[6360]}, 88) = 6360 [pid 6338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6338] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6360] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6360] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6360] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6360] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6338] <... futex resumed>) = 0 [pid 6360] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6338] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] <... futex resumed>) = 0 [pid 6338] <... futex resumed>) = 1 [pid 6360] memfd_create("syzkaller", 0 [pid 6338] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6360] <... memfd_create resumed>) = 5 [pid 6360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6360] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6360] munmap(0x7f0ae7400000, 138412032 [pid 6359] <... ioctl resumed>) = 0 [pid 6359] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] <... munmap resumed>) = 0 [pid 6360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6360] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6360] ioctl(6, LOOP_CLR_FD) = 0 [pid 6360] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6360] close(6) = 0 [pid 6360] close(5) = 0 [pid 6360] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6338] <... futex resumed>) = 0 [ 111.522359][ T6340] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 111.556786][ T6340] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6360] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6340] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6340] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6340] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6338] exit_group(0 [pid 6360] <... futex resumed>) = ? [pid 6359] <... futex resumed>) = ? [pid 6340] <... futex resumed>) = ? [pid 6338] <... exit_group resumed>) = ? [pid 6360] +++ exited with 0 +++ [pid 6359] +++ exited with 0 +++ [pid 6340] +++ exited with 0 +++ [pid 6338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6338, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 111.600046][ T6340] BTRFS info (device loop0): balance: ended with status: 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 111.677146][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 rmdir("./24/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6363 attached , child_tidptr=0x5555867a3690) = 6363 [pid 6363] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6363] chdir("./25") = 0 [pid 6363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6363] setpgid(0, 0) = 0 [pid 6363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6363] write(3, "1000", 4) = 4 [pid 6363] close(3) = 0 [pid 6363] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6363] write(1, "executing program\n", 18) = 18 [pid 6363] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6363] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0} => {parent_tid=[6364]}, 88) = 6364 [pid 6363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6363] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6364 attached [pid 6364] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6364] set_robust_list(0x7f0aef8a99a0, 24) = 0 [pid 6364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6364] memfd_create("syzkaller", 0) = 3 [pid 6364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6364] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6364] close(3) = 0 [pid 6364] close(4) = 0 [pid 6364] mkdir("./file0", 0777) = 0 [ 112.049263][ T6364] loop0: detected capacity change from 0 to 32768 [ 112.086515][ T6364] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6364) [ 112.107856][ T6364] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 112.118489][ T6364] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 112.128671][ T6364] BTRFS info (device loop0): using free-space-tree [pid 6364] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6364] ioctl(4, LOOP_CLR_FD) = 0 [pid 6364] close(4) = 0 [pid 6364] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6363] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 112.216615][ T6364] BTRFS info (device loop0): rebuilding free space tree [ 112.253092][ T6364] BTRFS info (device loop0): balance: start -d -m [pid 6363] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6363] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6363] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6383 attached => {parent_tid=[6383]}, 88) = 6383 [pid 6363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6363] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.263314][ T6364] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6383] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6363] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] <... rseq resumed>) = 0 [pid 6383] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6383] chdir("./file0") = 0 [pid 6383] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6383] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... futex resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6383] openat(AT_FDCWD, ".", O_RDONLY [pid 6363] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] <... openat resumed>) = 4 [pid 6383] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6383] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... futex resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6383] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 112.327169][ T6364] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6363] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6363] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6363] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6384 attached => {parent_tid=[6384]}, 88) = 6384 [pid 6384] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6363] rt_sigprocmask(SIG_SETMASK, [], [pid 6384] <... rseq resumed>) = 0 [pid 6363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6384] set_robust_list(0x7f0aef8679a0, 24 [pid 6363] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... set_robust_list resumed>) = 0 [pid 6363] <... futex resumed>) = 0 [pid 6384] rt_sigprocmask(SIG_SETMASK, [], [pid 6363] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6384] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6384] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6384] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] <... futex resumed>) = 0 [pid 6363] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6384] memfd_create("syzkaller", 0) = 5 [pid 6384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6384] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6384] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6384] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6384] ioctl(6, LOOP_CLR_FD) = 0 [pid 6384] ioctl(6, LOOP_SET_FD, 5 [pid 6383] <... ioctl resumed>) = 0 [pid 6384] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6384] close(6) = 0 [pid 6383] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] close(5 [pid 6383] <... futex resumed>) = 0 [pid 6384] <... close resumed>) = 0 [pid 6384] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] <... futex resumed>) = 1 [pid 6363] <... futex resumed>) = 0 [ 112.475278][ T6364] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6384] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6364] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] exit_group(0 [pid 6384] <... futex resumed>) = ? [pid 6383] <... futex resumed>) = ? [pid 6364] <... futex resumed>) = ? [pid 6363] <... exit_group resumed>) = ? [pid 6384] +++ exited with 0 +++ [pid 6383] +++ exited with 0 +++ [pid 6364] +++ exited with 0 +++ [pid 6363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6363, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 112.516912][ T6364] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 112.549108][ T6364] BTRFS info (device loop0): balance: ended with status: 0 [ 112.593738][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6386 attached [pid 6386] set_robust_list(0x5555867a36a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 6386 [pid 6386] <... set_robust_list resumed>) = 0 [pid 6386] chdir("./26") = 0 [pid 6386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6386] setpgid(0, 0) = 0 [pid 6386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6386] write(3, "1000", 4) = 4 [pid 6386] close(3) = 0 [pid 6386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6386] write(1, "executing program\n", 18executing program ) = 18 [pid 6386] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6386] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6386] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6386] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6387 attached [pid 6387] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6386] <... clone3 resumed> => {parent_tid=[6387]}, 88) = 6387 [pid 6387] <... rseq resumed>) = 0 [pid 6386] rt_sigprocmask(SIG_SETMASK, [], [pid 6387] set_robust_list(0x7f0aef8a99a0, 24 [pid 6386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6386] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6387] <... set_robust_list resumed>) = 0 [pid 6386] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6387] memfd_create("syzkaller", 0) = 3 [pid 6387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6387] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6387] close(3) = 0 [pid 6387] close(4) = 0 [pid 6387] mkdir("./file0", 0777) = 0 [ 113.147565][ T6387] loop0: detected capacity change from 0 to 32768 [ 113.180673][ T6387] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6387) [ 113.200339][ T6387] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 113.210846][ T6387] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 113.220492][ T6387] BTRFS info (device loop0): using free-space-tree [pid 6387] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6387] ioctl(4, LOOP_CLR_FD) = 0 [pid 6387] close(4) = 0 [pid 6387] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6386] <... futex resumed>) = 0 [pid 6387] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 113.294635][ T6387] BTRFS info (device loop0): rebuilding free space tree [pid 6386] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 113.355917][ T6387] BTRFS info (device loop0): balance: start -d -m [ 113.363578][ T6387] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6386] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6386] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6386] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6406 attached [pid 6406] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6386] <... clone3 resumed> => {parent_tid=[6406]}, 88) = 6406 [pid 6406] set_robust_list(0x7f0aef8889a0, 24 [pid 6386] rt_sigprocmask(SIG_SETMASK, [], [pid 6406] <... set_robust_list resumed>) = 0 [pid 6406] rt_sigprocmask(SIG_SETMASK, [], [pid 6386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6386] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] chdir("./file0" [pid 6386] <... futex resumed>) = 0 [pid 6406] <... chdir resumed>) = 0 [pid 6386] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6386] <... futex resumed>) = 0 [pid 6406] openat(AT_FDCWD, ".", O_RDONLY [pid 6386] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... openat resumed>) = 4 [pid 6386] <... futex resumed>) = 0 [pid 6406] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] <... futex resumed>) = 0 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6406] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6386] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 113.399024][ T6387] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6386] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6386] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6386] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6407 attached [ 113.452934][ T6387] BTRFS info (device loop0): found 10 extents, stage: move data extents => {parent_tid=[6407]}, 88) = 6407 [pid 6386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6386] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6386] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6407] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6407] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6407] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6407] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6386] <... futex resumed>) = 0 [pid 6386] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = 0 [pid 6386] <... futex resumed>) = 1 [pid 6407] memfd_create("syzkaller", 0 [pid 6386] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6407] <... memfd_create resumed>) = 5 [pid 6407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6407] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6407] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6407] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6407] ioctl(6, LOOP_CLR_FD) = 0 [pid 6407] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6407] close(6) = 0 [pid 6407] close(5) = 0 [pid 6407] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6406] <... ioctl resumed>) = 0 [pid 6386] <... futex resumed>) = 0 [pid 6407] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6406] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6387] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6387] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6386] exit_group(0 [pid 6407] <... futex resumed>) = ? [pid 6407] +++ exited with 0 +++ [pid 6406] <... futex resumed>) = ? [pid 6406] +++ exited with 0 +++ [pid 6386] <... exit_group resumed>) = ? [pid 6387] <... futex resumed>) = ? [pid 6387] +++ exited with 0 +++ [pid 6386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6386, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 113.579357][ T6387] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 113.603691][ T6387] BTRFS info (device loop0): balance: ended with status: 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 113.785110][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6408 attached , child_tidptr=0x5555867a3690) = 6408 [pid 6408] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6408] chdir("./27") = 0 [pid 6408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6408] setpgid(0, 0) = 0 [pid 6408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6408] write(3, "1000", 4) = 4 [pid 6408] close(3) = 0 [pid 6408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6408] write(1, "executing program\n", 18executing program ) = 18 [pid 6408] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6408] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6409 attached [pid 6409] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6408] <... clone3 resumed> => {parent_tid=[6409]}, 88) = 6409 [pid 6409] set_robust_list(0x7f0aef8a99a0, 24 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], [pid 6409] <... set_robust_list resumed>) = 0 [pid 6408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6409] rt_sigprocmask(SIG_SETMASK, [], [pid 6408] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6408] <... futex resumed>) = 0 [pid 6409] memfd_create("syzkaller", 0 [pid 6408] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6409] <... memfd_create resumed>) = 3 [pid 6409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6409] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6409] close(3) = 0 [pid 6409] close(4) = 0 [pid 6409] mkdir("./file0", 0777) = 0 [ 114.368214][ T6409] loop0: detected capacity change from 0 to 32768 [ 114.400088][ T6409] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6409) [ 114.420004][ T6409] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 114.430900][ T6409] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 114.441154][ T6409] BTRFS info (device loop0): using free-space-tree [pid 6409] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6409] ioctl(4, LOOP_CLR_FD) = 0 [pid 6409] close(4) = 0 [pid 6409] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6409] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6408] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 114.510377][ T6409] BTRFS info (device loop0): rebuilding free space tree [ 114.568933][ T6409] BTRFS info (device loop0): balance: start -d -m [ 114.579490][ T6409] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6408] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6408] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6408] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6428 attached [pid 6428] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6408] <... clone3 resumed> => {parent_tid=[6428]}, 88) = 6428 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6408] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... rseq resumed>) = 0 [pid 6408] <... futex resumed>) = 0 [pid 6428] set_robust_list(0x7f0aef8889a0, 24 [pid 6408] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6428] <... set_robust_list resumed>) = 0 [pid 6428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6428] chdir("./file0") = 0 [pid 6428] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6428] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6408] <... futex resumed>) = 0 [pid 6428] openat(AT_FDCWD, ".", O_RDONLY [pid 6408] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6428] <... openat resumed>) = 4 [pid 6428] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6428] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6408] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 114.613446][ T6409] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6408] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6408] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6408] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6429 attached => {parent_tid=[6429]}, 88) = 6429 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6408] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6429] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6429] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6429] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6429] <... futex resumed>) = 1 [pid 6408] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6429] memfd_create("syzkaller", 0) = 5 [pid 6429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6429] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6429] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6429] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6429] ioctl(6, LOOP_CLR_FD) = 0 [pid 6429] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6429] close(6) = 0 [pid 6429] close(5) = 0 [ 114.698201][ T6409] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6429] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6429] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] <... ioctl resumed>) = 0 [pid 