./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3262899240 <...> Warning: Permanently added '10.128.1.6' (ED25519) to the list of known hosts. execve("./syz-executor3262899240", ["./syz-executor3262899240"], 0x7ffc18c24460 /* 10 vars */) = 0 brk(NULL) = 0x5555570ad000 brk(0x5555570add40) = 0x5555570add40 arch_prctl(ARCH_SET_FS, 0x5555570ad3c0) = 0 set_tid_address(0x5555570ad690) = 5059 set_robust_list(0x5555570ad6a0, 24) = 0 rseq(0x5555570adce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3262899240", 4096) = 28 getrandom("\xa4\xd0\x15\x0e\x71\x4e\xc8\x05", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555570add40 brk(0x5555570ced40) = 0x5555570ced40 brk(0x5555570cf000) = 0x5555570cf000 mprotect(0x7f0bd5ef3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.cVX7ts", 0700) = 0 chmod("./syzkaller.cVX7ts", 0777) = 0 chdir("./syzkaller.cVX7ts") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached , child_tidptr=0x5555570ad690) = 5060 [pid 5060] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5060] chdir("./0") = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5060] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5060] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5062 attached [pid 5062] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5060] <... clone3 resumed> => {parent_tid=[5062]}, 88) = 5062 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5060] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] <... rseq resumed>) = 0 [pid 5062] set_robust_list(0x7f0bd5e299a0, 24 [pid 5060] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] <... set_robust_list resumed>) = 0 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] memfd_create("syzkaller", 0) = 3 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5062] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5062] close(3) = 0 [pid 5062] mkdir("./file0", 0777) = 0 [ 55.144811][ T5062] loop0: detected capacity change from 0 to 32768 [ 55.161107][ T5062] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5062) [ 55.181056][ T5062] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 55.190514][ T5062] BTRFS info (device loop0): force clearing of disk cache [ 55.197701][ T5062] BTRFS info (device loop0): setting nodatasum [ 55.203924][ T5062] BTRFS info (device loop0): allowing degraded mounts [ 55.210710][ T5062] BTRFS info (device loop0): enabling disk space caching [ 55.217794][ T5062] BTRFS info (device loop0): disk space caching is enabled [ 55.240934][ T5062] BTRFS info (device loop0): enabling ssd optimizations [ 55.247982][ T5062] BTRFS info (device loop0): auto enabling async discard [ 55.257352][ T5062] BTRFS info (device loop0): rebuilding free space tree [ 55.279416][ T5062] BTRFS info (device loop0): disabling free space tree [pid 5062] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5062] chdir("./file0") = 0 [pid 5062] ioctl(4, LOOP_CLR_FD) = 0 [pid 5062] close(4) = 0 [ 55.286400][ T5062] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 55.296202][ T5062] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 55.311096][ T5062] BTRFS info (device loop0): checking UUID tree [pid 5062] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5062] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5060] <... futex resumed>) = 0 [pid 5062] open("./file0", O_RDONLY [pid 5060] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... open resumed>) = 4 [pid 5062] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5062] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5060] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... ioctl resumed>) = 0 [pid 5062] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5062] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5060] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5060] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5060] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5080 attached [ 55.376968][ T5062] BTRFS info (device loop0): balance: start -d -m [ 55.390174][ T5062] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata => {parent_tid=[5080]}, 88) = 5080 [pid 5080] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5080] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5080] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5080] open(".", O_RDONLY) = 5 [pid 5060] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5060] <... futex resumed>) = 0 [pid 5080] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5060] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... ioctl resumed>) = 0 [pid 5080] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [ 55.432123][ T5062] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 55.529643][ T5062] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 55.565115][ T5062] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5080] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5062] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] exit_group(0 [pid 5080] <... futex resumed>) = ? [pid 5062] <... futex resumed>) = ? [pid 5060] <... exit_group resumed>) = ? [pid 5080] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ [pid 5060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=48 /* 0.48 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 55.585619][ T5062] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached , child_tidptr=0x5555570ad690) = 5082 [pid 5082] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5082] chdir("./1") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5082] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5083 attached [pid 5083] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5082] <... clone3 resumed> => {parent_tid=[5083]}, 88) = 5083 [pid 5083] set_robust_list(0x7f0bd5e299a0, 24 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] <... set_robust_list resumed>) = 0 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] memfd_create("syzkaller", 0 [pid 5082] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] <... memfd_create resumed>) = 3 [pid 5082] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5083] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file0", 0777) = 0 [ 56.131750][ T5083] loop0: detected capacity change from 0 to 32768 [ 56.168990][ T5083] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5083) [ 56.185002][ T5083] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 56.194316][ T5083] BTRFS info (device loop0): force clearing of disk cache [ 56.201421][ T5083] BTRFS info (device loop0): setting nodatasum [ 56.207684][ T5083] BTRFS info (device loop0): allowing degraded mounts [ 56.214486][ T5083] BTRFS info (device loop0): enabling disk space caching [ 56.221499][ T5083] BTRFS info (device loop0): disk space caching is enabled [ 56.241849][ T5083] BTRFS info (device loop0): enabling ssd optimizations [ 56.249029][ T5083] BTRFS info (device loop0): auto enabling async discard [ 56.257608][ T5083] BTRFS info (device loop0): rebuilding free space tree [ 56.268551][ T5083] BTRFS info (device loop0): disabling free space tree [ 56.275567][ T5083] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5083] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file0") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] close(4) = 0 [pid 5083] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [ 56.285263][ T5083] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 56.298770][ T5083] BTRFS info (device loop0): checking UUID tree [pid 5083] open("./file0", O_RDONLY [pid 5082] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... open resumed>) = 4 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 1 [pid 5082] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5083] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5082] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5082] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5101 attached [pid 5101] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5082] <... clone3 resumed> => {parent_tid=[5101]}, 88) = 5101 [pid 5101] set_robust_list(0x7f0bd5e089a0, 24 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] <... set_robust_list resumed>) = 0 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] open(".", O_RDONLY) = 5 [pid 5101] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... futex resumed>) = 0 [pid 5082] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 5101] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 56.378716][ T5083] BTRFS info (device loop0): balance: start -d -m [ 56.388664][ T5083] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 56.412094][ T5083] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5082] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... ioctl resumed>) = 0 [pid 5101] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... futex resumed>) = 0 [pid 5083] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5083] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] exit_group(0 [pid 5101] <... futex resumed>) = ? [pid 5083] <... futex resumed>) = ? [pid 5082] <... exit_group resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 56.478991][ T5083] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 56.501589][ T5083] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 56.519824][ T5083] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached , child_tidptr=0x5555570ad690) = 5102 [pid 5102] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5102] chdir("./2") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5102] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5103 attached [pid 5103] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5102] <... clone3 resumed> => {parent_tid=[5103]}, 88) = 5103 [pid 5103] set_robust_list(0x7f0bd5e299a0, 24 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] <... set_robust_list resumed>) = 0 [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], [pid 5102] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5102] <... futex resumed>) = 0 [pid 5103] memfd_create("syzkaller", 0 [pid 5102] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5103] <... memfd_create resumed>) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5103] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./file0", 0777) = 0 [ 56.971053][ T5103] loop0: detected capacity change from 0 to 32768 [ 56.994690][ T5103] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5103) [ 57.010735][ T5103] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 57.020246][ T5103] BTRFS info (device loop0): force clearing of disk cache [ 57.027510][ T5103] BTRFS info (device loop0): setting nodatasum [ 57.033708][ T5103] BTRFS info (device loop0): allowing degraded mounts [ 57.040758][ T5103] BTRFS info (device loop0): enabling disk space caching [ 57.047910][ T5103] BTRFS info (device loop0): disk space caching is enabled [ 57.067190][ T5103] BTRFS info (device loop0): enabling ssd optimizations [ 57.074202][ T5103] BTRFS info (device loop0): auto enabling async discard [ 57.082052][ T5103] BTRFS info (device loop0): rebuilding free space tree [ 57.094065][ T5103] BTRFS info (device loop0): disabling free space tree [ 57.100989][ T5103] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.110666][ T5103] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5103] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./file0") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5103] open("./file0", O_RDONLY [pid 5102] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... open resumed>) = 4 [pid 5103] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [ 57.123309][ T5103] BTRFS info (device loop0): checking UUID tree [pid 5103] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5103] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 1 [pid 5102] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5102] <... futex resumed>) = 1 [pid 5102] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5102] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5102] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5102] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5121]}, 88) = 5121 ./strace-static-x86_64: Process 5121 attached [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5121] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5102] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... rseq resumed>) = 0 [pid 5121] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5121] open(".", O_RDONLY) = 5 [pid 5121] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5121] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5121] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 57.213874][ T5103] BTRFS info (device loop0): balance: start -d -m [ 57.224240][ T5103] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 57.252510][ T5103] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5102] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... ioctl resumed>) = 0 [pid 5121] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5103] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5103] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] exit_group(0 [pid 5121] <... futex resumed>) = ? [pid 5102] <... exit_group resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5103] <... futex resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 57.317566][ T5103] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 57.339176][ T5103] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 57.356247][ T5103] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5122] chdir("./3") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5122 [pid 5122] <... prctl resumed>) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5122] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5123 attached [pid 5123] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5122] <... clone3 resumed> => {parent_tid=[5123]}, 88) = 5123 [pid 5123] set_robust_list(0x7f0bd5e299a0, 24 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], [pid 5123] <... set_robust_list resumed>) = 0 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], [pid 5122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5122] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] memfd_create("syzkaller", 0 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] <... memfd_create resumed>) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5123] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file0", 0777) = 0 [ 57.835040][ T5123] loop0: detected capacity change from 0 to 32768 [ 57.849819][ T5123] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5123) [ 57.865623][ T5123] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 57.874942][ T5123] BTRFS info (device loop0): force clearing of disk cache [ 57.882067][ T5123] BTRFS info (device loop0): setting nodatasum [ 57.888316][ T5123] BTRFS info (device loop0): allowing degraded mounts [ 57.895223][ T5123] BTRFS info (device loop0): enabling disk space caching [ 57.902405][ T5123] BTRFS info (device loop0): disk space caching is enabled [ 57.922517][ T5123] BTRFS info (device loop0): enabling ssd optimizations [ 57.929601][ T5123] BTRFS info (device loop0): auto enabling async discard [ 57.937536][ T5123] BTRFS info (device loop0): rebuilding free space tree [ 57.950051][ T5123] BTRFS info (device loop0): disabling free space tree [ 57.957208][ T5123] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.966982][ T5123] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5123] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file0") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [ 57.979688][ T5123] BTRFS info (device loop0): checking UUID tree [pid 5123] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] open("./file0", O_RDONLY [pid 5122] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... open resumed>) = 4 [pid 