6428] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6409] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] exit_group(0 [pid 6429] <... futex resumed>) = ? [pid 6428] <... futex resumed>) = ? [pid 6409] <... futex resumed>) = ? [pid 6408] <... exit_group resumed>) = ? [pid 6429] +++ exited with 0 +++ [pid 6409] +++ exited with 0 +++ [pid 6428] +++ exited with 0 +++ [pid 6408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6408, si_uid=0, si_status=0, si_utime=0, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 114.798897][ T6409] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 114.824125][ T6409] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 114.956712][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555867a3690) = 6430 ./strace-static-x86_64: Process 6430 attached [pid 6430] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6430] chdir("./28") = 0 [pid 6430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6430] setpgid(0, 0) = 0 [pid 6430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6430] write(3, "1000", 4) = 4 [pid 6430] close(3) = 0 [pid 6430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6430] write(1, "executing program\n", 18executing program ) = 18 [pid 6430] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6430] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6430] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6431 attached [pid 6431] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6430] <... clone3 resumed> => {parent_tid=[6431]}, 88) = 6431 [pid 6431] <... rseq resumed>) = 0 [pid 6431] set_robust_list(0x7f0aef8a99a0, 24 [pid 6430] rt_sigprocmask(SIG_SETMASK, [], [pid 6431] <... set_robust_list resumed>) = 0 [pid 6430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6431] rt_sigprocmask(SIG_SETMASK, [], [pid 6430] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6430] <... futex resumed>) = 0 [pid 6430] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6431] memfd_create("syzkaller", 0) = 3 [pid 6431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6431] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6431] close(3) = 0 [pid 6431] close(4) = 0 [pid 6431] mkdir("./file0", 0777) = 0 [ 115.319101][ T6431] loop0: detected capacity change from 0 to 32768 [ 115.351318][ T6431] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6431) [ 115.371049][ T6431] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 115.381424][ T6431] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 115.391548][ T6431] BTRFS info (device loop0): using free-space-tree [pid 6431] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6431] ioctl(4, LOOP_CLR_FD) = 0 [pid 6431] close(4) = 0 [pid 6431] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6431] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6430] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 115.445238][ T6431] BTRFS info (device loop0): rebuilding free space tree [ 115.483461][ T6431] BTRFS info (device loop0): balance: start -d -m [pid 6430] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6430] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6430] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6448 attached [ 115.492895][ T6431] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 115.528211][ T6431] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata => {parent_tid=[6448]}, 88) = 6448 [pid 6448] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6448] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6448] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6430] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = 0 [pid 6430] <... futex resumed>) = 1 [pid 6448] chdir("./file0" [pid 6430] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] <... chdir resumed>) = 0 [pid 6448] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6448] openat(AT_FDCWD, ".", O_RDONLY [pid 6430] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] <... openat resumed>) = 4 [pid 6448] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... futex resumed>) = 0 [pid 6430] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] <... futex resumed>) = 1 [ 115.567650][ T6431] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 115.597801][ T6431] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6448] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6430] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6430] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6430] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6449 attached => {parent_tid=[6449]}, 88) = 6449 [pid 6449] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6430] rt_sigprocmask(SIG_SETMASK, [], [pid 6449] set_robust_list(0x7f0aef8679a0, 24 [pid 6430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6449] <... set_robust_list resumed>) = 0 [pid 6430] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] rt_sigprocmask(SIG_SETMASK, [], [pid 6430] <... futex resumed>) = 0 [pid 6449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6430] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6449] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6449] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... futex resumed>) = 0 [pid 6430] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] <... futex resumed>) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6449] memfd_create("syzkaller", 0 [pid 6430] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6449] <... memfd_create resumed>) = 5 [pid 6449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6449] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6448] <... ioctl resumed>) = 0 [pid 6448] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6431] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6431] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6431] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6449] <... write resumed>) = 524288 [pid 6449] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6449] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6449] ioctl(6, LOOP_CLR_FD) = 0 [ 115.641923][ T6431] BTRFS info (device loop0): balance: ended with status: 0 [pid 6449] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6449] close(6) = 0 [pid 6449] close(5) = 0 [pid 6449] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6449] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6430] exit_group(0 [pid 6449] <... futex resumed>) = ? [pid 6448] <... futex resumed>) = ? [pid 6431] <... futex resumed>) = ? [pid 6430] <... exit_group resumed>) = ? [pid 6449] +++ exited with 0 +++ [pid 6448] +++ exited with 0 +++ [pid 6431] +++ exited with 0 +++ [pid 6430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6430, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 115.777036][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6452 attached , child_tidptr=0x5555867a3690) = 6452 [pid 6452] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6452] chdir("./29") = 0 [pid 6452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6452] setpgid(0, 0) = 0 [pid 6452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6452] write(3, "1000", 4) = 4 [pid 6452] close(3) = 0 [pid 6452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6452] write(1, "executing program\n", 18executing program ) = 18 [pid 6452] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6452] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6452] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6452] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6453 attached [pid 6453] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6452] <... clone3 resumed> => {parent_tid=[6453]}, 88) = 6453 [pid 6453] set_robust_list(0x7f0aef8a99a0, 24 [pid 6452] rt_sigprocmask(SIG_SETMASK, [], [pid 6453] <... set_robust_list resumed>) = 0 [pid 6452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6453] rt_sigprocmask(SIG_SETMASK, [], [pid 6452] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6452] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6453] memfd_create("syzkaller", 0) = 3 [pid 6453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6453] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6453] close(3) = 0 [pid 6453] close(4) = 0 [pid 6453] mkdir("./file0", 0777) = 0 [ 116.210553][ T6453] loop0: detected capacity change from 0 to 32768 [ 116.252293][ T6453] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6453) [ 116.271114][ T6453] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 116.283381][ T6453] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 116.293810][ T6453] BTRFS info (device loop0): using free-space-tree [pid 6453] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6453] ioctl(4, LOOP_CLR_FD) = 0 [pid 6453] close(4) = 0 [pid 6453] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6453] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6452] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6452] <... futex resumed>) = 0 [pid 6453] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 116.369290][ T6453] BTRFS info (device loop0): rebuilding free space tree [ 116.430881][ T6453] BTRFS info (device loop0): balance: start -d -m [ 116.440891][ T6453] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6452] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6452] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6452] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6452] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0} => {parent_tid=[6471]}, 88) = 6471 [pid 6452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6452] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6471 attached [pid 6471] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6471] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6471] chdir("./file0") = 0 [pid 6471] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6452] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6471] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6471] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6452] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 116.473074][ T6453] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6471] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6452] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6452] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6452] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6452] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6452] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6472]}, 88) = 6472 ./strace-static-x86_64: Process 6472 attached [pid 6452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6452] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6472] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6472] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6472] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6472] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6452] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6472] memfd_create("syzkaller", 0) = 5 [pid 6472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6472] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6472] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6472] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6472] ioctl(6, LOOP_CLR_FD) = 0 [pid 6472] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6472] close(6) = 0 [pid 6472] close(5) = 0 [ 116.563437][ T6453] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6472] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6472] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6471] <... ioctl resumed>) = 0 [pid 6471] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6453] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6452] exit_group(0 [pid 6472] <... futex resumed>) = ? [pid 6471] <... futex resumed>) = ? [pid 6453] <... futex resumed>) = ? [pid 6452] <... exit_group resumed>) = ? [pid 6453] +++ exited with 0 +++ [pid 6472] +++ exited with 0 +++ [pid 6471] +++ exited with 0 +++ [pid 6452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6452, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=38 /* 0.38 s */} --- [ 116.656245][ T6453] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 116.681036][ T6453] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 116.842234][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6473 attached [pid 6473] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6473] chdir("./30") = 0 [pid 6473] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 6473 [pid 6473] <... prctl resumed>) = 0 [pid 6473] setpgid(0, 0) = 0 [pid 6473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6473] write(3, "1000", 4) = 4 [pid 6473] close(3) = 0 [pid 6473] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6473] write(1, "executing program\n", 18) = 18 [pid 6473] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6473] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6473] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6474 attached [pid 6474] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6473] <... clone3 resumed> => {parent_tid=[6474]}, 88) = 6474 [pid 6474] <... rseq resumed>) = 0 [pid 6474] set_robust_list(0x7f0aef8a99a0, 24) = 0 [pid 6473] rt_sigprocmask(SIG_SETMASK, [], [pid 6474] rt_sigprocmask(SIG_SETMASK, [], [pid 6473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6473] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6474] memfd_create("syzkaller", 0) = 3 [pid 6474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6474] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6474] close(3) = 0 [pid 6474] close(4) = 0 [pid 6474] mkdir("./file0", 0777) = 0 [ 117.507573][ T6474] loop0: detected capacity change from 0 to 32768 [ 117.547991][ T6474] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6474) [ 117.571437][ T6474] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 117.582512][ T6474] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 117.592426][ T6474] BTRFS info (device loop0): using free-space-tree [pid 6474] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6474] ioctl(4, LOOP_CLR_FD) = 0 [pid 6474] close(4) = 0 [pid 6474] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6473] <... futex resumed>) = 0 [pid 6474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6473] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6474] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6473] <... futex resumed>) = 0 [ 117.648319][ T6474] BTRFS info (device loop0): rebuilding free space tree [ 117.686634][ T6474] BTRFS info (device loop0): balance: start -d -m [pid 6473] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6473] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6473] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6491 attached [pid 6491] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6473] <... clone3 resumed> => {parent_tid=[6491]}, 88) = 6491 [pid 6491] set_robust_list(0x7f0aef8889a0, 24 [pid 6473] rt_sigprocmask(SIG_SETMASK, [], [pid 6491] <... set_robust_list resumed>) = 0 [pid 6473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6491] rt_sigprocmask(SIG_SETMASK, [], [pid 6473] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6473] <... futex resumed>) = 0 [pid 6491] chdir("./file0" [pid 6473] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6491] <... chdir resumed>) = 0 [ 117.695450][ T6474] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 117.720768][ T6474] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6491] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6473] <... futex resumed>) = 0 [pid 6473] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6491] <... futex resumed>) = 0 [pid 6473] <... futex resumed>) = 1 [pid 6491] openat(AT_FDCWD, ".", O_RDONLY [pid 6473] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6491] <... openat resumed>) = 4 [pid 6491] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6473] <... futex resumed>) = 0 [pid 6473] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6491] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6473] <... futex resumed>) = 0 [ 117.763747][ T6474] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6473] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6473] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6491] <... ioctl resumed>) = 0 [pid 6491] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... mmap resumed>) = 0x7f0aef847000 [pid 6491] <... futex resumed>) = 0 [pid 6473] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE [pid 6491] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6473] <... mprotect resumed>) = 0 [pid 6473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6474] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6492 attached [pid 6474] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6474] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] <... rseq resumed>) = 0 [pid 6492] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6473] <... clone3 resumed> => {parent_tid=[6492]}, 88) = 6492 [pid 6492] rt_sigprocmask(SIG_SETMASK, [], [pid 6473] rt_sigprocmask(SIG_SETMASK, [], [pid 6492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6473] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6492] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6492] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6473] <... futex resumed>) = 0 [pid 6492] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6473] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6474] <... futex resumed>) = 0 [pid 6473] <... futex resumed>) = 1 [pid 6474] memfd_create("syzkaller", 0 [pid 6473] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6474] <... memfd_create resumed>) = 5 [pid 6474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [ 117.841725][ T6474] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 117.869270][ T6474] BTRFS info (device loop0): balance: ended with status: 0 [pid 6474] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6474] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6474] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6474] ioctl(6, LOOP_CLR_FD) = 0 [pid 6474] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6474] close(6) = 0 [pid 6474] close(5) = 0 [pid 6474] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6473] <... futex resumed>) = 0 [pid 6474] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6473] exit_group(0 [pid 6492] <... futex resumed>) = ? [pid 6474] <... futex resumed>) = ? [pid 6473] <... exit_group resumed>) = ? [pid 6492] +++ exited with 0 +++ [pid 6491] <... futex resumed>) = ? [pid 6474] +++ exited with 0 +++ [pid 6491] +++ exited with 0 +++ [pid 6473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6473, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 118.066905][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6494 attached , child_tidptr=0x5555867a3690) = 6494 [pid 