5123] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5123] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5122] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... ioctl resumed>) = 0 [pid 5123] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.059738][ T5123] BTRFS info (device loop0): balance: start -d -m [ 58.069367][ T5123] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5123] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5122] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5122] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5122] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5141]}, 88) = 5141 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5141 attached [pid 5141] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5141] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5141] open(".", O_RDONLY) = 5 [pid 5141] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5141] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5122] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... ioctl resumed>) = 0 [pid 5141] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5141] <... futex resumed>) = 1 [ 58.101975][ T5123] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5141] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5123] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] exit_group(0 [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... futex resumed>) = ? [pid 5122] <... exit_group resumed>) = ? [pid 5141] +++ exited with 0 +++ [pid 5123] <... futex resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 58.176992][ T5123] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 58.199114][ T5123] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 58.217011][ T5123] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5142] chdir("./4") = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5142 [pid 5142] setpgid(0, 0) = 0 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5142] write(3, "1000", 4) = 4 [pid 5142] close(3) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5142] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5142] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5143 attached [pid 5143] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5142] <... clone3 resumed> => {parent_tid=[5143]}, 88) = 5143 [pid 5143] set_robust_list(0x7f0bd5e299a0, 24 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], [pid 5143] <... set_robust_list resumed>) = 0 [pid 5142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5142] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] <... futex resumed>) = 0 [pid 5143] memfd_create("syzkaller", 0 [pid 5142] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5143] <... memfd_create resumed>) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5143] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] mkdir("./file0", 0777) = 0 [ 58.777723][ T5143] loop0: detected capacity change from 0 to 32768 [ 58.788486][ T5143] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5143) [ 58.804614][ T5143] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 58.813920][ T5143] BTRFS info (device loop0): force clearing of disk cache [ 58.821022][ T5143] BTRFS info (device loop0): setting nodatasum [ 58.827216][ T5143] BTRFS info (device loop0): allowing degraded mounts [ 58.834012][ T5143] BTRFS info (device loop0): enabling disk space caching [ 58.841025][ T5143] BTRFS info (device loop0): disk space caching is enabled [ 58.859383][ T5143] BTRFS info (device loop0): enabling ssd optimizations [ 58.866748][ T5143] BTRFS info (device loop0): auto enabling async discard [pid 5143] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5143] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./file0") = 0 [pid 5143] ioctl(4, LOOP_CLR_FD) = 0 [pid 5143] close(4) = 0 [pid 5143] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5143] open("./file0", O_RDONLY [pid 5142] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... open resumed>) = 4 [pid 5142] <... futex resumed>) = 0 [ 58.875242][ T5143] BTRFS info (device loop0): rebuilding free space tree [ 58.886415][ T5143] BTRFS info (device loop0): disabling free space tree [ 58.893304][ T5143] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 58.903026][ T5143] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 58.916147][ T5143] BTRFS info (device loop0): checking UUID tree [pid 5143] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5143] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5142] <... futex resumed>) = 0 [pid 5143] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5142] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... ioctl resumed>) = 0 [pid 5143] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5142] <... futex resumed>) = 0 [pid 5142] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5142] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5142] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5161 attached => {parent_tid=[5161]}, 88) = 5161 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], [pid 5161] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... rseq resumed>) = 0 [pid 5142] <... futex resumed>) = 0 [pid 5161] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5142] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] open(".", O_RDONLY) = 5 [pid 5161] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5161] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [ 58.973238][ T5143] BTRFS info (device loop0): balance: start -d -m [ 58.983191][ T5143] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 59.006452][ T5143] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5161] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5142] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... ioctl resumed>) = 0 [pid 5161] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [ 59.082148][ T5143] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 59.111017][ T5143] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5161] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5143] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] exit_group(0 [pid 5161] <... futex resumed>) = ? [pid 5143] <... futex resumed>) = ? [pid 5142] <... exit_group resumed>) = ? [pid 5161] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 59.134889][ T5143] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5163] chdir("./5") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5163 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5163] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5164 attached => {parent_tid=[5164]}, 88) = 5164 [pid 5164] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] <... rseq resumed>) = 0 [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5164] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] mkdir("./file0", 0777) = 0 [ 59.632142][ T5164] loop0: detected capacity change from 0 to 32768 [ 59.646359][ T5164] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5164) [ 59.661807][ T5164] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 59.671154][ T5164] BTRFS info (device loop0): force clearing of disk cache [pid 5164] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5164] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 59.678353][ T5164] BTRFS info (device loop0): setting nodatasum [ 59.684592][ T5164] BTRFS info (device loop0): allowing degraded mounts [ 59.691376][ T5164] BTRFS info (device loop0): enabling disk space caching [pid 5164] chdir("./file0") = 0 [pid 5164] ioctl(4, LOOP_CLR_FD) = 0 [pid 5164] close(4) = 0 [pid 5164] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5164] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5164] open("./file0", O_RDONLY [pid 5163] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... open resumed>) = 4 [pid 5164] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5163] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] <... futex resumed>) = 0 [pid 5163] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5163] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5163] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5182]}, 88) = 5182 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5163] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5182 attached [pid 5182] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5182] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5182] open(".", O_RDONLY) = 5 [pid 5182] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5182] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5163] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] <... ioctl resumed>) = 0 [pid 5182] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5182] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5164] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] exit_group(0 [pid 5182] <... futex resumed>) = ? [pid 5182] +++ exited with 0 +++ [pid 5163] <... exit_group resumed>) = ? [pid 5164] <... futex resumed>) = ? [pid 5164] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5183] chdir("./6" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5183 [pid 5183] <... chdir resumed>) = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5183] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5184 attached [pid 5184] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5183] <... clone3 resumed> => {parent_tid=[5184]}, 88) = 5184 [pid 5184] <... rseq resumed>) = 0 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] set_robust_list(0x7f0bd5e299a0, 24 [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] <... set_robust_list resumed>) = 0 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] <... futex resumed>) = 0 [pid 5184] memfd_create("syzkaller", 0 [pid 5183] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] <... memfd_create resumed>) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5184] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] mkdir("./file0", 0777) = 0 [ 60.349217][ T5184] loop0: detected capacity change from 0 to 32768 [ 60.368930][ T5184] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5184) [ 60.385284][ T5184] _btrfs_printk: 14 callbacks suppressed [ 60.385299][ T5184] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 60.400204][ T5184] BTRFS info (device loop0): force clearing of disk cache [ 60.407373][ T5184] BTRFS info (device loop0): setting nodatasum [ 60.413516][ T5184] BTRFS info (device loop0): allowing degraded mounts [ 60.420328][ T5184] BTRFS info (device loop0): enabling disk space caching [ 60.427383][ T5184] BTRFS info (device loop0): disk space caching is enabled [ 60.446662][ T5184] BTRFS info (device loop0): enabling ssd optimizations [ 60.453638][ T5184] BTRFS info (device loop0): auto enabling async discard [ 60.462520][ T5184] BTRFS info (device loop0): rebuilding free space tree [ 60.473661][ T5184] BTRFS info (device loop0): disabling free space tree [ 60.480662][ T5184] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5184] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./file0") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [pid 5184] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] open("./file0", O_RDONLY [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... open resumed>) = 4 [pid 5184] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5184] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5183] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... ioctl resumed>) = 0 [pid 5184] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5183] <... futex resumed>) = 0 [ 60.490874][ T5184] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 60.503622][ T5184] BTRFS info (device loop0): checking UUID tree [pid 5183] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5183] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5183] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 60.540838][ T5184] BTRFS info (device loop0): balance: start -d -m [ 60.551855][ T5184] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 60.575666][ T5184] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5202]}, 88) = 5202 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5183] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5202 attached [pid 5183] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5202] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5202] open(".", O_RDONLY) = 5 [pid 5202] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5202] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5202] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5183] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... ioctl resumed>) = 0 [pid 5202] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [ 60.620305][ T5184] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5202] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5184] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] exit_group(0 [pid 5202] <... futex resumed>) = ? [pid 5202] +++ exited with 0 +++ [pid 5184] <... futex resumed>) = ? [pid 5183] <... exit_group resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 60.676083][ T5184] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 60.695081][ T5184] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5203 attached , child_tidptr=0x5555570ad690) = 5203 [pid 5203] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5203] chdir("./7") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5203] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5203] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5203] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0} => {parent_tid=[5204]}, 88) = 5204 ./strace-static-x86_64: Process 5204 attached [pid 5203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5203] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5204] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5204] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5204] memfd_create("syzkaller", 0) = 3 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5204] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5204] close(3) = 0 [pid 5204] mkdir("./file0", 0777) = 0 [ 61.178651][ T5204] loop0: detected capacity change from 0 to 32768 [ 61.195058][ T5204] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5204) [ 61.210327][ T5204] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 61.219644][ T5204] BTRFS info (device loop0): force clearing of disk cache [ 61.226822][ T5204] BTRFS info (device loop0): setting nodatasum [ 61.232985][ T5204] BTRFS info (device loop0): allowing degraded mounts [ 61.239799][ T5204] BTRFS info (device loop0): enabling disk space caching [ 61.246849][ T5204] BTRFS info (device loop0): disk space caching is enabled [ 61.266331][ T5204] BTRFS info (device loop0): enabling ssd optimizations [pid 5204] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5204] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5204] chdir("./file0") = 0 [pid 5204] ioctl(4, LOOP_CLR_FD) = 0 [pid 5204] close(4) = 0 [pid 5204] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5204] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = 0 [pid 5204] open("./file0", O_RDONLY [pid 5203] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... open resumed>) = 4 [pid 5204] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5204] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5203] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] <... ioctl resumed>) = 0 [pid 5203] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5204] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 61.273419][ T5204] BTRFS info (device loop0): auto enabling async discard [ 61.281707][ T5204] BTRFS info (device loop0): rebuilding free space tree [ 61.293012][ T5204] BTRFS info (device loop0): disabling free space tree [ 61.300076][ T5204] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 61.309766][ T5204] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 61.322362][ T5204] BTRFS info (device