6494] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6494] chdir("./31") = 0 [pid 6494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6494] setpgid(0, 0) = 0 [pid 6494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6494] write(3, "1000", 4) = 4 [pid 6494] close(3) = 0 [pid 6494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6494] write(1, "executing program\n", 18executing program ) = 18 [pid 6494] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6494] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6495 attached [pid 6495] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6495] set_robust_list(0x7f0aef8a99a0, 24 [pid 6494] <... clone3 resumed> => {parent_tid=[6495]}, 88) = 6495 [pid 6495] <... set_robust_list resumed>) = 0 [pid 6494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6495] rt_sigprocmask(SIG_SETMASK, [], [pid 6494] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6495] memfd_create("syzkaller", 0) = 3 [pid 6495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6495] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6495] close(3) = 0 [pid 6495] close(4) = 0 [pid 6495] mkdir("./file0", 0777) = 0 [ 118.425069][ T6495] loop0: detected capacity change from 0 to 32768 [ 118.465718][ T6495] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6495) [ 118.484850][ T6495] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 118.495742][ T6495] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 118.505642][ T6495] BTRFS info (device loop0): using free-space-tree [pid 6495] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6495] ioctl(4, LOOP_CLR_FD) = 0 [pid 6495] close(4) = 0 [ 118.584394][ T6495] BTRFS info (device loop0): rebuilding free space tree [pid 6495] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6495] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 118.655763][ T6495] BTRFS info (device loop0): balance: start -d -m [ 118.663966][ T6495] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6495] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6494] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6494] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6494] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6513 attached => {parent_tid=[6513]}, 88) = 6513 [pid 6513] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6494] rt_sigprocmask(SIG_SETMASK, [], [pid 6513] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6513] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6494] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] chdir("./file0" [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6513] <... chdir resumed>) = 0 [pid 6513] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6513] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6494] <... futex resumed>) = 0 [pid 6513] openat(AT_FDCWD, ".", O_RDONLY [pid 6494] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6513] <... openat resumed>) = 4 [pid 6513] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6513] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6494] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 118.696154][ T6495] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6494] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6494] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6494] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6514 attached => {parent_tid=[6514]}, 88) = 6514 [pid 6514] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6494] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6514] <... rseq resumed>) = 0 [pid 6494] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6514] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6514] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6514] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6514] memfd_create("syzkaller", 0 [pid 6494] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6514] <... memfd_create resumed>) = 5 [pid 6494] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6514] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6513] <... ioctl resumed>) = 0 [pid 6514] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6513] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6513] <... futex resumed>) = 0 [pid 6514] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6514] ioctl(6, LOOP_CLR_FD) = 0 [pid 6514] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6514] close(6) = 0 [pid 6514] close(5) = 0 [pid 6513] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6514] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [ 118.843216][ T6495] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 118.882330][ T6495] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6514] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6495] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] exit_group(0 [pid 6514] <... futex resumed>) = ? [pid 6513] <... futex resumed>) = ? [pid 6494] <... exit_group resumed>) = ? [pid 6514] +++ exited with 0 +++ [pid 6513] +++ exited with 0 +++ [pid 6495] <... futex resumed>) = ? [pid 6495] +++ exited with 0 +++ [pid 6494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6494, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [ 118.907892][ T6495] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 119.105554][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6515 attached , child_tidptr=0x5555867a3690) = 6515 [pid 6515] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6515] chdir("./32") = 0 [pid 6515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6515] setpgid(0, 0) = 0 [pid 6515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6515] write(3, "1000", 4) = 4 [pid 6515] close(3) = 0 [pid 6515] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6515] write(1, "executing program\n", 18) = 18 [pid 6515] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6515] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6515] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6516 attached [pid 6516] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6516] set_robust_list(0x7f0aef8a99a0, 24 [pid 6515] <... clone3 resumed> => {parent_tid=[6516]}, 88) = 6516 [pid 6516] <... set_robust_list resumed>) = 0 [pid 6515] rt_sigprocmask(SIG_SETMASK, [], [pid 6516] rt_sigprocmask(SIG_SETMASK, [], [pid 6515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6515] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] memfd_create("syzkaller", 0 [pid 6515] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6516] <... memfd_create resumed>) = 3 [pid 6516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6516] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6516] close(3) = 0 [pid 6516] close(4) = 0 [pid 6516] mkdir("./file0", 0777) = 0 [ 119.586795][ T6516] loop0: detected capacity change from 0 to 32768 [ 119.629431][ T6516] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6516) [ 119.649035][ T6516] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 119.660204][ T6516] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.670565][ T6516] BTRFS info (device loop0): using free-space-tree [pid 6516] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6516] ioctl(4, LOOP_CLR_FD) = 0 [ 119.757870][ T6516] BTRFS info (device loop0): rebuilding free space tree [pid 6516] close(4) = 0 [pid 6516] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] <... futex resumed>) = 0 [pid 6516] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6515] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6515] <... futex resumed>) = 0 [pid 6516] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 119.840272][ T6516] BTRFS info (device loop0): balance: start -d -m [ 119.850180][ T6516] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6515] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6515] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6515] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6534 attached => {parent_tid=[6534]}, 88) = 6534 [pid 6515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6515] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6515] <... futex resumed>) = 0 [pid 6534] <... rseq resumed>) = 0 [pid 6515] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6534] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6534] chdir("./file0") = 0 [pid 6534] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] <... futex resumed>) = 0 [pid 6534] openat(AT_FDCWD, ".", O_RDONLY [pid 6515] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] <... openat resumed>) = 4 [pid 6515] <... futex resumed>) = 0 [pid 6534] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6515] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6534] <... futex resumed>) = 0 [pid 6515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6534] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6515] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6515] <... futex resumed>) = 0 [ 119.885611][ T6516] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6515] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6515] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6515] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6535 attached => {parent_tid=[6535]}, 88) = 6535 [pid 6535] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6515] rt_sigprocmask(SIG_SETMASK, [], [pid 6535] <... rseq resumed>) = 0 [pid 6515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6535] set_robust_list(0x7f0aef8679a0, 24 [pid 6515] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] <... set_robust_list resumed>) = 0 [pid 6515] <... futex resumed>) = 0 [pid 6535] rt_sigprocmask(SIG_SETMASK, [], [pid 6515] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6535] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6535] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] <... futex resumed>) = 0 [pid 6535] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6515] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6515] <... futex resumed>) = 0 [pid 6535] memfd_create("syzkaller", 0 [pid 6515] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6535] <... memfd_create resumed>) = 5 [pid 6535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6535] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6534] <... ioctl resumed>) = 0 [pid 6534] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 119.975297][ T6516] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6534] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6535] <... write resumed>) = 524288 [pid 6535] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6535] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6535] ioctl(6, LOOP_CLR_FD) = 0 [pid 6535] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6535] close(6) = 0 [pid 6535] close(5) = 0 [pid 6535] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] <... futex resumed>) = 0 [pid 6535] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6516] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6516] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6515] exit_group(0 [pid 6535] <... futex resumed>) = ? [pid 6534] <... futex resumed>) = ? [pid 6516] <... futex resumed>) = ? [pid 6515] <... exit_group resumed>) = ? [pid 6535] +++ exited with 0 +++ [pid 6534] +++ exited with 0 +++ [pid 6516] +++ exited with 0 +++ [pid 6515] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6515, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 120.050216][ T6516] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 120.079982][ T6516] BTRFS info (device loop0): balance: ended with status: 0 [ 120.126112][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6537 attached , child_tidptr=0x5555867a3690) = 6537 [pid 6537] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6537] chdir("./33") = 0 [pid 6537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6537] setpgid(0, 0) = 0 [pid 6537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6537] write(3, "1000", 4) = 4 [pid 6537] close(3) = 0 [pid 6537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6537] write(1, "executing program\n", 18executing program ) = 18 [pid 6537] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6537] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6538 attached => {parent_tid=[6538]}, 88) = 6538 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], [pid 6538] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6538] <... rseq resumed>) = 0 [pid 6537] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] set_robust_list(0x7f0aef8a99a0, 24 [pid 6537] <... futex resumed>) = 0 [pid 6538] <... set_robust_list resumed>) = 0 [pid 6538] rt_sigprocmask(SIG_SETMASK, [], [pid 6537] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6538] memfd_create("syzkaller", 0) = 3 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6538] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6538] close(3) = 0 [pid 6538] close(4) = 0 [pid 6538] mkdir("./file0", 0777) = 0 [ 120.596332][ T6538] loop0: detected capacity change from 0 to 32768 [ 120.628776][ T6538] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6538) [ 120.652343][ T6538] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 120.663237][ T6538] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 120.673663][ T6538] BTRFS info (device loop0): using free-space-tree [pid 6538] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6538] ioctl(4, LOOP_CLR_FD) = 0 [pid 6538] close(4) = 0 [pid 6538] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6538] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6538] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6537] <... futex resumed>) = 1 [ 120.756625][ T6538] BTRFS info (device loop0): rebuilding free space tree [ 120.801884][ T6538] BTRFS info (device loop0): balance: start -d -m [ 120.809888][ T6538] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6537] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6537] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6537] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6556 attached => {parent_tid=[6556]}, 88) = 6556 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6556] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6537] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... rseq resumed>) = 0 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6556] chdir("./file0") = 0 [pid 6556] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6556] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6556] openat(AT_FDCWD, ".", O_RDONLY [pid 6537] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... openat resumed>) = 4 [pid 6556] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 120.842726][ T6538] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6556] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6537] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6537] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6537] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6557 attached => {parent_tid=[6557]}, 88) = 6557 [pid 6557] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], [pid 6557] <... rseq resumed>) = 0 [pid 6537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6557] set_robust_list(0x7f0aef8679a0, 24 [pid 6537] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] <... set_robust_list resumed>) = 0 [pid 6537] <... futex resumed>) = 0 [pid 6557] rt_sigprocmask(SIG_SETMASK, [], [pid 6537] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6557] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6557] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6557] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6537] <... futex resumed>) = 0 [pid 6557] memfd_create("syzkaller", 0 [pid 6537] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6557] <... memfd_create resumed>) = 5 [pid 6557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6557] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6557] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6557] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6557] ioctl(6, LOOP_CLR_FD) = 0 [pid 6557] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6557] close(6) = 0 [pid 6556] <... ioctl resumed>) = 0 [pid 6557] close(5 [pid 6556] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6557] <... close resumed>) = 0 [pid 6557] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [ 120.979787][ T6538] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6557] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6538] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6538] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6538] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] exit_group(0 [pid 6557] <... futex resumed>) = ? [pid 6556] <... futex resumed>) = ? [pid 6537] <... exit_group resumed>) = ? [pid 6557] +++ exited with 0 +++ [pid 6556] +++ exited with 0 +++ [pid 6538] <... futex resumed>) = ? [pid 6538] +++ exited with 0 +++ [pid 6537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6537, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 121.022499][ T6538] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 121.048603][ T6538] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 121.217044][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6558 attached , child_tidptr=0x5555867a3690) = 6558 [pid 6558] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6558] chdir("./34") = 0 [pid 6558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6558] setpgid(0, 0) = 0 [pid 6558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6558] write(3, "1000", 4) = 4 [pid 6558] close(3) = 0 [pid 6558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6558] write(1, "executing program\n", 18executing program ) = 18 [pid 6558] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6558] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6558] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6559 attached => {parent_tid=[6559]}, 88) = 6559 [pid 6559] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6559] set_robust_list(0x7f0aef8a99a0, 24 [pid 6558] rt_sigprocmask(SIG_SETMASK, [], [pid 6559] <... set_robust_list resumed>) = 0 [pid 6558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6559] rt_sigprocmask(SIG_SETMASK, [], [pid 6558] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6559] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6558] <... futex resumed>) = 0 [pid 6559] memfd_create("syzkaller", 0 [pid 6558] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6559] <... memfd_create resumed>) = 3 [pid 6559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6559] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6559] close(3) = 0 [pid 6559] close(4) = 0 [pid 6559] mkdir("./file0", 0777) = 0 [ 121.726962][ T6559] loop0: detected capacity change from 0 to 32768 [ 121.768233][ T6559] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6559) [ 121.788143][ T6559] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 121.798500][ T6559] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 121.810045][ T6559] BTRFS info (device loop0): using free-space-tree [pid 6559] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6559] ioctl(4, LOOP_CLR_FD) = 0 [pid 6559] close(4) = 0 [pid 6559] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6559] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6558] <... futex resumed>) = 0 [ 121.905434][ T6559] BTRFS info (device loop0): rebuilding free space tree [ 121.959161][ T6559] BTRFS info (device loop0): balance: start -d -m [ 121.969667][ T6559] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6558] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6558] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6558] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6577 attached => {parent_tid=[6577]}, 88) = 6577 [pid 6558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6558] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6577] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6577] chdir("./file0") = 0 [pid 6577] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6577] <... futex resumed>) = 0 [pid 6558] <... futex resumed>) = 1 [pid 6577] openat(AT_FDCWD, ".", O_RDONLY [pid 6558] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] <... openat resumed>) = 4 [pid 6577] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6577] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6558] <... futex resumed>) = 0 [pid 6577] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 122.002775][ T6559] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6558] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6558] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6558] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6578]}, 88) = 6578 [pid 6558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6578 attached [pid 6558] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6558] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6578] <... rseq resumed>) = 0 [pid 6578] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6578] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6578] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] <... futex resumed>) = 0 [pid 6558] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] <... futex resumed>) = 0 [pid 6558] <... futex resumed>) = 1 [pid 6578] memfd_create("syzkaller", 0 [pid 6558] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6578] <... memfd_create resumed>) = 5 [pid 6578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6578] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6578] munmap(0x7f0ae7400000, 138412032 [pid 6577] <... ioctl resumed>) = 0 [pid 6577] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] <... munmap resumed>) = 0 [pid 6577] <... futex resumed>) = 0 [pid 6578] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6577] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6578] <... openat resumed>) = 6 [pid 6578] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6578] ioctl(6, LOOP_CLR_FD) = 0 [pid 6578] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6578] close(6) = 0 [pid 6578] close(5) = 0 [pid 6578] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] <... futex resumed>) = 0 [ 122.164537][ T6559] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 122.203456][ T6559] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6559] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6559] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6559] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] exit_group(0 [pid 6578] <... futex resumed>) = ? [pid 6577] <... futex resumed>) = ? [pid 6559] <... futex resumed>) = ? [pid 6558] <... exit_group resumed>) = ? [pid 6578] +++ exited with 0 +++ [pid 6577] +++ exited with 0 +++ [pid 6559] +++ exited with 0 +++ [pid 6558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6558, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 122.239534][ T6559] BTRFS info (device loop0): balance: ended with status: 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 122.330374][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6580 attached , child_tidptr=0x5555867a3690) = 6580 [pid 6580] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6580] chdir("./35") = 0 [pid 6580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6580] setpgid(0, 0) = 0 [pid 6580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6580] write(3, "1000", 4) = 4 [pid 6580] close(3) = 0 [pid 6580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6580] write(1, "executing program\n", 18executing program ) = 18 [pid 6580] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6580] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6580] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6581 attached [pid 6581] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6581] set_robust_list(0x7f0aef8a99a0, 24 [pid 6580] <... clone3 resumed> => {parent_tid=[6581]}, 88) = 6581 [pid 6581] <... set_robust_list resumed>) = 0 [pid 6580] rt_sigprocmask(SIG_SETMASK, [], [pid 6581] rt_sigprocmask(SIG_SETMASK, [], [pid 6580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6580] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6581] memfd_create("syzkaller", 0 [pid 6580] <... futex resumed>) = 0 [pid 6580] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6581] <... memfd_create resumed>) = 3 [pid 6581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6581] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6581] close(3) = 0 [pid 6581] close(4) = 0 [pid 6581] mkdir("./file0", 0777) = 0 [ 122.863547][ T6581] loop0: detected capacity change from 0 to 32768 [ 122.908673][ T6581] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6581) [ 122.927976][ T6581] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 122.938445][ T6581] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 122.949558][ T6581] BTRFS info (device loop0): using free-space-tree [pid 6581] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6581] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6581] ioctl(4, LOOP_CLR_FD) = 0 [pid 6581] close(4) = 0 [pid 6581] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6580] <... futex resumed>) = 0 [pid 6580] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6581] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6580] <... futex resumed>) = 0 [ 123.015593][ T6581] BTRFS info (device loop0): rebuilding free space tree [pid 6580] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6580] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6580] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [ 123.060376][ T6581] BTRFS info (device loop0): balance: start -d -m [ 123.069703][ T6581] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 123.094959][ T6581] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6598 attached [pid 6598] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6580] <... clone3 resumed> => {parent_tid=[6598]}, 88) = 6598 [pid 6598] set_robust_list(0x7f0aef8889a0, 24 [pid 6580] rt_sigprocmask(SIG_SETMASK, [], [pid 6598] <... set_robust_list resumed>) = 0 [pid 6598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6598] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6580] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] <... futex resumed>) = 0 [pid 6580] <... futex resumed>) = 1 [pid 6598] chdir("./file0" [pid 6580] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] <... chdir resumed>) = 0 [pid 6598] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6580] <... futex resumed>) = 0 [pid 6598] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6580] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6580] <... futex resumed>) = 0 [pid 6598] openat(AT_FDCWD, ".", O_RDONLY [pid 6580] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] <... openat resumed>) = 4 [pid 6598] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6580] <... futex resumed>) = 0 [pid 6580] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6598] <... futex resumed>) = 1 [ 123.132615][ T6581] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 123.166232][ T6581] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6598] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6580] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6580] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6580] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6598] <... ioctl resumed>) = 0 [pid 6581] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} [pid 6598] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6581] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6599 attached [pid 6598] <... futex resumed>) = 0 [pid 6581] <... futex resumed>) = 0 [pid 6599] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6598] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6581] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6580] <... clone3 resumed> => {parent_tid=[6599]}, 88) = 6599 [pid 6599] <... rseq resumed>) = 0 [pid 6580] rt_sigprocmask(SIG_SETMASK, [], [pid 6599] set_robust_list(0x7f0aef8679a0, 24 [pid 6580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6599] <... set_robust_list resumed>) = 0 [pid 6580] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] rt_sigprocmask(SIG_SETMASK, [], [pid 6580] <... futex resumed>) = 0 [pid 6599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6580] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6599] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [ 123.213409][ T6581] BTRFS info (device loop0): balance: ended with status: 0 [pid 6599] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6580] <... futex resumed>) = 0 [pid 6599] <... futex resumed>) = 1 [pid 6580] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6580] <... futex resumed>) = 1 [pid 6580] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6581] <... futex resumed>) = 0 [pid 6581] memfd_create("syzkaller", 0) = 5 [pid 6581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6581] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6581] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6581] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6581] ioctl(6, LOOP_CLR_FD) = 0 [pid 6581] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6581] close(6) = 0 [pid 6581] close(5) = 0 [pid 6581] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6581] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6580] <... futex resumed>) = 0 [pid 6580] exit_group(0 [pid 6599] <... futex resumed>) = ? [pid 6598] <... futex resumed>) = ? [pid 6581] <... futex resumed>) = ? [pid 6580] <... exit_group resumed>) = ? [pid 6599] +++ exited with 0 +++ [pid 6581] +++ exited with 0 +++ [pid 6598] +++ exited with 0 +++ [pid 6580] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6580, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 123.445273][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6601 attached , child_tidptr=0x5555867a3690) = 6601 [pid 6601] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6601] chdir("./36") = 0 [pid 6601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6601] setpgid(0, 0) = 0 [pid 6601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6601] write(3, "1000", 4) = 4 [pid 6601] close(3) = 0 [pid 6601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6601] write(1, "executing program\n", 18executing program ) = 18 [pid 6601] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6601] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6601] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6602 attached [pid 6602] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6601] <... clone3 resumed> => {parent_tid=[6602]}, 88) = 6602 [pid 6602] set_robust_list(0x7f0aef8a99a0, 24 [pid 6601] rt_sigprocmask(SIG_SETMASK, [], [pid 6602] <... set_robust_list resumed>) = 0 [pid 6601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6602] rt_sigprocmask(SIG_SETMASK, [], [pid 6601] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6601] <... futex resumed>) = 0 [pid 6602] memfd_create("syzkaller", 0 [pid 6601] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6602] <... memfd_create resumed>) = 3 [pid 6602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6602] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6602] close(3) = 0 [pid 6602] close(4) = 0 [pid 6602] mkdir("./file0", 0777) = 0 [ 123.912507][ T6602] loop0: detected capacity change from 0 to 32768 [ 123.953372][ T6602] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6602) [ 123.979832][ T6602] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 123.990751][ T6602] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 124.001850][ T6602] BTRFS info (device loop0): using free-space-tree [pid 6602] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6602] ioctl(4, LOOP_CLR_FD) = 0 [pid 6602] close(4) = 0 [pid 6602] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6601] <... futex resumed>) = 0 [pid 6601] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6602] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6601] <... futex resumed>) = 0 [ 124.054442][ T6602] BTRFS info (device loop0): rebuilding free space tree [ 124.085932][ T6602] BTRFS info (device loop0): balance: start -d -m [pid 6601] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6601] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6601] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6619 attached [pid 6619] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6601] <... clone3 resumed> => {parent_tid=[6619]}, 88) = 6619 [pid 6601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6601] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6619] set_robust_list(0x7f0aef8889a0, 24 [pid 6601] <... futex resumed>) = 0 [pid 6619] <... set_robust_list resumed>) = 0 [pid 6619] rt_sigprocmask(SIG_SETMASK, [], [pid 6601] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6619] chdir("./file0") = 0 [pid 6619] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6601] <... futex resumed>) = 0 [pid 6619] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6601] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6601] <... futex resumed>) = 0 [pid 6619] openat(AT_FDCWD, ".", O_RDONLY [pid 6601] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... openat resumed>) = 4 [pid 6619] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6601] <... futex resumed>) = 0 [pid 6601] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6619] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6601] <... futex resumed>) = 0 [ 124.097062][ T6602] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 124.121493][ T6602] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6601] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6601] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6619] <... ioctl resumed>) = 0 [pid 6601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6619] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6601] <... mmap resumed>) = 0x7f0aef847000 [pid 6619] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6601] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [ 124.180559][ T6602] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6620 attached [pid 6620] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6601] <... clone3 resumed> => {parent_tid=[6620]}, 88) = 6620 [pid 6620] <... rseq resumed>) = 0 [pid 6601] rt_sigprocmask(SIG_SETMASK, [], [pid 6620] set_robust_list(0x7f0aef8679a0, 24 [pid 6601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6620] <... set_robust_list resumed>) = 0 [pid 6601] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6620] rt_sigprocmask(SIG_SETMASK, [], [pid 6601] <... futex resumed>) = 0 [pid 6620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6601] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6620] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6620] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6601] <... futex resumed>) = 0 [pid 6601] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6620] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6619] <... futex resumed>) = 0 [pid 6601] <... futex resumed>) = 1 [pid 6619] memfd_create("syzkaller", 0 [pid 6601] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6619] <... memfd_create resumed>) = 5 [pid 6619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6619] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6619] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6619] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6619] ioctl(6, LOOP_CLR_FD) = 0 [pid 6619] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6619] close(6) = 0 [pid 6619] close(5) = 0 [pid 6619] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 124.245013][ T6602] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6619] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6601] <... futex resumed>) = 0 [pid 6602] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6602] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6602] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6601] exit_group(0 [pid 6620] <... futex resumed>) = ? [pid 6619] <... futex resumed>) = ? [pid 6602] <... futex resumed>) = ? [pid 6601] <... exit_group resumed>) = ? [pid 6620] +++ exited with 0 +++ [pid 6619] +++ exited with 0 +++ [pid 6602] +++ exited with 0 +++ [pid 6601] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6601, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 124.291179][ T6602] BTRFS info (device loop0): balance: ended with status: 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 124.396373][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6622 attached , child_tidptr=0x5555867a3690) = 6622 [pid 6622] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6622] chdir("./37") = 0 [pid 6622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6622] setpgid(0, 0) = 0 [pid 6622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6622] write(3, "1000", 4) = 4 [pid 6622] close(3) = 0 [pid 6622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6622] write(1, "executing program\n", 18executing program ) = 18 [pid 6622] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6622] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6622] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6623 attached [pid 6623] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6622] <... clone3 resumed> => {parent_tid=[6623]}, 88) = 6623 [pid 6623] <... rseq resumed>) = 0 [pid 6623] set_robust_list(0x7f0aef8a99a0, 24 [pid 6622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6622] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6623] <... set_robust_list resumed>) = 0 [pid 6623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6623] memfd_create("syzkaller", 0) = 3 [pid 