loop0): checking UUID tree [pid 5203] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5203] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5203] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5203] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5222]}, 88) = 5222 ./strace-static-x86_64: Process 5222 attached [ 61.357545][ T5204] BTRFS info (device loop0): balance: start -d -m [ 61.366017][ T5204] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 61.388742][ T5204] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5222] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5222] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5222] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5203] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] open(".", O_RDONLY) = 5 [pid 5222] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... futex resumed>) = 0 [pid 5203] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5203] <... futex resumed>) = 1 [pid 5222] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 61.436084][ T5204] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5203] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... ioctl resumed>) = 0 [pid 5222] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5222] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5204] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] exit_group(0 [pid 5222] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5204] <... futex resumed>) = ? [pid 5203] <... exit_group resumed>) = ? [pid 5204] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [ 61.486603][ T5204] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 61.517594][ T5204] BTRFS info (device loop0): balance: ended with status: 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5223 attached , child_tidptr=0x5555570ad690) = 5223 [pid 5223] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5223] chdir("./8") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5223] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5223] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5223] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5224 attached => {parent_tid=[5224]}, 88) = 5224 [pid 5224] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5223] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] <... rseq resumed>) = 0 [pid 5224] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5224] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./file0", 0777) = 0 [ 62.035199][ T5224] loop0: detected capacity change from 0 to 32768 [ 62.049266][ T5224] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5224) [ 62.064822][ T5224] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 62.074103][ T5224] BTRFS info (device loop0): force clearing of disk cache [ 62.081202][ T5224] BTRFS info (device loop0): setting nodatasum [ 62.087485][ T5224] BTRFS info (device loop0): allowing degraded mounts [ 62.094282][ T5224] BTRFS info (device loop0): enabling disk space caching [ 62.101296][ T5224] BTRFS info (device loop0): disk space caching is enabled [ 62.120073][ T5224] BTRFS info (device loop0): enabling ssd optimizations [ 62.127087][ T5224] BTRFS info (device loop0): auto enabling async discard [pid 5224] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5224] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file0") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [ 62.135076][ T5224] BTRFS info (device loop0): rebuilding free space tree [ 62.146366][ T5224] BTRFS info (device loop0): disabling free space tree [ 62.153268][ T5224] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 62.163015][ T5224] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 62.175956][ T5224] BTRFS info (device loop0): checking UUID tree [pid 5224] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] open("./file0", O_RDONLY) = 4 [pid 5224] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5223] <... futex resumed>) = 1 [pid 5224] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5223] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... ioctl resumed>) = 0 [pid 5224] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] <... futex resumed>) = 0 [pid 5224] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5223] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5223] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5223] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5242]}, 88) = 5242 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5223] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5242 attached [pid 5242] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5242] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5242] open(".", O_RDONLY) = 5 [pid 5242] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5242] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5223] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.259171][ T5224] BTRFS info (device loop0): balance: start -d -m [ 62.270526][ T5224] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 62.297497][ T5224] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5223] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... ioctl resumed>) = 0 [pid 5242] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5224] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] exit_group(0 [pid 5242] <... futex resumed>) = ? [pid 5224] <... futex resumed>) = ? [pid 5223] <... exit_group resumed>) = ? [pid 5242] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [ 62.368817][ T5224] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 62.391280][ T5224] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 62.408880][ T5224] BTRFS info (device loop0): balance: ended with status: 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5243 attached [pid 5243] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5243] chdir("./9" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5243 [pid 5243] <... chdir resumed>) = 0 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5243] setpgid(0, 0) = 0 [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5243] write(3, "1000", 4) = 4 [pid 5243] close(3) = 0 [pid 5243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5243] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5243] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5243] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5244 attached => {parent_tid=[5244]}, 88) = 5244 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], [pid 5244] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5244] set_robust_list(0x7f0bd5e299a0, 24 [pid 5243] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... set_robust_list resumed>) = 0 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5244] memfd_create("syzkaller", 0) = 3 [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5244] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5244] close(3) = 0 [pid 5244] mkdir("./file0", 0777) = 0 [ 63.028193][ T5244] loop0: detected capacity change from 0 to 32768 [ 63.041904][ T5244] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5244) [ 63.057890][ T5244] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.067198][ T5244] BTRFS info (device loop0): force clearing of disk cache [ 63.074357][ T5244] BTRFS info (device loop0): setting nodatasum [ 63.080524][ T5244] BTRFS info (device loop0): allowing degraded mounts [ 63.087343][ T5244] BTRFS info (device loop0): enabling disk space caching [ 63.094417][ T5244] BTRFS info (device loop0): disk space caching is enabled [ 63.113576][ T5244] BTRFS info (device loop0): enabling ssd optimizations [ 63.120607][ T5244] BTRFS info (device loop0): auto enabling async discard [pid 5244] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5244] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5244] chdir("./file0") = 0 [pid 5244] ioctl(4, LOOP_CLR_FD) = 0 [pid 5244] close(4) = 0 [pid 5244] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5243] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] open("./file0", O_RDONLY [pid 5243] <... futex resumed>) = 0 [pid 5244] <... open resumed>) = 4 [ 63.128535][ T5244] BTRFS info (device loop0): rebuilding free space tree [ 63.139733][ T5244] BTRFS info (device loop0): disabling free space tree [ 63.146716][ T5244] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 63.156425][ T5244] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.169120][ T5244] BTRFS info (device loop0): checking UUID tree [pid 5243] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5243] <... futex resumed>) = 0 [pid 5244] <... ioctl resumed>) = 0 [pid 5243] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5243] <... futex resumed>) = 1 [pid 5244] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5243] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5243] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5243] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5243] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5262]}, 88) = 5262 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5262 attached NULL, 8) = 0 [pid 5262] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5243] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... rseq resumed>) = 0 [pid 5262] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5262] open(".", O_RDONLY) = 5 [pid 5262] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5262] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 63.239405][ T5244] BTRFS info (device loop0): balance: start -d -m [ 63.249695][ T5244] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 63.275246][ T5244] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5243] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] <... futex resumed>) = 0 [pid 5262] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5243] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... ioctl resumed>) = 0 [pid 5262] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [ 63.337039][ T5244] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5262] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5244] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] exit_group(0 [pid 5244] <... futex resumed>) = ? [pid 5243] <... exit_group resumed>) = ? [pid 5262] <... futex resumed>) = ? [pid 5244] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ [pid 5243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 63.379985][ T5244] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 63.399149][ T5244] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5263] chdir("./10" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5263 [pid 5263] <... chdir resumed>) = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5263] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5264 attached => {parent_tid=[5264]}, 88) = 5264 [pid 5264] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5264] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5264] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 0 [pid 5263] <... futex resumed>) = 1 [pid 5264] memfd_create("syzkaller", 0 [pid 5263] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5264] <... memfd_create resumed>) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5264] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] mkdir("./file0", 0777) = 0 [ 63.956634][ T5264] loop0: detected capacity change from 0 to 32768 [ 63.971461][ T5264] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5264) [ 63.987358][ T5264] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 63.996946][ T5264] BTRFS info (device loop0): force clearing of disk cache [ 64.004164][ T5264] BTRFS info (device loop0): setting nodatasum [ 64.010349][ T5264] BTRFS info (device loop0): allowing degraded mounts [ 64.017445][ T5264] BTRFS info (device loop0): enabling disk space caching [ 64.024542][ T5264] BTRFS info (device loop0): disk space caching is enabled [ 64.043907][ T5264] BTRFS info (device loop0): enabling ssd optimizations [pid 5264] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file0") = 0 [pid 5264] ioctl(4, LOOP_CLR_FD) = 0 [pid 5264] close(4) = 0 [ 64.050892][ T5264] BTRFS info (device loop0): auto enabling async discard [ 64.059028][ T5264] BTRFS info (device loop0): rebuilding free space tree [ 64.069808][ T5264] BTRFS info (device loop0): disabling free space tree [ 64.076855][ T5264] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 64.086564][ T5264] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 64.099474][ T5264] BTRFS info (device loop0): checking UUID tree [pid 5264] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5264] open("./file0", O_RDONLY [pid 5263] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... open resumed>) = 4 [pid 5264] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] <... futex resumed>) = 1 [pid 5263] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5264] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5263] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5263] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5263] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5282]}, 88) = 5282 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5282 attached [pid 5282] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5263] <... futex resumed>) = 0 [pid 5282] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5263] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5282] open(".", O_RDONLY) = 5 [pid 5282] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5282] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5282] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 64.168734][ T5264] BTRFS info (device loop0): balance: start -d -m [ 64.179132][ T5264] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 64.206390][ T5264] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5263] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... ioctl resumed>) = 0 [pid 5282] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5282] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5264] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] exit_group(0 [pid 5264] <... futex resumed>) = ? [pid 5263] <... exit_group resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5282] <... futex resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 64.279090][ T5264] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 64.302033][ T5264] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 64.320164][ T5264] BTRFS info (device loop0): balance: ended with status: 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5283 attached , child_tidptr=0x5555570ad690) = 5283 [pid 5283] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5283] chdir("./11") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5283] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5283] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5284 attached [pid 5284] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5283] <... clone3 resumed> => {parent_tid=[5284]}, 88) = 5284 [pid 5284] set_robust_list(0x7f0bd5e299a0, 24 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] <... set_robust_list resumed>) = 0 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] memfd_create("syzkaller", 0 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5284] <... memfd_create resumed>) = 3 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5284] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] mkdir("./file0", 0777) = 0 [ 64.841994][ T5284] loop0: detected capacity change from 0 to 32768 [ 64.851574][ T5284] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5284) [ 64.867563][ T5284] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 64.876886][ T5284] BTRFS info (device loop0): force clearing of disk cache [ 64.884033][ T5284] BTRFS info (device loop0): setting nodatasum [pid 5284] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5284] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5284] chdir("./file0") = 