6623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6623] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6623] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6623] close(3) = 0 [pid 6623] close(4) = 0 [ 124.955663][ T6623] loop0: detected capacity change from 0 to 32768 [pid 6623] mkdir("./file0", 0777) = 0 [ 124.996024][ T6623] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6623) [ 125.021222][ T6623] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 125.031684][ T6623] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 125.042971][ T6623] BTRFS info (device loop0): using free-space-tree [pid 6623] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6623] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6623] ioctl(4, LOOP_CLR_FD) = 0 [pid 6623] close(4) = 0 [pid 6623] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6622] <... futex resumed>) = 0 [pid 6623] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6622] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6622] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 125.119650][ T6623] BTRFS info (device loop0): rebuilding free space tree [ 125.153356][ T6623] BTRFS info (device loop0): balance: start -d -m [pid 6623] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6622] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 125.164938][ T6623] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6622] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6622] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6622] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6641 attached => {parent_tid=[6641]}, 88) = 6641 [pid 6622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6622] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6641] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6622] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6641] <... rseq resumed>) = 0 [pid 6641] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6641] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6641] chdir("./file0") = 0 [pid 6641] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6622] <... futex resumed>) = 0 [pid 6641] openat(AT_FDCWD, ".", O_RDONLY [pid 6622] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] <... openat resumed>) = 4 [pid 6622] <... futex resumed>) = 0 [pid 6641] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6641] <... futex resumed>) = 0 [pid 6622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6641] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6622] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 125.201257][ T6623] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6622] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6622] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6622] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6642]}, 88) = 6642 [pid 6622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6622] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6622] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6642 attached [pid 6642] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6642] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6642] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6642] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] <... futex resumed>) = 0 [pid 6642] <... futex resumed>) = 1 [pid 6642] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6622] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6622] <... futex resumed>) = 0 [pid 6642] memfd_create("syzkaller", 0 [pid 6622] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6642] <... memfd_create resumed>) = 5 [pid 6642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6642] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6642] munmap(0x7f0ae7400000, 138412032 [pid 6641] <... ioctl resumed>) = 0 [pid 6641] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6641] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6642] <... munmap resumed>) = 0 [pid 6642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6642] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6642] ioctl(6, LOOP_CLR_FD) = 0 [pid 6642] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6642] close(6) = 0 [pid 6642] close(5) = 0 [pid 6642] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6622] <... futex resumed>) = 0 [ 125.347275][ T6623] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 125.385990][ T6623] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6642] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6623] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6623] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6622] exit_group(0 [pid 6642] <... futex resumed>) = ? [pid 6641] <... futex resumed>) = ? [pid 6622] <... exit_group resumed>) = ? [pid 6642] +++ exited with 0 +++ [pid 6641] +++ exited with 0 +++ [pid 6623] <... futex resumed>) = ? [pid 6623] +++ exited with 0 +++ [pid 6622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6622, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.412060][ T6623] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 125.589418][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6643 attached , child_tidptr=0x5555867a3690) = 6643 [pid 6643] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6643] chdir("./38") = 0 [pid 6643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6643] setpgid(0, 0) = 0 [pid 6643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6643] write(3, "1000", 4) = 4 [pid 6643] close(3) = 0 [pid 6643] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6643] write(1, "executing program\n", 18) = 18 [pid 6643] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6643] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6643] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6644 attached => {parent_tid=[6644]}, 88) = 6644 [pid 6644] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6644] set_robust_list(0x7f0aef8a99a0, 24 [pid 6643] rt_sigprocmask(SIG_SETMASK, [], [pid 6644] <... set_robust_list resumed>) = 0 [pid 6643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6644] rt_sigprocmask(SIG_SETMASK, [], [pid 6643] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6643] <... futex resumed>) = 0 [pid 6644] memfd_create("syzkaller", 0 [pid 6643] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6644] <... memfd_create resumed>) = 3 [pid 6644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6644] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6644] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6644] close(3) = 0 [pid 6644] close(4) = 0 [pid 6644] mkdir("./file0", 0777) = 0 [ 126.227440][ T6644] loop0: detected capacity change from 0 to 32768 [ 126.259248][ T6644] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6644) [ 126.280445][ T6644] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 126.290990][ T6644] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 126.301002][ T6644] BTRFS info (device loop0): using free-space-tree [pid 6644] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6644] ioctl(4, LOOP_CLR_FD) = 0 [pid 6644] close(4) = 0 [pid 6644] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6644] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6643] <... futex resumed>) = 0 [pid 6643] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] <... futex resumed>) = 0 [pid 6643] <... futex resumed>) = 1 [pid 6644] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 126.389859][ T6644] BTRFS info (device loop0): rebuilding free space tree [pid 6643] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6643] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6643] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0} => {parent_tid=[6662]}, 88) = 6662 ./strace-static-x86_64: Process 6662 attached [pid 6643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6643] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6643] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6662] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6662] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6662] chdir("./file0") = 0 [pid 6662] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6643] <... futex resumed>) = 0 [pid 6662] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6643] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6662] <... futex resumed>) = 0 [pid 6643] <... futex resumed>) = 1 [pid 6662] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6643] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6662] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6643] <... futex resumed>) = 0 [pid 6662] <... futex resumed>) = 1 [pid 6643] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6662] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6643] <... futex resumed>) = 0 [ 126.455181][ T6644] BTRFS info (device loop0): balance: start -d -m [ 126.462838][ T6644] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 126.494549][ T6644] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6643] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6643] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6643] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6663 attached => {parent_tid=[6663]}, 88) = 6663 [pid 6643] rt_sigprocmask(SIG_SETMASK, [], [pid 6663] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6643] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] <... rseq resumed>) = 0 [pid 6663] set_robust_list(0x7f0aef8679a0, 24 [pid 6643] <... futex resumed>) = 0 [pid 6663] <... set_robust_list resumed>) = 0 [pid 6663] rt_sigprocmask(SIG_SETMASK, [], [pid 6643] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6663] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6663] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6643] <... futex resumed>) = 0 [pid 6643] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] memfd_create("syzkaller", 0 [pid 6643] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6663] <... memfd_create resumed>) = 5 [pid 6663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6663] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6663] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6663] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6663] ioctl(6, LOOP_CLR_FD [pid 6662] <... ioctl resumed>) = 0 [pid 6662] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] <... ioctl resumed>) = 0 [pid 6662] <... futex resumed>) = 0 [pid 6662] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6663] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6663] close(6) = 0 [pid 6663] close(5) = 0 [pid 6663] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6643] <... futex resumed>) = 0 [ 126.646917][ T6644] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 126.680015][ T6644] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6663] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6644] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6644] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6643] exit_group(0) = ? [pid 6663] <... futex resumed>) = ? [pid 6662] <... futex resumed>) = ? [pid 6663] +++ exited with 0 +++ [pid 6662] +++ exited with 0 +++ [pid 6644] <... futex resumed>) = ? [pid 6644] +++ exited with 0 +++ [pid 6643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6643, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 126.731018][ T6644] BTRFS info (device loop0): balance: ended with status: 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 126.822591][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6665 attached [pid 6665] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6665] chdir("./39") = 0 [pid 6665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6665] setpgid(0, 0) = 0 [pid 6665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 6665 [pid 6665] <... openat resumed>) = 3 [pid 6665] write(3, "1000", 4) = 4 [pid 6665] close(3) = 0 [pid 6665] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6665] write(1, "executing program\n", 18) = 18 [pid 6665] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6665] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6665] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6666 attached [pid 6666] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6665] <... clone3 resumed> => {parent_tid=[6666]}, 88) = 6666 [pid 6666] set_robust_list(0x7f0aef8a99a0, 24) = 0 [pid 6665] rt_sigprocmask(SIG_SETMASK, [], [pid 6666] rt_sigprocmask(SIG_SETMASK, [], [pid 6665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6665] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6666] memfd_create("syzkaller", 0 [pid 6665] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6666] <... memfd_create resumed>) = 3 [pid 6666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6666] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6666] close(3) = 0 [pid 6666] close(4) = 0 [pid 6666] mkdir("./file0", 0777) = 0 [ 127.437865][ T6666] loop0: detected capacity change from 0 to 32768 [ 127.470993][ T6666] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6666) [ 127.493985][ T6666] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 127.504427][ T6666] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 127.513957][ T6666] BTRFS info (device loop0): using free-space-tree [pid 6666] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6666] ioctl(4, LOOP_CLR_FD) = 0 [pid 6666] close(4) = 0 [pid 6666] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6666] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] <... futex resumed>) = 0 [pid 6665] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] <... futex resumed>) = 0 [pid 6665] <... futex resumed>) = 1 [pid 6666] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 127.580819][ T6666] BTRFS info (device loop0): rebuilding free space tree [ 127.608130][ T6666] BTRFS info (device loop0): balance: start -d -m [ 127.617810][ T6666] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6665] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6665] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6665] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6683 attached [pid 6683] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6665] <... clone3 resumed> => {parent_tid=[6683]}, 88) = 6683 [pid 6665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6683] <... rseq resumed>) = 0 [pid 6665] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] set_robust_list(0x7f0aef8889a0, 24 [pid 6665] <... futex resumed>) = 0 [pid 6683] <... set_robust_list resumed>) = 0 [pid 6665] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6683] chdir("./file0") = 0 [pid 6683] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6665] <... futex resumed>) = 0 [pid 6683] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6665] <... futex resumed>) = 0 [pid 6683] openat(AT_FDCWD, ".", O_RDONLY [pid 6665] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6683] <... openat resumed>) = 4 [pid 6683] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6665] <... futex resumed>) = 0 [pid 6683] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] <... futex resumed>) = 0 [pid 6665] <... futex resumed>) = 1 [pid 6683] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 127.647240][ T6666] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 127.686259][ T6666] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6665] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6665] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6665] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [ 127.718028][ T6666] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6665] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6683] <... ioctl resumed>) = 0 [pid 6683] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6683] <... futex resumed>) = 0 [pid 6665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} [pid 6683] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] <... clone3 resumed> => {parent_tid=[6684]}, 88) = 6684 [pid 6665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6665] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6684 attached [pid 6666] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6684] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6666] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] <... rseq resumed>) = 0 [pid 6666] <... futex resumed>) = 0 [pid 6684] set_robust_list(0x7f0aef8679a0, 24 [pid 6666] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] <... set_robust_list resumed>) = 0 [pid 6684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6684] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6684] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] <... futex resumed>) = 0 [pid 6684] <... futex resumed>) = 1 [pid 6665] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6666] <... futex resumed>) = 0 [pid 6665] <... futex resumed>) = 1 [pid 6666] memfd_create("syzkaller", 0 [pid 6665] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6666] <... memfd_create resumed>) = 5 [pid 6666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [ 127.786775][ T6666] BTRFS info (device loop0): balance: ended with status: 0 [pid 6666] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6666] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6666] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6666] ioctl(6, LOOP_CLR_FD) = 0 [pid 6666] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6666] close(6) = 0 [pid 6666] close(5) = 0 [pid 6666] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] <... futex resumed>) = 0 [pid 6666] <... futex resumed>) = 1 [pid 6666] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] exit_group(0 [pid 6684] <... futex resumed>) = ? [pid 6683] <... futex resumed>) = ? [pid 6666] <... futex resumed>) = ? [pid 6665] <... exit_group resumed>) = ? [pid 6684] +++ exited with 0 +++ [pid 6683] +++ exited with 0 +++ [pid 6666] +++ exited with 0 +++ [pid 6665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6665, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 127.939268][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6686 attached , child_tidptr=0x5555867a3690) = 6686 [pid 6686] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6686] chdir("./40") = 0 [pid 6686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6686] setpgid(0, 0) = 0 [pid 6686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6686] write(3, "1000", 4) = 4 [pid 6686] close(3) = 0 [pid 6686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6686] write(1, "executing program\n", 18executing program ) = 18 [pid 6686] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6686] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6686] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6686] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6687 attached [pid 6687] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6686] <... clone3 resumed> => {parent_tid=[6687]}, 88) = 6687 [pid 6687] set_robust_list(0x7f0aef8a99a0, 24 [pid 