0 [pid 5284] ioctl(4, LOOP_CLR_FD) = 0 [pid 5284] close(4) = 0 [pid 5284] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [ 64.890180][ T5284] BTRFS info (device loop0): allowing degraded mounts [ 64.896979][ T5284] BTRFS info (device loop0): enabling disk space caching [pid 5284] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5284] open("./file0", O_RDONLY [pid 5283] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... open resumed>) = 4 [pid 5284] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5284] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5283] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5283] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5283] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5283] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5283] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5302 attached [pid 5302] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5302] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], [pid 5283] <... clone3 resumed> => {parent_tid=[5302]}, 88) = 5302 [pid 5302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5283] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5302] open(".", O_RDONLY) = 5 [pid 5283] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5302] <... futex resumed>) = 0 [pid 5283] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... ioctl resumed>) = 0 [pid 5302] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5302] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5284] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] exit_group(0 [pid 5302] <... futex resumed>) = ? [pid 5302] +++ exited with 0 +++ [pid 5284] <... futex resumed>) = ? [pid 5284] +++ exited with 0 +++ [pid 5283] <... exit_group resumed>) = ? [pid 5283] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5283, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5303 attached , child_tidptr=0x5555570ad690) = 5303 [pid 5303] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5303] chdir("./12") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5303] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5304 attached [pid 5304] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5303] <... clone3 resumed> => {parent_tid=[5304]}, 88) = 5304 [pid 5304] set_robust_list(0x7f0bd5e299a0, 24 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] <... set_robust_list resumed>) = 0 [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5303] <... futex resumed>) = 0 [pid 5304] memfd_create("syzkaller", 0 [pid 5303] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5304] <... memfd_create resumed>) = 3 [pid 5304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5304] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5304] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5304] close(3) = 0 [pid 5304] mkdir("./file0", 0777) = 0 [ 65.748915][ T5304] loop0: detected capacity change from 0 to 32768 [ 65.758819][ T5304] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5304) [ 65.775276][ T5304] _btrfs_printk: 14 callbacks suppressed [ 65.775291][ T5304] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 65.790218][ T5304] BTRFS info (device loop0): force clearing of disk cache [ 65.797404][ T5304] BTRFS info (device loop0): setting nodatasum [ 65.803587][ T5304] BTRFS info (device loop0): allowing degraded mounts [ 65.810442][ T5304] BTRFS info (device loop0): enabling disk space caching [ 65.817551][ T5304] BTRFS info (device loop0): disk space caching is enabled [ 65.837651][ T5304] BTRFS info (device loop0): enabling ssd optimizations [ 65.844792][ T5304] BTRFS info (device loop0): auto enabling async discard [ 65.852606][ T5304] BTRFS info (device loop0): rebuilding free space tree [ 65.863882][ T5304] BTRFS info (device loop0): disabling free space tree [ 65.870802][ T5304] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 65.880530][ T5304] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 65.893429][ T5304] BTRFS info (device loop0): checking UUID tree [pid 5304] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5304] chdir("./file0") = 0 [pid 5304] ioctl(4, LOOP_CLR_FD) = 0 [pid 5304] close(4) = 0 [pid 5304] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 1 [pid 5303] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] open("./file0", O_RDONLY [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] <... open resumed>) = 4 [pid 5304] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5303] <... futex resumed>) = 0 [pid 5304] <... ioctl resumed>) = 0 [pid 5303] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5304] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5303] <... futex resumed>) = 0 [pid 5304] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5303] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5303] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5303] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5303] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5322]}, 88) = 5322 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5303] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5322 attached [pid 5322] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5322] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5322] open(".", O_RDONLY) = 5 [pid 5322] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5322] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5303] <... futex resumed>) = 1 [pid 5322] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 65.936522][ T5304] BTRFS info (device loop0): balance: start -d -m [ 65.946757][ T5304] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 65.973529][ T5304] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5303] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] <... ioctl resumed>) = 0 [pid 5322] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5322] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 5304] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] exit_group(0 [pid 5322] <... futex resumed>) = ? [pid 5322] +++ exited with 0 +++ [pid 5304] <... futex resumed>) = ? [pid 5303] <... exit_group resumed>) = ? [pid 5304] +++ exited with 0 +++ [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 66.051882][ T5304] BTRFS info (device loop0): 1 enospc errors during balance [ 66.060249][ T5304] BTRFS info (device loop0): balance: ended with status: -28 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5323 attached , child_tidptr=0x5555570ad690) = 5323 [pid 5323] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5323] chdir("./13") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5323] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5323] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5324 attached [pid 5324] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5323] <... clone3 resumed> => {parent_tid=[5324]}, 88) = 5324 [pid 5324] set_robust_list(0x7f0bd5e299a0, 24 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] <... set_robust_list resumed>) = 0 [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], [pid 5323] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5323] <... futex resumed>) = 0 [pid 5324] memfd_create("syzkaller", 0 [pid 5323] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5324] <... memfd_create resumed>) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5324] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] mkdir("./file0", 0777) = 0 [ 66.573583][ T5324] loop0: detected capacity change from 0 to 32768 [ 66.587418][ T5324] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5324) [ 66.603345][ T5324] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 66.612796][ T5324] BTRFS info (device loop0): force clearing of disk cache [ 66.620064][ T5324] BTRFS info (device loop0): setting nodatasum [ 66.626316][ T5324] BTRFS info (device loop0): allowing degraded mounts [ 66.633187][ T5324] BTRFS info (device loop0): enabling disk space caching [ 66.640324][ T5324] BTRFS info (device loop0): disk space caching is enabled [ 66.659486][ T5324] BTRFS info (device loop0): enabling ssd optimizations [ 66.666516][ T5324] BTRFS info (device loop0): auto enabling async discard [pid 5324] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./file0") = 0 [pid 5324] ioctl(4, LOOP_CLR_FD) = 0 [pid 5324] close(4) = 0 [ 66.674722][ T5324] BTRFS info (device loop0): rebuilding free space tree [ 66.686180][ T5324] BTRFS info (device loop0): disabling free space tree [ 66.693065][ T5324] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 66.702784][ T5324] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 66.715526][ T5324] BTRFS info (device loop0): checking UUID tree [pid 5324] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5324] <... futex resumed>) = 1 [pid 5323] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] open("./file0", O_RDONLY [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... open resumed>) = 4 [pid 5324] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] <... futex resumed>) = 0 [pid 5324] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5323] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... ioctl resumed>) = 0 [pid 5324] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] <... futex resumed>) = 0 [pid 5324] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 66.780338][ T5324] BTRFS info (device loop0): balance: start -d -m [ 66.788015][ T5324] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 66.804003][ T5324] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5323] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5323] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5323] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5324] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} [pid 5324] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5341 attached ) = 0 [pid 5341] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5324] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... rseq resumed>) = 0 [pid 5341] set_robust_list(0x7f0bd5e089a0, 24 [pid 5323] <... clone3 resumed> => {parent_tid=[5341]}, 88) = 5341 [pid 5341] <... set_robust_list resumed>) = 0 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5341] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5341] open(".", O_RDONLY [pid 5323] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] <... open resumed>) = 5 [pid 5341] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5323] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5324] <... futex resumed>) = 0 [ 66.830822][ T5324] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 66.851008][ T5324] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 66.868270][ T5324] BTRFS info (device loop0): balance: ended with status: 0 [pid 5324] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 5324] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] <... futex resumed>) = 0 [pid 5323] exit_group(0 [pid 5324] <... futex resumed>) = ? [pid 5341] <... futex resumed>) = ? [pid 5323] <... exit_group resumed>) = ? [pid 5341] +++ exited with 0 +++ [pid 5324] +++ exited with 0 +++ [pid 5323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5323, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5342 attached , child_tidptr=0x5555570ad690) = 5342 [pid 5342] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5342] chdir("./14") = 0 [pid 5342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5342] setpgid(0, 0) = 0 [pid 5342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5342] write(3, "1000", 4) = 4 [pid 5342] close(3) = 0 [pid 5342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5342] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5342] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5343 attached [pid 5343] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5342] <... clone3 resumed> => {parent_tid=[5343]}, 88) = 5343 [pid 5343] <... rseq resumed>) = 0 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], [pid 5343] set_robust_list(0x7f0bd5e299a0, 24 [pid 5342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5343] <... set_robust_list resumed>) = 0 [pid 5342] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], [pid 5342] <... futex resumed>) = 0 [pid 5343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5342] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5343] memfd_create("syzkaller", 0) = 3 [pid 5343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5343] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5343] close(3) = 0 [pid 5343] mkdir("./file0", 0777) = 0 [ 67.393386][ T5343] loop0: detected capacity change from 0 to 32768 [ 67.408160][ T5343] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5343) [ 67.424422][ T5343] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 67.433908][ T5343] BTRFS info (device loop0): force clearing of disk cache [ 67.441016][ T5343] BTRFS info (device loop0): setting nodatasum [ 67.447221][ T5343] BTRFS info (device loop0): allowing degraded mounts [ 67.454028][ T5343] BTRFS info (device loop0): enabling disk space caching [ 67.461044][ T5343] BTRFS info (device loop0): disk space caching is enabled [ 67.480750][ T5343] BTRFS info (device loop0): enabling ssd optimizations [pid 5343] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5343] chdir("./file0") = 0 [pid 5343] ioctl(4, LOOP_CLR_FD) = 0 [pid 5343] close(4) = 0 [pid 5343] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 67.487801][ T5343] BTRFS info (device loop0): auto enabling async discard [ 67.496147][ T5343] BTRFS info (device loop0): rebuilding free space tree [ 67.507831][ T5343] BTRFS info (device loop0): disabling free space tree [ 67.514879][ T5343] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 67.524599][ T5343] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 67.537266][ T5343] BTRFS info (device loop0): checking UUID tree [pid 5343] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5343] open("./file0", O_RDONLY [pid 5342] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... open resumed>) = 4 [pid 5343] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5343] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5342] <... futex resumed>) = 1 [pid 5343] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5342] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... futex resumed>) = 0 [pid 5342] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5342] <... futex resumed>) = 0 [pid 5343] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5342] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5342] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5342] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5361 attached => {parent_tid=[5361]}, 88) = 5361 [pid 5361] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5361] set_robust_list(0x7f0bd5e089a0, 24 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], [pid 5361] <... set_robust_list resumed>) = 0 [pid 5342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5342] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] open(".", O_RDONLY) = 5 [pid 5342] <... futex resumed>) = 0 [pid 5361] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5342] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5342] <... futex resumed>) = 1 [pid 5361] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 67.633180][ T5343] BTRFS info (device loop0): balance: start -d -m [ 67.641890][ T5343] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 67.672470][ T5343] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5342] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... ioctl resumed>) = 0 [pid 5361] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5361] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5343] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] exit_group(0 [pid 5361] <... futex resumed>) = ? [pid 5343] <... futex resumed>) = ? [pid 5342] <... exit_group