6686] rt_sigprocmask(SIG_SETMASK, [], [pid 6687] <... set_robust_list resumed>) = 0 [pid 6686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6687] rt_sigprocmask(SIG_SETMASK, [], [pid 6686] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6687] memfd_create("syzkaller", 0 [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6687] <... memfd_create resumed>) = 3 [pid 6687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6687] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6687] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6687] close(3) = 0 [pid 6687] close(4) = 0 [pid 6687] mkdir("./file0", 0777) = 0 [ 128.400940][ T6687] loop0: detected capacity change from 0 to 32768 [ 128.437505][ T6687] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6687) [ 128.476480][ T6687] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 128.487402][ T6687] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 128.497291][ T6687] BTRFS info (device loop0): using free-space-tree [pid 6687] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6687] ioctl(4, LOOP_CLR_FD) = 0 [pid 6687] close(4) = 0 [pid 6687] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6686] <... futex resumed>) = 0 [pid 6687] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6686] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 128.573025][ T6687] BTRFS info (device loop0): rebuilding free space tree [ 128.612734][ T6687] BTRFS info (device loop0): balance: start -d -m [pid 6686] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6686] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6686] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6705 attached [pid 6705] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6686] <... clone3 resumed> => {parent_tid=[6705]}, 88) = 6705 [pid 6686] rt_sigprocmask(SIG_SETMASK, [], [pid 6705] <... rseq resumed>) = 0 [pid 6686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6686] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] set_robust_list(0x7f0aef8889a0, 24 [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6705] <... set_robust_list resumed>) = 0 [pid 6705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6705] chdir("./file0") = 0 [pid 6705] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] <... futex resumed>) = 1 [pid 6686] <... futex resumed>) = 0 [pid 6705] openat(AT_FDCWD, ".", O_RDONLY [pid 6686] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6705] <... openat resumed>) = 4 [ 128.623437][ T6687] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 128.659096][ T6687] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6705] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] <... futex resumed>) = 0 [pid 6686] <... futex resumed>) = 1 [pid 6705] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6686] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6686] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6686] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6706 attached [pid 6706] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6686] <... clone3 resumed> => {parent_tid=[6706]}, 88) = 6706 [pid 6706] <... rseq resumed>) = 0 [pid 6686] rt_sigprocmask(SIG_SETMASK, [], [pid 6706] set_robust_list(0x7f0aef8679a0, 24 [pid 6686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6706] <... set_robust_list resumed>) = 0 [pid 6686] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] rt_sigprocmask(SIG_SETMASK, [], [pid 6686] <... futex resumed>) = 0 [pid 6706] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6706] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP [pid 6686] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6706] <... move_mount resumed>) = -1 EFAULT (Bad address) [pid 6706] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6686] <... futex resumed>) = 0 [pid 6706] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6686] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] memfd_create("syzkaller", 0 [pid 6686] <... futex resumed>) = 0 [pid 6706] <... memfd_create resumed>) = 5 [pid 6706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6686] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6706] <... mmap resumed>) = 0x7f0ae7400000 [ 128.755281][ T6687] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6706] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6706] munmap(0x7f0ae7400000, 138412032 [pid 6705] <... ioctl resumed>) = 0 [pid 6706] <... munmap resumed>) = 0 [pid 6705] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6706] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6705] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6706] <... openat resumed>) = 6 [pid 6706] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6706] ioctl(6, LOOP_CLR_FD) = 0 [pid 6706] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6706] close(6) = 0 [pid 6706] close(5) = 0 [pid 6706] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6686] <... futex resumed>) = 0 [ 128.835722][ T6687] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6706] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6687] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6687] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6687] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6686] exit_group(0 [pid 6706] <... futex resumed>) = ? [pid 6705] <... futex resumed>) = ? [pid 6687] <... futex resumed>) = ? [pid 6706] +++ exited with 0 +++ [pid 6705] +++ exited with 0 +++ [pid 6687] +++ exited with 0 +++ [pid 6686] <... exit_group resumed>) = ? [pid 6686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6686, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 128.896984][ T6687] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 128.988801][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6708 attached , child_tidptr=0x5555867a3690) = 6708 [pid 6708] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6708] chdir("./41") = 0 [pid 6708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6708] setpgid(0, 0) = 0 [pid 6708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6708] write(3, "1000", 4) = 4 [pid 6708] close(3) = 0 [pid 6708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6708] write(1, "executing program\n", 18executing program ) = 18 [pid 6708] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6708] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6709 attached [pid 6709] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6708] <... clone3 resumed> => {parent_tid=[6709]}, 88) = 6709 [pid 6709] set_robust_list(0x7f0aef8a99a0, 24 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], [pid 6709] <... set_robust_list resumed>) = 0 [pid 6708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6708] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] memfd_create("syzkaller", 0 [pid 6708] <... futex resumed>) = 0 [pid 6709] <... memfd_create resumed>) = 3 [pid 6709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6708] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6709] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6709] close(3) = 0 [pid 6709] close(4) = 0 [pid 6709] mkdir("./file0", 0777) = 0 [ 129.497549][ T6709] loop0: detected capacity change from 0 to 32768 [ 129.545203][ T6709] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6709) [ 129.563157][ T6709] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 129.574188][ T6709] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 129.585179][ T6709] BTRFS info (device loop0): using free-space-tree [pid 6709] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6709] ioctl(4, LOOP_CLR_FD) = 0 [pid 6709] close(4) = 0 [pid 6709] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6709] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6708] <... futex resumed>) = 0 [pid 6709] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 129.663406][ T6709] BTRFS info (device loop0): rebuilding free space tree [pid 6708] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6708] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6708] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6727 attached => {parent_tid=[6727]}, 88) = 6727 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6727] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6708] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6708] <... futex resumed>) = 0 [pid 6727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6708] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] chdir("./file0") = 0 [pid 6727] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6727] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = 0 [pid 6708] <... futex resumed>) = 1 [pid 6727] openat(AT_FDCWD, ".", O_RDONLY [pid 6708] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... openat resumed>) = 4 [pid 6727] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 129.722035][ T6709] BTRFS info (device loop0): balance: start -d -m [ 129.730102][ T6709] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 129.761476][ T6709] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6727] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6708] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6708] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6708] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6728 attached => {parent_tid=[6728]}, 88) = 6728 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6708] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6728] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6728] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6728] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6728] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6708] <... futex resumed>) = 0 [pid 6728] memfd_create("syzkaller", 0 [pid 6708] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6728] <... memfd_create resumed>) = 5 [pid 6728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6728] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6728] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6728] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6727] <... ioctl resumed>) = 0 [pid 6728] ioctl(6, LOOP_CLR_FD) = 0 [pid 6727] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6727] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6728] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6728] close(6) = 0 [pid 6728] close(5) = 0 [pid 6728] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [ 129.913192][ T6709] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6728] <... futex resumed>) = 1 [pid 6728] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6709] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6709] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] exit_group(0 [pid 6728] <... futex resumed>) = ? [pid 6727] <... futex resumed>) = ? [pid 6708] <... exit_group resumed>) = ? [pid 6728] +++ exited with 0 +++ [pid 6727] +++ exited with 0 +++ [pid 6709] +++ exited with 0 +++ [pid 6708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6708, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 129.953938][ T6709] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 129.987025][ T6709] BTRFS info (device loop0): balance: ended with status: 0 unlink("./41/binderfs") = 0 [ 130.048084][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6730 attached , child_tidptr=0x5555867a3690) = 6730 [pid 6730] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6730] chdir("./42") = 0 [pid 6730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6730] setpgid(0, 0) = 0 [pid 6730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6730] write(3, "1000", 4) = 4 [pid 6730] close(3) = 0 [pid 6730] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6730] write(1, "executing program\n", 18) = 18 [pid 6730] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6730] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6730] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6730] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6731 attached [pid 6731] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6730] <... clone3 resumed> => {parent_tid=[6731]}, 88) = 6731 [pid 6731] set_robust_list(0x7f0aef8a99a0, 24 [pid 6730] rt_sigprocmask(SIG_SETMASK, [], [pid 6731] <... set_robust_list resumed>) = 0 [pid 6730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6731] rt_sigprocmask(SIG_SETMASK, [], [pid 6730] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6730] <... futex resumed>) = 0 [pid 6731] memfd_create("syzkaller", 0 [pid 6730] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6731] <... memfd_create resumed>) = 3 [pid 6731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6731] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6731] close(3) = 0 [pid 6731] close(4) = 0 [pid 6731] mkdir("./file0", 0777) = 0 [ 130.602340][ T6731] loop0: detected capacity change from 0 to 32768 [ 130.633005][ T6731] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6731) [ 130.652376][ T6731] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 130.663347][ T6731] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 130.673796][ T6731] BTRFS info (device loop0): using free-space-tree [pid 6731] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6731] ioctl(4, LOOP_CLR_FD) = 0 [pid 6731] close(4) = 0 [pid 6731] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6730] <... futex resumed>) = 0 [pid 6731] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6730] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.740527][ T6731] BTRFS info (device loop0): rebuilding free space tree [ 130.782526][ T6731] BTRFS info (device loop0): balance: start -d -m [ 130.790972][ T6731] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6730] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6730] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6730] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6730] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0} => {parent_tid=[6749]}, 88) = 6749 [pid 6730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6730] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6749 attached [pid 6749] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6749] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6749] chdir("./file0") = 0 [pid 6749] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] <... futex resumed>) = 0 [pid 6749] <... futex resumed>) = 1 [pid 6730] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6749] openat(AT_FDCWD, ".", O_RDONLY [pid 6730] <... futex resumed>) = 0 [pid 6749] <... openat resumed>) = 4 [pid 6730] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6749] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6749] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6730] <... futex resumed>) = 0 [pid 6749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6730] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 130.823158][ T6731] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6730] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6730] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6730] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6730] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6730] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0}./strace-static-x86_64: Process 6750 attached => {parent_tid=[6750]}, 88) = 6750 [pid 6750] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6730] rt_sigprocmask(SIG_SETMASK, [], [pid 6750] <... rseq resumed>) = 0 [pid 6730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6750] set_robust_list(0x7f0aef8679a0, 24 [pid 6730] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... set_robust_list resumed>) = 0 [pid 6730] <... futex resumed>) = 0 [pid 6750] rt_sigprocmask(SIG_SETMASK, [], [pid 6730] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6750] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6750] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6730] <... futex resumed>) = 0 [pid 6750] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6730] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... futex resumed>) = 0 [pid 6730] <... futex resumed>) = 1 [pid 6750] memfd_create("syzkaller", 0 [pid 6730] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6750] <... memfd_create resumed>) = 5 [pid 6750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [ 130.905292][ T6731] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6750] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6750] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6749] <... ioctl resumed>) = 0 [pid 6750] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6749] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] ioctl(6, LOOP_CLR_FD) = 0 [pid 6749] <... futex resumed>) = 0 [pid 6749] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6750] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6750] close(6) = 0 [pid 6750] close(5) = 0 [pid 6750] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6730] <... futex resumed>) = 0 [ 131.010791][ T6731] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6750] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6731] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6731] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] exit_group(0 [pid 6731] <... futex resumed>) = ? [pid 6750] <... futex resumed>) = ? [pid 6730] <... exit_group resumed>) = ? [pid 6750] +++ exited with 0 +++ [pid 6731] +++ exited with 0 +++ [pid 6749] <... futex resumed>) = ? [pid 6749] +++ exited with 0 +++ [pid 6730] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6730, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 131.051095][ T6731] BTRFS info (device loop0): balance: ended with status: 0 [ 131.120193][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6752 attached , child_tidptr=0x5555867a3690) = 6752 [pid 6752] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6752] chdir("./43") = 0 [pid 6752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6752] setpgid(0, 0) = 0 [pid 6752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6752] write(3, "1000", 4) = 4 [pid 6752] close(3) = 0 [pid 6752] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6752] write(1, "executing program\n", 18) = 18 [pid 6752] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6752] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6753 attached [pid 6753] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6752] <... clone3 resumed> => {parent_tid=[6753]}, 88) = 6753 [pid 6753] set_robust_list(0x7f0aef8a99a0, 24 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], [pid 6753] <... set_robust_list resumed>) = 0 [pid 6752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6753] rt_sigprocmask(SIG_SETMASK, [], [pid 6752] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6752] <... futex resumed>) = 0 [pid 6753] memfd_create("syzkaller", 0 [pid 6752] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6753] <... memfd_create resumed>) = 3 [pid 6753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6753] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6753] close(3) = 0 [pid 6753] close(4) = 0 [pid 6753] mkdir("./file0", 0777) = 0 [ 131.567080][ T6753] loop0: detected capacity change from 0 to 32768 [ 131.599448][ T6753] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6753) [ 131.618754][ T6753] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 131.629413][ T6753] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 131.639033][ T6753] BTRFS info (device loop0): using free-space-tree [pid 6753] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6753] ioctl(4, LOOP_CLR_FD) = 0 [pid 6753] close(4) = 0 [pid 6753] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6752] <... futex resumed>) = 0 [ 131.706056][ T6753] BTRFS info (device loop0): rebuilding free space tree [pid 6752] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6752] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6752] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [ 131.747291][ T6753] BTRFS info (device loop0): balance: start -d -m [ 131.756799][ T6753] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 131.782022][ T6753] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6770 attached => {parent_tid=[6770]}, 88) = 6770 [pid 6770] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], [pid 6770] <... rseq resumed>) = 0 [pid 6752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6770] set_robust_list(0x7f0aef8889a0, 24 [pid 6752] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... set_robust_list resumed>) = 0 [pid 6770] rt_sigprocmask(SIG_SETMASK, [], [pid 6752] <... futex resumed>) = 0 [pid 6770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6770] chdir("./file0" [pid 6752] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6770] <... chdir resumed>) = 0 [pid 6770] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6770] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6770] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6770] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6770] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6752] <... futex resumed>) = 0 [pid 6770] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [ 131.820959][ T6753] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 131.853314][ T6753] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6752] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6770] <... ioctl resumed>) = 0 [pid 6752] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] <... futex resumed>) = 0 [pid 6770] <... futex resumed>) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6770] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] <... mmap resumed>) = 0x7f0aef847000 [pid 6752] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6753] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6753] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6771]}, 88) = 6771 ./strace-static-x86_64: Process 6771 attached [pid 6771] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6752] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6771] <... rseq resumed>) = 0 [pid 6752] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6771] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6771] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6771] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6771] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] <... futex resumed>) = 0 [pid 6752] <... futex resumed>) = 1 [pid 6753] memfd_create("syzkaller", 0) = 5 [pid 6752] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 131.922974][ T6753] BTRFS info (device loop0): balance: ended with status: 0 [pid 6753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6753] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6753] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6753] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6753] ioctl(6, LOOP_CLR_FD) = 0 [pid 6753] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6753] close(6) = 0 [pid 6753] close(5) = 0 [pid 6753] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6752] exit_group(0 [pid 6753] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6770] <... futex resumed>) = ? [pid 6753] <... futex resumed>) = ? [pid 6752] <... exit_group resumed>) = ? [pid 6771] <... futex resumed>) = ? [pid 6770] +++ exited with 0 +++ [pid 6753] +++ exited with 0 +++ [pid 6771] +++ exited with 0 +++ [pid 6752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6752, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 132.130782][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6773 attached , child_tidptr=0x5555867a3690) = 6773 [pid 6773] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6773] chdir("./44") = 0 [pid 6773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6773] setpgid(0, 0) = 0 [pid 6773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6773] write(3, "1000", 4) = 4 [pid 6773] close(3) = 0 [pid 6773] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6773] write(1, "executing program\n", 18) = 18 [pid 6773] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6773] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6773] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6774 attached => {parent_tid=[6774]}, 88) = 6774 [pid 6774] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6774] <... rseq resumed>) = 0 [pid 6773] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] set_robust_list(0x7f0aef8a99a0, 24 [pid 6773] <... futex resumed>) = 0 [pid 6774] <... set_robust_list resumed>) = 0 [pid 6773] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6774] memfd_create("syzkaller", 0) = 3 [pid 6774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6774] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6774] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6774] close(3) = 0 [pid 6774] close(4) = 0 [pid 6774] mkdir("./file0", 0777) = 0 [ 132.607846][ T6774] loop0: detected capacity change from 0 to 32768 [ 132.640970][ T6774] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6774) [ 132.660705][ T6774] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 132.671409][ T6774] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 132.680958][ T6774] BTRFS info (device loop0): using free-space-tree [pid 6774] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6774] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6774] ioctl(4, LOOP_CLR_FD) = 0 [pid 6774] close(4) = 0 [ 132.764366][ T6774] BTRFS info (device loop0): rebuilding free space tree [pid 6774] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6774] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6773] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 132.836213][ T6774] BTRFS info (device loop0): balance: start -d -m [ 132.846508][ T6774] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6774] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6773] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6773] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6773] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6792 attached => {parent_tid=[6792]}, 88) = 6792 [pid 6792] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6773] rt_sigprocmask(SIG_SETMASK, [], [pid 6792] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6792] rt_sigprocmask(SIG_SETMASK, [], [pid 6773] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6792] chdir("./file0" [pid 6773] <... futex resumed>) = 0 [pid 6792] <... chdir resumed>) = 0 [pid 6773] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6792] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6792] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6773] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] <... futex resumed>) = 0 [pid 6773] <... futex resumed>) = 1 [pid 6792] openat(AT_FDCWD, ".", O_RDONLY [pid 6773] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6792] <... openat resumed>) = 4 [pid 6792] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6792] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6773] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6773] <... futex resumed>) = 0 [ 132.878587][ T6774] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6773] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6773] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6773] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6773] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6793]}, 88) = 6793 ./strace-static-x86_64: Process 6793 attached [pid 6793] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6773] rt_sigprocmask(SIG_SETMASK, [], [pid 6793] <... rseq resumed>) = 0 [pid 6793] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6793] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6773] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] <... futex resumed>) = 0 [pid 6773] <... futex resumed>) = 1 [pid 6793] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6793] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6793] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6773] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6773] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] <... futex resumed>) = 0 [pid 6773] <... futex resumed>) = 1 [pid 6793] memfd_create("syzkaller", 0) = 5 [pid 6773] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6793] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 6792] <... ioctl resumed>) = 0 [pid 6793] <... write resumed>) = 524288 [pid 6792] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] munmap(0x7f0ae7400000, 138412032 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6793] <... munmap resumed>) = 0 [pid 6793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 133.018561][ T6774] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 133.048196][ T6774] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6793] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6793] ioctl(6, LOOP_CLR_FD) = 0 [pid 6774] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6774] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6793] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6793] close(6) = 0 [pid 6793] close(5) = 0 [pid 6793] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6773] <... futex resumed>) = 0 [pid 6773] exit_group(0 [pid 6792] <... futex resumed>) = ? [pid 6774] <... futex resumed>) = ? [pid 6773] <... exit_group resumed>) = ? [pid 6792] +++ exited with 0 +++ [pid 6793] <... futex resumed>) = ? [ 133.074119][ T6774] BTRFS info (device loop0): balance: ended with status: 0 [pid 6774] +++ exited with 0 +++ [pid 6793] +++ exited with 0 +++ [pid 6773] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6773, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 133.166158][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6795 attached , child_tidptr=0x5555867a3690) = 6795 [pid 6795] set_robust_list(0x5555867a36a0, 24) = 0 [pid 6795] chdir("./45") = 0 [pid 6795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6795] setpgid(0, 0) = 0 [pid 6795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6795] write(3, "1000", 4) = 4 [pid 6795] close(3) = 0 [pid 6795] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6795] write(1, "executing program\n", 18) = 18 [pid 6795] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6795] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6795] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6796 attached [pid 6796] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6796] set_robust_list(0x7f0aef8a99a0, 24 [pid 6795] <... clone3 resumed> => {parent_tid=[6796]}, 88) = 6796 [pid 6796] <... set_robust_list resumed>) = 0 [pid 6795] rt_sigprocmask(SIG_SETMASK, [], [pid 6796] rt_sigprocmask(SIG_SETMASK, [], [pid 6795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6795] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6796] memfd_create("syzkaller", 0) = 3 [pid 6796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6796] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6796] close(3) = 0 [pid 6796] close(4) = 0 [pid 6796] mkdir("./file0", 0777) = 0 [ 133.583230][ T6796] loop0: detected capacity change from 0 to 32768 [ 133.624064][ T6796] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6796) [ 133.644560][ T6796] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 133.657263][ T6796] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 133.667569][ T6796] BTRFS info (device loop0): using free-space-tree [pid 6796] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6796] ioctl(4, LOOP_CLR_FD) = 0 [pid 6796] close(4) = 0 [pid 6796] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6796] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = 0 [pid 6796] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6795] <... futex resumed>) = 1 [ 133.732701][ T6796] BTRFS info (device loop0): rebuilding free space tree [ 133.758704][ T6796] BTRFS info (device loop0): balance: start -d -m [ 133.766871][ T6796] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6795] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6795] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6795] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6813 attached [pid 6813] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6813] set_robust_list(0x7f0aef8889a0, 24 [pid 6795] <... clone3 resumed> => {parent_tid=[6813]}, 88) = 6813 [pid 6813] <... set_robust_list resumed>) = 0 [pid 6795] rt_sigprocmask(SIG_SETMASK, [], [pid 6813] rt_sigprocmask(SIG_SETMASK, [], [pid 6795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6813] chdir("./file0" [pid 6795] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] <... chdir resumed>) = 0 [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6813] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6813] <... futex resumed>) = 0 [pid 6795] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6813] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6813] <... futex resumed>) = 0 [pid 6795] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6795] <... futex resumed>) = 0 [ 133.791185][ T6796] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6795] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6795] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6795] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [ 133.835522][ T6796] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6813] <... ioctl resumed>) = 0 [pid 6795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} [pid 6813] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6814 attached ) = 0 [pid 6814] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053 [pid 6813] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] <... clone3 resumed> => {parent_tid=[6814]}, 88) = 6814 [pid 6814] <... rseq resumed>) = 0 [pid 6795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6795] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6814] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP [pid 6796] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6814] <... move_mount resumed>) = -1 EFAULT (Bad address) [pid 6814] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = 0 [pid 6814] <... futex resumed>) = 1 [pid 6795] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] <... futex resumed>) = 0 [pid 6795] <... futex resumed>) = 1 [pid 6813] memfd_create("syzkaller", 0) = 5 [pid 6795] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6796] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6796] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6813] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 133.901506][ T6796] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 133.927667][ T6796] BTRFS info (device loop0): balance: ended with status: 0 [pid 6813] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6813] ioctl(6, LOOP_CLR_FD) = 0 [pid 6813] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6813] close(6) = 0 [pid 6813] close(5) = 0 [pid 6813] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6813] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] exit_group(0 [pid 6814] <... futex resumed>) = ? [pid 6813] <... futex resumed>) = ? [pid 6795] <... exit_group resumed>) = ? [pid 6814] +++ exited with 0 +++ [pid 6813] +++ exited with 0 +++ [pid 6796] <... futex resumed>) = ? [pid 6796] +++ exited with 0 +++ [pid 6795] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6795, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 134.169213][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6816 attached [pid 6816] set_robust_list(0x5555867a36a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 6816 [pid 6816] chdir("./46") = 0 [pid 6816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6816] setpgid(0, 0) = 0 [pid 6816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6816] write(3, "1000", 4) = 4 [pid 6816] close(3) = 0 [pid 6816] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6816] write(1, "executing program\n", 18) = 18 [pid 6816] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6816] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6816] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6817 attached [pid 6817] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053) = 0 [pid 6816] <... clone3 resumed> => {parent_tid=[6817]}, 88) = 6817 [pid 6817] set_robust_list(0x7f0aef8a99a0, 24) = 0 [pid 6816] rt_sigprocmask(SIG_SETMASK, [], [pid 6817] rt_sigprocmask(SIG_SETMASK, [], [pid 6816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] memfd_create("syzkaller", 0 [pid 6816] <... futex resumed>) = 0 [pid 6817] <... memfd_create resumed>) = 3 [pid 6816] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6817] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6817] close(3) = 0 [pid 6817] close(4) = 0 [pid 6817] mkdir("./file0", 0777) = 0 [ 134.755638][ T6817] loop0: detected capacity change from 0 to 32768 [ 134.788529][ T6817] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6817) [ 134.807689][ T6817] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 134.818176][ T6817] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 134.828926][ T6817] BTRFS info (device loop0): using free-space-tree [pid 6817] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6817] ioctl(4, LOOP_CLR_FD) = 0 [pid 6817] close(4) = 0 [pid 6817] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6817] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 134.905730][ T6817] BTRFS info (device loop0): rebuilding free space tree [pid 6817] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6816] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6816] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6816] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6816] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6816] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6835 