resumed>) = ? [pid 5361] +++ exited with 0 +++ [pid 5343] +++ exited with 0 +++ [pid 5342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5342, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 67.723228][ T5343] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 67.744849][ T5343] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 67.762585][ T5343] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5362 attached [pid 5362] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5362] chdir("./15") = 0 [pid 5362] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5362 [pid 5362] <... prctl resumed>) = 0 [pid 5362] setpgid(0, 0) = 0 [pid 5362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5362] write(3, "1000", 4) = 4 [pid 5362] close(3) = 0 [pid 5362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5362] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5362] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5363 attached [pid 5363] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5363] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5362] <... clone3 resumed> => {parent_tid=[5363]}, 88) = 5363 [pid 5363] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5362] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5362] <... futex resumed>) = 1 [pid 5363] memfd_create("syzkaller", 0 [pid 5362] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5363] <... memfd_create resumed>) = 3 [pid 5363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5363] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5363] close(3) = 0 [pid 5363] mkdir("./file0", 0777) = 0 [ 68.246135][ T5363] loop0: detected capacity change from 0 to 32768 [ 68.260453][ T5363] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5363) [ 68.276623][ T5363] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 68.285919][ T5363] BTRFS info (device loop0): force clearing of disk cache [ 68.293025][ T5363] BTRFS info (device loop0): setting nodatasum [ 68.299295][ T5363] BTRFS info (device loop0): allowing degraded mounts [ 68.306159][ T5363] BTRFS info (device loop0): enabling disk space caching [ 68.313192][ T5363] BTRFS info (device loop0): disk space caching is enabled [ 68.332288][ T5363] BTRFS info (device loop0): enabling ssd optimizations [ 68.339376][ T5363] BTRFS info (device loop0): auto enabling async discard [pid 5363] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5363] chdir("./file0") = 0 [pid 5363] ioctl(4, LOOP_CLR_FD) = 0 [pid 5363] close(4) = 0 [ 68.347427][ T5363] BTRFS info (device loop0): rebuilding free space tree [ 68.358281][ T5363] BTRFS info (device loop0): disabling free space tree [ 68.365347][ T5363] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 68.375049][ T5363] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 68.387795][ T5363] BTRFS info (device loop0): checking UUID tree [pid 5363] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5363] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5363] open("./file0", O_RDONLY) = 4 [pid 5363] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] <... futex resumed>) = 1 [pid 5362] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5363] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5363] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] <... futex resumed>) = 1 [pid 5362] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5363] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5362] <... futex resumed>) = 1 [pid 5362] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5362] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5362] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5362] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5381 attached [pid 5381] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5362] <... clone3 resumed> => {parent_tid=[5381]}, 88) = 5381 [pid 5381] <... rseq resumed>) = 0 [pid 5362] rt_sigprocmask(SIG_SETMASK, [], [pid 5381] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5362] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5362] <... futex resumed>) = 0 [pid 5381] open(".", O_RDONLY [pid 5362] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... open resumed>) = 5 [pid 5381] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5381] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 68.442177][ T5363] BTRFS info (device loop0): balance: start -d -m [ 68.451968][ T5363] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 68.476648][ T5363] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5381] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 5381] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [ 68.550714][ T5363] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 68.583560][ T5363] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5381] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5363] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] exit_group(0 [pid 5381] <... futex resumed>) = ? [pid 5363] <... futex resumed>) = ? [pid 5362] <... exit_group resumed>) = ? [pid 5363] +++ exited with 0 +++ [pid 5381] +++ exited with 0 +++ [pid 5362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5362, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 68.602737][ T5363] BTRFS info (device loop0): balance: ended with status: 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5382 attached [pid 5382] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5382] chdir("./16") = 0 [pid 5382] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5382 [pid 5382] <... prctl resumed>) = 0 [pid 5382] setpgid(0, 0) = 0 [pid 5382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5382] write(3, "1000", 4) = 4 [pid 5382] close(3) = 0 [pid 5382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5382] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5382] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5382] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5383 attached [pid 5383] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5382] <... clone3 resumed> => {parent_tid=[5383]}, 88) = 5383 [pid 5383] set_robust_list(0x7f0bd5e299a0, 24 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], [pid 5383] <... set_robust_list resumed>) = 0 [pid 5382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], [pid 5382] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5382] <... futex resumed>) = 0 [pid 5383] memfd_create("syzkaller", 0 [pid 5382] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5383] <... memfd_create resumed>) = 3 [pid 5383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5383] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5383] close(3) = 0 [pid 5383] mkdir("./file0", 0777) = 0 [ 69.048480][ T5383] loop0: detected capacity change from 0 to 32768 [ 69.072955][ T5383] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5383) [ 69.089423][ T5383] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 69.098787][ T5383] BTRFS info (device loop0): force clearing of disk cache [ 69.105964][ T5383] BTRFS info (device loop0): setting nodatasum [ 69.112147][ T5383] BTRFS info (device loop0): allowing degraded mounts [ 69.118971][ T5383] BTRFS info (device loop0): enabling disk space caching [ 69.126621][ T5383] BTRFS info (device loop0): disk space caching is enabled [ 69.145586][ T5383] BTRFS info (device loop0): enabling ssd optimizations [ 69.152571][ T5383] BTRFS info (device loop0): auto enabling async discard [ 69.160754][ T5383] BTRFS info (device loop0): rebuilding free space tree [ 69.171622][ T5383] BTRFS info (device loop0): disabling free space tree [ 69.178731][ T5383] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 69.188415][ T5383] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5383] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5383] chdir("./file0") = 0 [pid 5383] ioctl(4, LOOP_CLR_FD) = 0 [pid 5383] close(4) = 0 [pid 5383] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] open("./file0", O_RDONLY [pid 5382] <... futex resumed>) = 0 [pid 5383] <... open resumed>) = 4 [pid 5382] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5383] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5382] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] <... ioctl resumed>) = 0 [ 69.201110][ T5383] BTRFS info (device loop0): checking UUID tree [pid 5383] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5382] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5382] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5401]}, 88) = 5401 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5382] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5401 attached [pid 5401] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5382] <... futex resumed>) = 0 [pid 5401] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5382] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5401] open(".", O_RDONLY) = 5 [pid 5401] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = 0 [pid 5401] <... futex resumed>) = 1 [pid 5382] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5382] <... futex resumed>) = 0 [ 69.265390][ T5383] BTRFS info (device loop0): balance: start -d -m [ 69.275531][ T5383] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 69.300223][ T5383] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5382] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... ioctl resumed>) = 0 [pid 5401] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5383] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5382] exit_group(0 [pid 5401] <... futex resumed>) = ? [pid 5401] +++ exited with 0 +++ [pid 5383] <... futex resumed>) = ? [pid 5382] <... exit_group resumed>) = ? [pid 5383] +++ exited with 0 +++ [pid 5382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5382, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 69.374530][ T5383] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 69.396595][ T5383] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 69.414438][ T5383] BTRFS info (device loop0): balance: ended with status: 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5402 attached [pid 5402] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5402] chdir("./17") = 0 [pid 5402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5402 [pid 5402] setpgid(0, 0) = 0 [pid 5402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5402] write(3, "1000", 4) = 4 [pid 5402] close(3) = 0 [pid 5402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5402] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5402] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5403 attached => {parent_tid=[5403]}, 88) = 5403 [pid 5403] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5402] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5403] <... rseq resumed>) = 0 [pid 5403] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5403] memfd_create("syzkaller", 0) = 3 [pid 5403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5403] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5403] close(3) = 0 [pid 5403] mkdir("./file0", 0777) = 0 [ 69.904445][ T5403] loop0: detected capacity change from 0 to 32768 [ 69.924557][ T5403] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5403) [ 69.940269][ T5403] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5403] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5403] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5403] chdir("./file0") = 0 [pid 5403] ioctl(4, LOOP_CLR_FD) = 0 [pid 5403] close(4) = 0 [pid 5403] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] <... futex resumed>) = 0 [pid 5402] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... futex resumed>) = 0 [pid 5403] open("./file0", O_RDONLY) = 4 [ 69.949559][ T5403] BTRFS info (device loop0): force clearing of disk cache [ 69.956699][ T5403] BTRFS info (device loop0): setting nodatasum [ 69.962848][ T5403] BTRFS info (device loop0): allowing degraded mounts [ 69.969709][ T5403] BTRFS info (device loop0): enabling disk space caching [ 69.976764][ T5403] BTRFS info (device loop0): disk space caching is enabled [pid 5403] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5403] <... futex resumed>) = 1 [pid 5402] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5402] <... futex resumed>) = 0 [pid 5403] <... ioctl resumed>) = 0 [pid 5402] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5403] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5402] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5402] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5402] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5421]}, 88) = 5421 [pid 5402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5421 attached [pid 5421] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5421] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5402] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] open(".", O_RDONLY) = 5 [pid 5421] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5421] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5402] <... futex resumed>) = 0 [pid 5421] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5402] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5421] <... ioctl resumed>) = 0 [pid 5403] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5421] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5421] <... futex resumed>) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = 0 [pid 5421] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5402] exit_group(0 [pid 5421] <... futex resumed>) = ? [pid 5402] <... exit_group resumed>) = ? [pid 5421] +++ exited with 0 +++ [pid 5403] <... futex resumed>) = ? [pid 5403] +++ exited with 0 +++ [pid 5402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5402, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5422 attached [pid 5422] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5422] chdir("./18") = 0 [pid 5422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5422 [pid 5422] setpgid(0, 0) = 0 [pid 5422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5422] write(3, "1000", 4) = 4 [pid 5422] close(3) = 0 [pid 5422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5422] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5422] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5423 attached [pid 5423] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5422] <... clone3 resumed> => {parent_tid=[5423]}, 88) = 5423 [pid 5423] <... rseq resumed>) = 0 [pid 5423] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5422] rt_sigprocmask(SIG_SETMASK, [], [pid 5423] rt_sigprocmask(SIG_SETMASK, [], [pid 5422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5422] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] memfd_create("syzkaller", 0 [pid 5422] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5423] <... memfd_create resumed>) = 3 [pid 5423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5423] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5423] close(3) = 0 [pid 5423] mkdir("./file0", 0777) = 0 [pid 5423] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5423] chdir("./file0") = 0 [pid 5423] ioctl(4, LOOP_CLR_FD) = 0 [pid 5423] close(4) = 0 [pid 5423] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5422] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] open("./file0", O_RDONLY) = 4 [pid 5423] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] <... futex resumed>) = 0 [pid 5422] <... futex resumed>) = 1 [pid 5423] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5422] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... ioctl resumed>) = 0 [ 70.620256][ T5423] loop0: detected capacity change from 0 to 32768 [ 70.634825][ T5423] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5423) [pid 5423] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5423] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... futex resumed>) = 0 [pid 