attached [ 134.958525][ T6817] BTRFS info (device loop0): balance: start -d -m [ 134.967833][ T6817] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata => {parent_tid=[6835]}, 88) = 6835 [pid 6835] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053) = 0 [pid 6835] set_robust_list(0x7f0aef8889a0, 24) = 0 [pid 6835] rt_sigprocmask(SIG_SETMASK, [], [pid 6816] rt_sigprocmask(SIG_SETMASK, [], [pid 6835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6835] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... futex resumed>) = 0 [pid 6816] <... futex resumed>) = 1 [pid 6835] chdir("./file0" [pid 6816] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... chdir resumed>) = 0 [pid 6835] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] openat(AT_FDCWD, ".", O_RDONLY [pid 6816] <... futex resumed>) = 0 [pid 6835] <... openat resumed>) = 4 [pid 6816] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] <... futex resumed>) = 0 [pid 6816] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... futex resumed>) = 1 [ 135.003547][ T6817] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6835] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6816] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6816] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6816] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6816] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6816] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6836]}, 88) = 6836 [pid 6816] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6816] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6836 attached [pid 6836] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6836] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6836] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6836] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6836] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... futex resumed>) = 0 [pid 6816] <... futex resumed>) = 1 [pid 6836] memfd_create("syzkaller", 0 [pid 6816] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6836] <... memfd_create resumed>) = 5 [pid 6836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6836] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6836] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6836] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6836] ioctl(6, LOOP_CLR_FD) = 0 [pid 6836] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6836] close(6) = 0 [pid 6836] close(5) = 0 [pid 6836] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6836] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6835] <... ioctl resumed>) = 0 [pid 6816] <... futex resumed>) = 0 [pid 6835] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 135.149439][ T6817] BTRFS info (device loop0): found 10 extents, stage: move data extents [ 135.177455][ T6817] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6835] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6817] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6817] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6817] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] exit_group(0 [pid 6836] <... futex resumed>) = ? [pid 6835] <... futex resumed>) = ? [pid 6836] +++ exited with 0 +++ [pid 6835] +++ exited with 0 +++ [pid 6817] <... futex resumed>) = ? [pid 6816] <... exit_group resumed>) = ? [pid 6817] +++ exited with 0 +++ [pid 6816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6816, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 135.202190][ T6817] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867a4730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 135.375886][ T5824] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555867ac770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555867ac770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555867a4730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6837 attached [pid 6837] set_robust_list(0x5555867a36a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555867a3690) = 6837 [pid 6837] <... set_robust_list resumed>) = 0 [pid 6837] chdir("./47") = 0 [pid 6837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6837] setpgid(0, 0) = 0 [pid 6837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6837] write(3, "1000", 4) = 4 [pid 6837] close(3) = 0 [pid 6837] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6837] write(1, "executing program\n", 18) = 18 [pid 6837] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6837] rt_sigaction(SIGRT_1, {sa_handler=0x7f0aef919430, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0aef90a5e0}, NULL, 8) = 0 [pid 6837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef889000 [pid 6837] mprotect(0x7f0aef88a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef8a9990, parent_tid=0x7f0aef8a9990, exit_signal=0, stack=0x7f0aef889000, stack_size=0x20300, tls=0x7f0aef8a96c0}./strace-static-x86_64: Process 6838 attached [pid 6838] rseq(0x7f0aef8a9fe0, 0x20, 0, 0x53053053 [pid 6837] <... clone3 resumed> => {parent_tid=[6838]}, 88) = 6838 [pid 6838] <... rseq resumed>) = 0 [pid 6838] set_robust_list(0x7f0aef8a99a0, 24) = 0 [pid 6838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6838] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6837] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6838] <... futex resumed>) = 0 [pid 6837] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6838] memfd_create("syzkaller", 0) = 3 [pid 6838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [pid 6838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6838] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6838] close(3) = 0 [pid 6838] close(4) = 0 [pid 6838] mkdir("./file0", 0777) = 0 [ 135.911423][ T6838] loop0: detected capacity change from 0 to 32768 [ 135.938133][ T6838] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor397 (6838) [ 135.956556][ T6838] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 135.969533][ T6838] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 135.979996][ T6838] BTRFS info (device loop0): using free-space-tree [pid 6838] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_NOATIME|MS_REC|MS_RELATIME|MS_STRICTATIME, "compress-force,clear_cache,nodatasum,ref_verify,degraded,skip_balance,") = 0 [pid 6838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6838] ioctl(4, LOOP_CLR_FD) = 0 [pid 6838] close(4) = 0 [pid 6838] futex(0x7f0aef9806cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] futex(0x7f0aef9806c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] futex(0x7f0aef9806c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6837] <... futex resumed>) = 0 [pid 6838] ioctl(3, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 136.062439][ T6838] BTRFS info (device loop0): rebuilding free space tree [pid 6837] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6837] futex(0x7f0aef9806cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6837] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef868000 [pid 6837] mprotect(0x7f0aef869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef888990, parent_tid=0x7f0aef888990, exit_signal=0, stack=0x7f0aef868000, stack_size=0x20300, tls=0x7f0aef8886c0}./strace-static-x86_64: Process 6856 attached => {parent_tid=[6856]}, 88) = 6856 [pid 6856] rseq(0x7f0aef888fe0, 0x20, 0, 0x53053053 [pid 6837] rt_sigprocmask(SIG_SETMASK, [], [pid 6856] <... rseq resumed>) = 0 [pid 6837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6856] set_robust_list(0x7f0aef8889a0, 24 [pid 6837] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] <... set_robust_list resumed>) = 0 [pid 6837] <... futex resumed>) = 0 [pid 6856] rt_sigprocmask(SIG_SETMASK, [], [pid 6837] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6856] chdir("./file0") = 0 [pid 6856] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6856] futex(0x7f0aef9806d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] <... futex resumed>) = 0 [pid 6837] <... futex resumed>) = 1 [pid 6856] openat(AT_FDCWD, ".", O_RDONLY [pid 6837] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] <... openat resumed>) = 4 [pid 6856] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6837] <... futex resumed>) = 0 [pid 6856] <... futex resumed>) = 1 [pid 6837] futex(0x7f0aef9806d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] ioctl(4, FITRIM, {start=0x1, len=3328647434077854440, minlen=0} [pid 6837] <... futex resumed>) = 0 [ 136.118893][ T6838] BTRFS info (device loop0): balance: start -d -m [ 136.129801][ T6838] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6837] futex(0x7f0aef9806dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6837] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0aef847000 [pid 6837] mprotect(0x7f0aef848000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0aef867990, parent_tid=0x7f0aef867990, exit_signal=0, stack=0x7f0aef847000, stack_size=0x20300, tls=0x7f0aef8676c0} => {parent_tid=[6857]}, 88) = 6857 [pid 6837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6837] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6837] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6857 attached [pid 6857] rseq(0x7f0aef867fe0, 0x20, 0, 0x53053053) = 0 [pid 6857] set_robust_list(0x7f0aef8679a0, 24) = 0 [pid 6857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6857] move_mount(3, NULL, 4, NULL, MOVE_MOUNT_F_SYMLINKS|MOVE_MOUNT_F_AUTOMOUNTS|MOVE_MOUNT_F_EMPTY_PATH|MOVE_MOUNT_T_AUTOMOUNTS|MOVE_MOUNT_T_EMPTY_PATH|MOVE_MOUNT_SET_GROUP) = -1 EFAULT (Bad address) [pid 6857] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6857] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] futex(0x7f0aef9806e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6837] <... futex resumed>) = 0 [pid 6857] memfd_create("syzkaller", 0 [pid 6837] futex(0x7f0aef9806ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6857] <... memfd_create resumed>) = 5 [pid 6857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0ae7400000 [ 136.197043][ T6838] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 136.218100][ T36] BTRFS warning (device loop0): Skipping commit of aborted transaction. [ 136.234918][ T36] ------------[ cut here ]------------ [ 136.240444][ T36] BTRFS: Transaction aborted (error -28) [pid 6857] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 6857] munmap(0x7f0ae7400000, 138412032) = 0 [pid 6857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6857] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6857] ioctl(6, LOOP_CLR_FD) = 0 [ 136.262981][ T36] WARNING: CPU: 0 PID: 36 at fs/btrfs/transaction.c:2016 btrfs_commit_transaction+0x2eaa/0x3760 [ 136.273626][ T36] Modules linked in: [ 136.277717][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.14.0-rc6-syzkaller-00263-gd1275e99d1c4 #0 [ 136.288602][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 136.298766][ T36] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 136.306474][ T36] RIP: 0010:btrfs_commit_transaction+0x2eaa/0x3760 [pid 6857] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6857] close(6) = 0 [pid 6857] close(5) = 0 [pid 6857] futex(0x7f0aef9806ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6857] futex(0x7f0aef9806e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6856] <... ioctl resumed>) = 0 [pid 6856] futex(0x7f0aef9806dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.313026][ T36] Code: 60 98 6c 8c 8b 5c 24 10 89 da e8 c1 cb 40 fd eb 1d e8 8a f5 da fd 90 48 c7 c7 00 98 6c 8c 8b 5c 24 10 89 de e8 d7 b0 9a fd 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df 48 8b 7c 24 20 4c 89 e0 [ 136.332784][ T36] RSP: 0018:ffffc90000ac7600 EFLAGS: 00010246 [ 136.339008][ T36] RAX: c152bf96ec04c900 RBX: 00000000ffffffe4 RCX: ffff888144291e00 [ 136.347134][ T36] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 136.355222][ T36] RBP: ffffc90000ac7930 R08: ffffffff81819d62 R09: 1ffff92000158e5c [ 136.363248][ T36] R10: dffffc0000000000 R11: fffff52000158e5d R12: ffff888034af8000 [ 136.371395][ T36] R13: ffff888144293078 R14: 0000000000000000 R15: dffffc0000000000 [ 136.379483][ T36] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 136.388639][ T36] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 136.395358][ T36] CR2: 00005610fd4be208 CR3: 00000000237a0000 CR4: 00000000003526f0 [ 136.403380][ T36] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 136.411489][ T36] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 136.419554][ T36] Call Trace: [ 136.422881][ T36] [ 136.425969][ T36] ? __warn+0x165/0x4d0 [ 136.430176][ T36] ? btrfs_commit_transaction+0x2eaa/0x3760 [ 136.436227][ T36] ? report_bug+0x2b3/0x500 [ 136.440793][ T36] ? btrfs_commit_transaction+0x2eaa/0x3760 [ 136.446825][ T36] ? handle_bug+0x60/0x90 [ 136.451213][ T36] ? exc_invalid_op+0x1a/0x50 [ 136.455998][ T36] ? asm_exc_invalid_op+0x1a/0x20 [ 136.461084][ T36] ? __warn_printk+0x292/0x360 [ 136.466006][ T36] ? btrfs_commit_transaction+0x2eaa/0x3760 [ 136.471956][ T36] ? btrfs_commit_transaction+0x177/0x3760 [ 136.477899][ T36] ? __asan_memset+0x23/0x50 [ 136.482546][ T36] ? __pfx_btrfs_commit_transaction+0x10/0x10 [ 136.488771][ T36] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 136.495134][ T36] ? join_transaction+0x426/0xe60 [ 136.500237][ T36] ? btrfs_record_root_in_trans+0x92/0x190 [ 136.506209][ T36] ? start_transaction+0x45f/0x16b0 [ 136.511484][ T36] flush_space+0x529/0xd30 [ 136.516036][ T36] ? __pfx_lock_acquire+0x10/0x10 [ 136.521156][ T36] ? btrfs_async_reclaim_metadata_space+0x300/0x3b0 [ 136.527898][ T36] ? __pfx_lock_release+0x10/0x10 [ 136.532987][ T36] ? do_raw_spin_lock+0x14f/0x370 [ 136.538139][ T36] ? __pfx_flush_space+0x10/0x10 [ 136.543142][ T36] ? do_raw_spin_unlock+0x13c/0x8b0 [ 136.548539][ T36] ? btrfs_calc_reclaim_metadata_size+0xbc/0x220 [ 136.554971][ T36] btrfs_async_reclaim_metadata_space+0x178/0x3b0 [ 136.561493][ T36] ? process_scheduled_works+0x9c6/0x18e0 [ 136.567367][ T36] process_scheduled_works+0xabe/0x18e0 [ 136.572994][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 136.579105][ T36] ? assign_work+0x364/0x3d0 [ 136.583749][ T36] worker_thread+0x870/0xd30 [ 136.588499][ T36] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 136.594433][ T36] ? __kthread_parkme+0x169/0x1d0 [ 136.599558][ T36] ? __pfx_worker_thread+0x10/0x10 [ 136.604700][ T36] kthread+0x7a9/0x920 [ 136.608862][ T36] ? __pfx_kthread+0x10/0x10 [ 136.613490][ T36] ? __pfx_worker_thread+0x10/0x10 [ 136.618701][ T36] ? __pfx_kthread+0x10/0x10 [ 136.623344][ T36] ? __pfx_kthread+0x10/0x10 [ 136.628047][ T36] ? __pfx_kthread+0x10/0x10 [ 136.632688][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 136.637963][ T36] ? lockdep_hardirqs_on+0x99/0x150 [ 136.643198][ T36] ? __pfx_kthread+0x10/0x10 [ 136.647898][ T36] ret_from_fork+0x4b/0x80 [ 136.652350][ T36] ? __pfx_kthread+0x10/0x10 [ 136.657021][ T36] ret_from_fork_asm+0x1a/0x30 [ 136.661826][ T36] [ 136.664946][ T36] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 136.672246][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.14.0-rc6-syzkaller-00263-gd1275e99d1c4 #0 [ 136.682927][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 136.692991][ T36] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 136.700560][ T36] Call Trace: [ 136.703867][ T36] [ 136.706827][ T36] dump_stack_lvl+0x241/0x360 [ 136.711544][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.716753][ T36] ? __pfx__printk+0x10/0x10 [ 136.721363][ T36] ? _printk+0xd5/0x120 [ 136.725550][ T36] ? __init_begin+0x41000/0x41000 [ 136.730618][ T36] ? vscnprintf+0x5d/0x90 [ 136.734974][ T36] panic+0x349/0x880 [ 136.738894][ T36] ? __warn+0x174/0x4d0 [ 136.743098][ T36] ? __pfx_panic+0x10/0x10 [ 136.747539][ T36] ? ret_from_fork_asm+0x1a/0x30 [ 136.752488][ T36] __warn+0x344/0x4d0 [ 136.756489][ T36] ? btrfs_commit_transaction+0x2eaa/0x3760 [ 136.762432][ T36] report_bug+0x2b3/0x500 [ 136.766773][ T36] ? btrfs_commit_transaction+0x2eaa/0x3760 [ 136.772685][ T36] handle_bug+0x60/0x90 [ 136.776846][ T36] exc_invalid_op+0x1a/0x50 [ 136.781355][ T36] asm_exc_invalid_op+0x1a/0x20 [ 136.786219][ T36] RIP: 0010:btrfs_commit_transaction+0x2eaa/0x3760 [ 136.792736][ T36] Code: 60 98 6c 8c 8b 5c 24 10 89 da e8 c1 cb 40 fd eb 1d e8 8a f5 da fd 90 48 c7 c7 00 98 6c 8c 8b 5c 24 10 89 de e8 d7 b0 9a fd 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df 48 8b 7c 24 20 4c 89 e0 [ 136.812343][ T36] RSP: 0018:ffffc90000ac7600 EFLAGS: 00010246 [ 136.818418][ T36] RAX: c152bf96ec04c900 RBX: 00000000ffffffe4 RCX: ffff888144291e00 [ 136.826397][ T36] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 136.834375][ T36] RBP: ffffc90000ac7930 R08: ffffffff81819d62 R09: 1ffff92000158e5c [ 136.842358][ T36] R10: dffffc0000000000 R11: fffff52000158e5d R12: ffff888034af8000 [ 136.850345][ T36] R13: ffff888144293078 R14: 0000000000000000 R15: dffffc0000000000 [ 136.858349][ T36] ? __warn_printk+0x292/0x360 [ 136.863140][ T36] ? btrfs_commit_transaction+0x177/0x3760 [ 136.868974][ T36] ? __asan_memset+0x23/0x50 [ 136.873583][ T36] ? __pfx_btrfs_commit_transaction+0x10/0x10 [ 136.879663][ T36] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 136.885930][ T36] ? join_transaction+0x426/0xe60 [ 136.890971][ T36] ? btrfs_record_root_in_trans+0x92/0x190 [ 136.896788][ T36] ? start_transaction+0x45f/0x16b0 [ 136.902010][ T36] flush_space+0x529/0xd30 [ 136.906450][ T36] ? __pfx_lock_acquire+0x10/0x10 [ 136.911487][ T36] ? btrfs_async_reclaim_metadata_space+0x300/0x3b0 [ 136.918086][ T36] ? __pfx_lock_release+0x10/0x10 [ 136.923127][ T36] ? do_raw_spin_lock+0x14f/0x370 [ 136.928157][ T36] ? __pfx_flush_space+0x10/0x10 [ 136.933140][ T36] ? do_raw_spin_unlock+0x13c/0x8b0 [ 136.938350][ T36] ? btrfs_calc_reclaim_metadata_size+0xbc/0x220 [ 136.944693][ T36] btrfs_async_reclaim_metadata_space+0x178/0x3b0 [ 136.951130][ T36] ? process_scheduled_works+0x9c6/0x18e0 [ 136.956859][ T36] process_scheduled_works+0xabe/0x18e0 [ 136.962438][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 136.968437][ T36] ? assign_work+0x364/0x3d0 [ 136.973040][ T36] worker_thread+0x870/0xd30 [ 136.977649][ T36] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 136.983557][ T36] ? __kthread_parkme+0x169/0x1d0 [ 136.988593][ T36] ? __pfx_worker_thread+0x10/0x10 [ 136.993802][ T36] kthread+0x7a9/0x920 [ 136.997885][ T36] ? __pfx_kthread+0x10/0x10 [ 137.002498][ T36] ? __pfx_worker_thread+0x10/0x10 [ 137.007629][ T36] ? __pfx_kthread+0x10/0x10 [ 137.012227][ T36] ? __pfx_kthread+0x10/0x10 [ 137.016830][ T36] ? __pfx_kthread+0x10/0x10 [ 137.021446][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 137.026658][ T36] ? lockdep_hardirqs_on+0x99/0x150 [ 137.031872][ T36] ? __pfx_kthread+0x10/0x10 [ 137.036739][ T36] ret_from_fork+0x4b/0x80 [ 137.041168][ T36] ? __pfx_kthread+0x10/0x10 [ 137.045776][ T36] ret_from_fork_asm+0x1a/0x30 [ 137.050560][ T36] [ 137.053936][ T36] Kernel Offset: disabled [ 137.058311][ T36] Rebooting in 86400 seconds..