5423] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5422] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5422] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5422] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5441 attached => {parent_tid=[5441]}, 88) = 5441 [pid 5422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5422] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5441] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5441] open(".", O_RDONLY) = 5 [pid 5441] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5441] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5422] <... futex resumed>) = 0 [pid 5441] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 70.791485][ T5423] _btrfs_printk: 29 callbacks suppressed [ 70.791500][ T5423] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5422] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... ioctl resumed>) = 0 [pid 5441] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5422] <... futex resumed>) = 0 [pid 5441] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5423] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] exit_group(0 [pid 5441] <... futex resumed>) = ? [pid 5423] <... futex resumed>) = ? [pid 5422] <... exit_group resumed>) = ? [pid 5441] +++ exited with 0 +++ [pid 5423] +++ exited with 0 +++ [pid 5422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5422, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 70.837242][ T5423] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 70.869844][ T5423] BTRFS info (device loop0): balance: ended with status: 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5442 attached [pid 5442] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5442] chdir("./19") = 0 [pid 5442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5442 [pid 5442] setpgid(0, 0) = 0 [pid 5442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5442] write(3, "1000", 4) = 4 [pid 5442] close(3) = 0 [pid 5442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5442] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5442] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5442] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5443 attached => {parent_tid=[5443]}, 88) = 5443 [pid 5443] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], [pid 5443] <... rseq resumed>) = 0 [pid 5442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5443] set_robust_list(0x7f0bd5e299a0, 24 [pid 5442] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... set_robust_list resumed>) = 0 [pid 5442] <... futex resumed>) = 0 [pid 5443] rt_sigprocmask(SIG_SETMASK, [], [pid 5442] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5443] memfd_create("syzkaller", 0) = 3 [pid 5443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5443] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5443] close(3) = 0 [pid 5443] mkdir("./file0", 0777) = 0 [ 71.345800][ T5443] loop0: detected capacity change from 0 to 32768 [ 71.363744][ T5443] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5443) [ 71.380383][ T5443] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 71.389697][ T5443] BTRFS info (device loop0): force clearing of disk cache [ 71.396872][ T5443] BTRFS info (device loop0): setting nodatasum [ 71.403058][ T5443] BTRFS info (device loop0): allowing degraded mounts [ 71.410073][ T5443] BTRFS info (device loop0): enabling disk space caching [ 71.417151][ T5443] BTRFS info (device loop0): disk space caching is enabled [ 71.436778][ T5443] BTRFS info (device loop0): enabling ssd optimizations [ 71.443746][ T5443] BTRFS info (device loop0): auto enabling async discard [ 71.451931][ T5443] BTRFS info (device loop0): rebuilding free space tree [ 71.462750][ T5443] BTRFS info (device loop0): disabling free space tree [ 71.469732][ T5443] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 71.479400][ T5443] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5443] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5443] chdir("./file0") = 0 [pid 5443] ioctl(4, LOOP_CLR_FD) = 0 [pid 5443] close(4) = 0 [ 71.492450][ T5443] BTRFS info (device loop0): checking UUID tree [pid 5443] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5443] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5442] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5442] <... futex resumed>) = 1 [pid 5443] open("./file0", O_RDONLY [pid 5442] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... open resumed>) = 4 [pid 5443] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5443] <... futex resumed>) = 1 [pid 5442] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5442] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... ioctl resumed>) = 0 [pid 5443] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5443] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5442] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5442] <... futex resumed>) = 0 [pid 5443] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5442] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5442] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5442] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5442] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 71.561428][ T5443] BTRFS info (device loop0): balance: start -d -m [ 71.577756][ T5443] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5461 attached => {parent_tid=[5461]}, 88) = 5461 [pid 5461] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], [pid 5461] <... rseq resumed>) = 0 [pid 5442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5461] set_robust_list(0x7f0bd5e089a0, 24 [pid 5442] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... set_robust_list resumed>) = 0 [pid 5442] <... futex resumed>) = 0 [pid 5461] rt_sigprocmask(SIG_SETMASK, [], [pid 5442] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5461] open(".", O_RDONLY) = 5 [pid 5461] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5461] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5442] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5442] <... futex resumed>) = 0 [ 71.619546][ T5443] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5442] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5461] <... ioctl resumed>) = 0 [pid 5461] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.731267][ T5443] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 71.762441][ T5443] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5461] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5443] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] exit_group(0 [pid 5443] <... futex resumed>) = 0 [pid 5461] <... futex resumed>) = ? [pid 5442] <... exit_group resumed>) = ? [pid 5461] +++ exited with 0 +++ [pid 5443] +++ exited with 0 +++ [pid 5442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5442, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 71.794010][ T5443] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5462 attached , child_tidptr=0x5555570ad690) = 5462 [pid 5462] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5462] chdir("./20") = 0 [pid 5462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5462] setpgid(0, 0) = 0 [pid 5462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5462] write(3, "1000", 4) = 4 [pid 5462] close(3) = 0 [pid 5462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5462] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5462] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5463 attached => {parent_tid=[5463]}, 88) = 5463 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5462] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5462] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5463] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5463] memfd_create("syzkaller", 0) = 3 [pid 5463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5463] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5463] close(3) = 0 [pid 5463] mkdir("./file0", 0777) = 0 [ 72.394391][ T5463] loop0: detected capacity change from 0 to 32768 [ 72.409005][ T5463] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5463) [ 72.424725][ T5463] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 72.434020][ T5463] BTRFS info (device loop0): force clearing of disk cache [ 72.441125][ T5463] BTRFS info (device loop0): setting nodatasum [ 72.447349][ T5463] BTRFS info (device loop0): allowing degraded mounts [ 72.454202][ T5463] BTRFS info (device loop0): enabling disk space caching [ 72.461209][ T5463] BTRFS info (device loop0): disk space caching is enabled [ 72.481069][ T5463] BTRFS info (device loop0): enabling ssd optimizations [ 72.488200][ T5463] BTRFS info (device loop0): auto enabling async discard [pid 5463] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5463] chdir("./file0") = 0 [pid 5463] ioctl(4, LOOP_CLR_FD) = 0 [pid 5463] close(4) = 0 [pid 5463] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5463] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5462] <... futex resumed>) = 0 [pid 5463] open("./file0", O_RDONLY [pid 5462] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... open resumed>) = 4 [ 72.496312][ T5463] BTRFS info (device loop0): rebuilding free space tree [ 72.507607][ T5463] BTRFS info (device loop0): disabling free space tree [ 72.514580][ T5463] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 72.524266][ T5463] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 72.537667][ T5463] BTRFS info (device loop0): checking UUID tree [pid 5463] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5463] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5462] <... futex resumed>) = 0 [pid 5463] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5462] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... ioctl resumed>) = 0 [pid 5463] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5463] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = 0 [pid 5462] <... futex resumed>) = 1 [pid 5463] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5462] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5462] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5462] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5481]}, 88) = 5481 ./strace-static-x86_64: Process 5481 attached [pid 5481] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], [pid 5481] set_robust_list(0x7f0bd5e089a0, 24 [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5481] <... set_robust_list resumed>) = 0 [pid 5462] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] rt_sigprocmask(SIG_SETMASK, [], [pid 5462] <... futex resumed>) = 0 [pid 5481] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5462] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] open(".", O_RDONLY) = 5 [pid 5481] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5481] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5462] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.621908][ T5463] BTRFS info (device loop0): balance: start -d -m [ 72.631753][ T5463] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 72.653464][ T5463] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5462] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... ioctl resumed>) = 0 [pid 5481] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5481] <... futex resumed>) = 1 [ 72.703717][ T5463] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 72.730333][ T5463] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5481] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5463] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5463] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] exit_group(0 [pid 5481] <... futex resumed>) = ? [pid 5462] <... exit_group resumed>) = ? [pid 5481] +++ exited with 0 +++ [pid 5463] <... futex resumed>) = ? [pid 5463] +++ exited with 0 +++ [pid 5462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5462, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=33 /* 0.33 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 72.747768][ T5463] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5482 attached , child_tidptr=0x5555570ad690) = 5482 [pid 5482] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5482] chdir("./21") = 0 [pid 5482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5482] setpgid(0, 0) = 0 [pid 5482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5482] write(3, "1000", 4) = 4 [pid 5482] close(3) = 0 [pid 5482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5482] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5482] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5483 attached [pid 5483] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5482] <... clone3 resumed> => {parent_tid=[5483]}, 88) = 5483 [pid 5483] set_robust_list(0x7f0bd5e299a0, 24 [pid 5482] rt_sigprocmask(SIG_SETMASK, [], [pid 5483] <... set_robust_list resumed>) = 0 [pid 5483] rt_sigprocmask(SIG_SETMASK, [], [pid 5482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5482] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] memfd_create("syzkaller", 0 [pid 5482] <... futex resumed>) = 0 [pid 5483] <... memfd_create resumed>) = 3 [pid 5483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5482] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5483] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5483] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5483] close(3) = 0 [pid 5483] mkdir("./file0", 0777) = 0 [ 73.240199][ T5483] loop0: detected capacity change from 0 to 32768 [ 73.263922][ T5483] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5483) [ 73.279252][ T5483] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.288548][ T5483] BTRFS info (device loop0): force clearing of disk cache [ 73.295712][ T5483] BTRFS info (device loop0): setting nodatasum [ 73.301874][ T5483] BTRFS info (device loop0): allowing degraded mounts [ 73.308747][ T5483] BTRFS info (device loop0): enabling disk space caching [ 73.315847][ T5483] BTRFS info (device loop0): disk space caching is enabled [ 73.334281][ T5483] BTRFS info (device loop0): enabling ssd optimizations [ 73.341261][ T5483] BTRFS info (device loop0): auto enabling async discard [ 73.349867][ T5483] BTRFS info (device loop0): rebuilding free space tree [ 73.360809][ T5483] BTRFS info (device loop0): disabling free space tree [ 73.367889][ T5483] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 73.377579][ T5483] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5483] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5483] chdir("./file0") = 0 [pid 5483] ioctl(4, LOOP_CLR_FD) = 0 [pid 5483] close(4) = 0 [pid 5483] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5482] <... futex resumed>) = 0 [pid 5482] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] <... futex resumed>) = 1 [pid 5483] open("./file0", O_RDONLY) = 4 [pid 5483] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5482] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5483] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5483] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5483] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5482] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.390568][ T5483] BTRFS info (device loop0): checking UUID tree [pid 5482] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5482] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5482] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5482] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5501]}, 88) = 5501 [pid 5482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5501 attached [pid 5482] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5482] <... futex resumed>) = 0 [pid 5501] <... rseq resumed>) = 0 [pid 5482] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5501] open(".", O_RDONLY) = 5 [pid 5501] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] <... futex resumed>) = 0 [pid 5482] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5482] <... futex resumed>) = 1 [pid 5501] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 73.434888][ T5483] BTRFS info (device loop0): balance: start -d -m [ 73.443617][ T5483] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 73.470973][ T5483] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5482] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] <... ioctl resumed>) = 0 [pid 5501] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5482] <... futex resumed>) = 0 [pid 5501] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5483] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5483] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5482] exit_group(0 [pid 5501] <... futex resumed>) = ? [pid 5482] <... exit_group resumed>) = ? [pid 5483] <... futex resumed>) = ? [pid 5501] +++ exited with 0 +++ [pid 5483] +++ exited with 0 +++ [pid 5482] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5482, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 73.557107][ T5483] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 73.578858][ T5483] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 73.596419][ T5483] BTRFS info (device loop0): balance: ended with status: 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5502 attached , child_tidptr=0x5555570ad690) = 5502 [pid 5502] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5502] chdir("./22") = 0 [pid 5502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5502] setpgid(0, 0) = 0 [pid 5502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5502] write(3, "1000", 4) = 4 [pid 5502] close(3) = 0 [pid 5502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5502] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5502] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5503 attached [pid 5503] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5502] <... clone3 resumed> => {parent_tid=[5503]}, 88) = 5503 [pid 5503] set_robust_list(0x7f0bd5e299a0, 24 [pid 5502] rt_sigprocmask(SIG_SETMASK, [], [pid 5503] <... set_robust_list resumed>) = 0 [pid 5502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5503] rt_sigprocmask(SIG_SETMASK, [], [pid 5502] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5502] <... futex resumed>) = 0 [pid 5503] memfd_create("syzkaller", 0 [pid 5502] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5503] <... memfd_create resumed>) = 3 [pid 5503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5503] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5503] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5503] close(3) = 0 [pid 5503] mkdir("./file0", 0777) = 0 [ 74.087550][ T5503] loop0: detected capacity change from 0 to 32768 [ 74.103131][ T5503] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5503) [ 74.118650][ T5503] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.128462][ T5503] BTRFS info (device loop0): force clearing of disk cache [ 74.135630][ T5503] BTRFS info (device loop0): setting nodatasum [ 74.141781][ T5503] BTRFS info (device loop0): allowing degraded mounts [ 74.148583][ T5503] BTRFS info (device loop0): enabling disk space caching [ 74.155731][ T5503] BTRFS info (device loop0): disk space caching is enabled [ 74.174939][ T5503] BTRFS info (device loop0): enabling ssd optimizations [pid 5503] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5503] chdir("./file0") = 0 [pid 5503] ioctl(4, LOOP_CLR_FD) = 0 [pid 5503] close(4) = 0 [pid 5503] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] open("./file0", O_RDONLY [pid 5502] <... futex resumed>) = 0 [ 74.181917][ T5503] BTRFS info (device loop0): auto enabling async discard [ 74.189976][ T5503] BTRFS info (device loop0): rebuilding free space tree [ 74.200985][ T5503] BTRFS info (device loop0): disabling free space tree [ 74.208050][ T5503] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 74.217751][ T5503] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 74.230537][ T5503] BTRFS info (device loop0): checking UUID tree [pid 5503] <... open resumed>) = 4 [pid 5502] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] <... futex resumed>) = 0 [pid 5502] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] <... futex resumed>) = 0 [pid 5503] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5503] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] <... futex resumed>) = 0 [pid 5502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5503] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5502] <... futex resumed>) = 0 [pid 5503] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5502] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5502] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5502] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5521 attached => {parent_tid=[5521]}, 88) = 5521 [pid 5502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5502] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.297119][ T5503] BTRFS info (device loop0): balance: start -d -m [ 74.306599][ T5503] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 74.329631][ T5503] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5502] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5521] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5521] open(".", O_RDONLY) = 5 [pid 5521] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5521] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5502] <... futex resumed>) = 0 [pid 5521] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5502] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] <... ioctl resumed>) = 0 [ 74.378978][ T5503] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 74.414878][ T5503] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5521] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] <... futex resumed>) = 0 [pid 5521] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5503] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5503] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5502] exit_group(0 [pid 5521] <... futex resumed>) = ? [pid 5503] <... futex resumed>) = ? [pid 5502] <... exit_group resumed>) = ? [pid 5521] +++ exited with 0 +++ [pid 5503] +++ exited with 0 +++ [pid 5502] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5502, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.432703][ T5503] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5522 attached [pid 5522] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5522] chdir("./23") = 0 [pid 5522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5522 [pid 5522] setpgid(0, 0) = 0 [pid 5522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5522] write(3, "1000", 4) = 4 [pid 5522] close(3) = 0 [pid 5522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5522] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5522] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5523 attached [pid 5523] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5522] <... clone3 resumed> => {parent_tid=[5523]}, 88) = 5523 [pid 5523] set_robust_list(0x7f0bd5e299a0, 24 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5523] <... set_robust_list resumed>) = 0 [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5523] rt_sigprocmask(SIG_SETMASK, [], [pid 5522] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5522] <... futex resumed>) = 0 [pid 5523] memfd_create("syzkaller", 0 [pid 5522] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5523] <... memfd_create resumed>) = 3 [pid 5523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5523] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5523] close(3) = 0 [pid 5523] mkdir("./file0", 0777) = 0 [ 75.018863][ T5523] loop0: detected capacity change from 0 to 32768 [ 75.032518][ T5523] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5523) [ 75.049487][ T5523] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 75.058807][ T5523] BTRFS info (device loop0): force clearing of disk cache [ 75.065980][ T5523] BTRFS info (device loop0): setting nodatasum [ 75.072158][ T5523] BTRFS info (device loop0): allowing degraded mounts [ 75.078971][ T5523] BTRFS info (device loop0): enabling disk space caching [ 75.086077][ T5523] BTRFS info (device loop0): disk space caching is enabled [ 75.105740][ T5523] BTRFS info (device loop0): enabling ssd optimizations [pid 5523] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5523] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5523] chdir("./file0") = 0 [pid 5523] ioctl(4, LOOP_CLR_FD) = 0 [pid 5523] close(4) = 0 [pid 5523] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] open("./file0", O_RDONLY [pid 5522] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... open resumed>) = 4 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5522] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... ioctl resumed>) = 0 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] <... futex resumed>) = 0 [pid 5522] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5522] <... futex resumed>) = 0 [ 75.112818][ T5523] BTRFS info (device loop0): auto enabling async discard [ 75.120796][ T5523] BTRFS info (device loop0): rebuilding free space tree [ 75.132047][ T5523] BTRFS info (device loop0): disabling free space tree [ 75.139036][ T5523] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 75.148750][ T5523] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 75.161265][ T5523] BTRFS info (device loop0): checking UUID tree [pid 5522] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5522] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5522] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5541]}, 88) = 5541 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5522] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5541 attached [pid 5541] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5541] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5541] open(".", O_RDONLY) = 5 [pid 5541] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5541] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5522] <... futex resumed>) = 0 [ 75.201514][ T5523] BTRFS info (device loop0): balance: start -d -m [ 75.210653][ T5523] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 75.236755][ T5523] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5541] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5522] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... ioctl resumed>) = 0 [pid 5541] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5541] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5523] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5523] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5523] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] exit_group(0 [pid 5541] <... futex resumed>) = ? [pid 5523] <... futex resumed>) = ? [pid 5522] <... exit_group resumed>) = ? [pid 5541] +++ exited with 0 +++ [pid 5523] +++ exited with 0 +++ [pid 5522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5522, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- [ 75.318912][ T5523] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 75.339697][ T5523] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 75.358214][ T5523] BTRFS info (device loop0): balance: ended with status: 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5542 attached , child_tidptr=0x5555570ad690) = 5542 [pid 5542] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5542] chdir("./24") = 0 [pid 5542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5542] setpgid(0, 0) = 0 [pid 5542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5542] write(3, "1000", 4) = 4 [pid 5542] close(3) = 0 [pid 5542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5542] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5542] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5543 attached [pid 5543] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5542] <... clone3 resumed> => {parent_tid=[5543]}, 88) = 5543 [pid 5543] set_robust_list(0x7f0bd5e299a0, 24 [pid 5542] rt_sigprocmask(SIG_SETMASK, [], [pid 5543] <... set_robust_list resumed>) = 0 [pid 5543] rt_sigprocmask(SIG_SETMASK, [], [pid 5542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5542] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] memfd_create("syzkaller", 0 [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5543] <... memfd_create resumed>) = 3 [pid 5543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5543] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5543] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5543] close(3) = 0 [pid 5543] mkdir("./file0", 0777) = 0 [ 75.894384][ T5543] loop0: detected capacity change from 0 to 32768 [ 75.904330][ T5543] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5543) [ 75.920430][ T5543] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 75.930292][ T5543] BTRFS info (device loop0): force clearing of disk cache [ 75.937748][ T5543] BTRFS info (device loop0): setting nodatasum [ 75.943981][ T5543] BTRFS info (device loop0): allowing degraded mounts [ 75.950820][ T5543] BTRFS info (device loop0): enabling disk space caching [ 75.957971][ T5543] BTRFS info (device loop0): disk space caching is enabled [ 75.977176][ T5543] BTRFS info (device loop0): enabling ssd optimizations [ 75.984194][ T5543] BTRFS info (device loop0): auto enabling async discard [pid 5543] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5543] chdir("./file0") = 0 [pid 5543] ioctl(4, LOOP_CLR_FD) = 0 [pid 5543] close(4) = 0 [ 75.991993][ T5543] BTRFS info (device loop0): rebuilding free space tree [ 76.003078][ T5543] BTRFS info (device loop0): disabling free space tree [ 76.010300][ T5543] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 76.020011][ T5543] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 76.032401][ T5543] BTRFS info (device loop0): checking UUID tree [pid 5543] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = 1 [pid 5542] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] open("./file0", O_RDONLY [pid 5542] <... futex resumed>) = 0 [pid 5543] <... open resumed>) = 4 [pid 5542] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5543] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5542] <... futex resumed>) = 0 [pid 5543] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5542] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] <... ioctl resumed>) = 0 [pid 5543] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5543] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5542] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5542] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5542] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5561]}, 88) = 5561 [pid 5542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5542] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5561 attached [pid 5542] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5561] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5561] open(".", O_RDONLY) = 5 [pid 5561] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5561] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5542] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.103668][ T5543] BTRFS info (device loop0): balance: start -d -m [ 76.114206][ T5543] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 76.135743][ T5543] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5542] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... ioctl resumed>) = 0 [pid 5561] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5561] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5543] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] exit_group(0 [pid 5561] <... futex resumed>) = ? [pid 5543] <... futex resumed>) = ? [pid 5542] <... exit_group resumed>) = ? [pid 5561] +++ exited with 0 +++ [pid 5543] +++ exited with 0 +++ [pid 5542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5542, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 76.222607][ T5543] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 76.243468][ T5543] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 76.262394][ T5543] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5562 attached [pid 5562] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5562] chdir("./25") = 0 [pid 5562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5562 [pid 5562] setpgid(0, 0) = 0 [pid 5562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5562] write(3, "1000", 4) = 4 [pid 5562] close(3) = 0 [pid 5562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5562] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5562] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5562] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5563 attached [pid 5563] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5562] <... clone3 resumed> => {parent_tid=[5563]}, 88) = 5563 [pid 5563] <... rseq resumed>) = 0 [pid 5563] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5563] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5562] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5562] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5563] memfd_create("syzkaller", 0) = 3 [pid 5563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [ 76.636586][ T27] cfg80211: failed to load regulatory.db [pid 5563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5563] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5563] close(3) = 0 [pid 5563] mkdir("./file0", 0777) = 0 [ 76.809400][ T5563] loop0: detected capacity change from 0 to 32768 [ 76.822940][ T5563] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5563) [ 76.839335][ T5563] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 76.848624][ T5563] BTRFS info (device loop0): force clearing of disk cache [ 76.855764][ T5563] BTRFS info (device loop0): setting nodatasum [ 76.861932][ T5563] BTRFS info (device loop0): allowing degraded mounts [ 76.868743][ T5563] BTRFS info (device loop0): enabling disk space caching [ 76.875822][ T5563] BTRFS info (device loop0): disk space caching is enabled [ 76.894412][ T5563] BTRFS info (device loop0): enabling ssd optimizations [ 76.901383][ T5563] BTRFS info (device loop0): auto enabling async discard [pid 5563] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5563] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5563] chdir("./file0") = 0 [pid 5563] ioctl(4, LOOP_CLR_FD) = 0 [pid 5563] close(4) = 0 [pid 5563] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] open("./file0", O_RDONLY [pid 5562] <... futex resumed>) = 0 [pid 5563] <... open resumed>) = 4 [pid 5562] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5562] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... ioctl resumed>) = 0 [pid 5562] <... futex resumed>) = 0 [pid 5563] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.909584][ T5563] BTRFS info (device loop0): rebuilding free space tree [ 76.921011][ T5563] BTRFS info (device loop0): disabling free space tree [ 76.928096][ T5563] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 76.937815][ T5563] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 76.950499][ T5563] BTRFS info (device loop0): checking UUID tree [pid 5563] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5562] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = 0 [pid 5563] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5562] <... futex resumed>) = 1 [pid 5562] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5562] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5562] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5581 attached [ 77.005249][ T5563] BTRFS info (device loop0): balance: start -d -m [ 77.015666][ T5563] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 77.036839][ T5563] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5581] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5562] <... clone3 resumed> => {parent_tid=[5581]}, 88) = 5581 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5562] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... rseq resumed>) = 0 [pid 5581] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5581] open(".", O_RDONLY) = 5 [pid 5581] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5562] <... futex resumed>) = 1 [pid 5581] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5562] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = 0 [pid 5562] <... futex resumed>) = 1 [pid 5581] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 77.081627][ T5563] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5562] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... ioctl resumed>) = 0 [pid 5581] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5581] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5563] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] exit_group(0 [pid 5581] <... futex resumed>) = ? [pid 5563] <... futex resumed>) = ? [pid 5562] <... exit_group resumed>) = ? [pid 5581] +++ exited with 0 +++ [pid 5563] +++ exited with 0 +++ [pid 5562] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5562, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 77.126268][ T5563] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 77.145332][ T5563] BTRFS info (device loop0): balance: ended with status: 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5582 attached , child_tidptr=0x5555570ad690) = 5582 [pid 5582] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5582] chdir("./26") = 0 [pid 5582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5582] setpgid(0, 0) = 0 [pid 5582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5582] write(3, "1000", 4) = 4 [pid 5582] close(3) = 0 [pid 5582] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5582] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5582] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5582] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5582] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5582] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5582] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5583 attached [pid 5583] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5582] <... clone3 resumed> => {parent_tid=[5583]}, 88) = 5583 [pid 5583] <... rseq resumed>) = 0 [pid 5582] rt_sigprocmask(SIG_SETMASK, [], [pid 5583] set_robust_list(0x7f0bd5e299a0, 24 [pid 5582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5583] <... set_robust_list resumed>) = 0 [pid 5583] rt_sigprocmask(SIG_SETMASK, [], [pid 5582] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5582] <... futex resumed>) = 0 [pid 5583] memfd_create("syzkaller", 0 [pid 5582] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5583] <... memfd_create resumed>) = 3 [pid 5583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5583] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5583] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5583] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5583] close(3) = 0 [pid 5583] mkdir("./file0", 0777) = 0 [ 77.590842][ T5583] loop0: detected capacity change from 0 to 32768 [ 77.616102][ T5583] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5583) [ 77.631767][ T5583] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 77.642027][ T5583] BTRFS info (device loop0): force clearing of disk cache [ 77.649456][ T5583] BTRFS info (device loop0): setting nodatasum [ 77.655724][ T5583] BTRFS info (device loop0): allowing degraded mounts [ 77.662521][ T5583] BTRFS info (device loop0): enabling disk space caching [ 77.669640][ T5583] BTRFS info (device loop0): disk space caching is enabled [ 77.688647][ T5583] BTRFS info (device loop0): enabling ssd optimizations [ 77.695935][ T5583] BTRFS info (device loop0): auto enabling async discard [ 77.703779][ T5583] BTRFS info (device loop0): rebuilding free space tree [ 77.715982][ T5583] BTRFS info (device loop0): disabling free space tree [ 77.722898][ T5583] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5583] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5583] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5583] chdir("./file0") = 0 [pid 5583] ioctl(4, LOOP_CLR_FD) = 0 [pid 5583] close(4) = 0 [pid 5583] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5583] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] <... futex resumed>) = 0 [pid 5583] open("./file0", O_RDONLY) = 4 [pid 5583] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5582] <... futex resumed>) = 1 [pid 5583] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5582] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5583] <... futex resumed>) = 0 [ 77.732653][ T5583] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 77.745545][ T5583] BTRFS info (device loop0): checking UUID tree [pid 5583] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5582] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5582] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5582] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 77.787597][ T5583] BTRFS info (device loop0): balance: start -d -m [ 77.796650][ T5583] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 77.817123][ T5583] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5582] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5582] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5601]}, 88) = 5601 ./strace-static-x86_64: Process 5601 attached [pid 5601] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5582] rt_sigprocmask(SIG_SETMASK, [], [pid 5601] <... rseq resumed>) = 0 [pid 5582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5601] set_robust_list(0x7f0bd5e089a0, 24 [pid 5582] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... set_robust_list resumed>) = 0 [pid 5601] rt_sigprocmask(SIG_SETMASK, [], [pid 5582] <... futex resumed>) = 0 [pid 5601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5582] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] open(".", O_RDONLY) = 5 [pid 5601] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] <... futex resumed>) = 0 [pid 5601] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5582] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.857998][ T5583] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5582] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... ioctl resumed>) = 0 [pid 5601] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] <... futex resumed>) = 0 [pid 5583] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5583] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5582] exit_group(0 [pid 5601] <... futex resumed>) = ? [pid 5601] +++ exited with 0 +++ [pid 5583] <... futex resumed>) = ? [pid 5582] <... exit_group resumed>) = ? [pid 5583] +++ exited with 0 +++ [pid 5582] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5582, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 77.905264][ T5583] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 77.935929][ T5583] BTRFS info (device loop0): balance: ended with status: 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5602 attached , child_tidptr=0x5555570ad690) = 5602 [pid 5602] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5602] chdir("./27") = 0 [pid 5602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5602] setpgid(0, 0) = 0 [pid 5602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5602] write(3, "1000", 4) = 4 [pid 5602] close(3) = 0 [pid 5602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5602] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5602] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5602] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5603 attached [pid 5603] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5602] <... clone3 resumed> => {parent_tid=[5603]}, 88) = 5603 [pid 5603] <... rseq resumed>) = 0 [pid 5602] rt_sigprocmask(SIG_SETMASK, [], [pid 5603] set_robust_list(0x7f0bd5e299a0, 24 [pid 5602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5603] <... set_robust_list resumed>) = 0 [pid 5603] rt_sigprocmask(SIG_SETMASK, [], [pid 5602] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5602] <... futex resumed>) = 0 [pid 5603] memfd_create("syzkaller", 0 [pid 5602] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5603] <... memfd_create resumed>) = 3 [pid 5603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5603] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5603] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5603] close(3) = 0 [pid 5603] mkdir("./file0", 0777) = 0 [ 78.471921][ T5603] loop0: detected capacity change from 0 to 32768 [ 78.497564][ T5603] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5603) [ 78.513254][ T5603] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.522904][ T5603] BTRFS info (device loop0): force clearing of disk cache [ 78.530109][ T5603] BTRFS info (device loop0): setting nodatasum [ 78.536344][ T5603] BTRFS info (device loop0): allowing degraded mounts [ 78.543113][ T5603] BTRFS info (device loop0): enabling disk space caching [ 78.550172][ T5603] BTRFS info (device loop0): disk space caching is enabled [ 78.569965][ T5603] BTRFS info (device loop0): enabling ssd optimizations [ 78.577162][ T5603] BTRFS info (device loop0): auto enabling async discard [ 78.585793][ T5603] BTRFS info (device loop0): rebuilding free space tree [ 78.597541][ T5603] BTRFS info (device loop0): disabling free space tree [ 78.604499][ T5603] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5603] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5603] chdir("./file0") = 0 [pid 5603] ioctl(4, LOOP_CLR_FD) = 0 [pid 5603] close(4) = 0 [pid 5603] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] open("./file0", O_RDONLY [pid 5602] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... open resumed>) = 4 [pid 5603] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... ioctl resumed>) = 0 [pid 5603] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = 0 [pid 5602] <... futex resumed>) = 1 [pid 5603] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 78.614207][ T5603] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 78.626821][ T5603] BTRFS info (device loop0): checking UUID tree [pid 5602] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5602] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5602] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 78.667436][ T5603] BTRFS info (device loop0): balance: start -d -m [ 78.675135][ T5603] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 78.698326][ T5603] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5621 attached => {parent_tid=[5621]}, 88) = 5621 [pid 5602] rt_sigprocmask(SIG_SETMASK, [], [pid 5621] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5602] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] <... rseq resumed>) = 0 [pid 5602] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5621] open(".", O_RDONLY) = 5 [pid 5621] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5621] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5602] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.742526][ T5603] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5602] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... ioctl resumed>) = 0 [pid 5621] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = 0 [pid 5621] <... futex resumed>) = 1 [pid 5621] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5603] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5603] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] exit_group(0 [pid 5621] <... futex resumed>) = ? [pid 5621] +++ exited with 0 +++ [pid 5603] <... futex resumed>) = ? [pid 5602] <... exit_group resumed>) = ? [pid 5603] +++ exited with 0 +++ [pid 5602] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5602, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- [ 78.792874][ T5603] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 78.825455][ T5603] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5622 attached , child_tidptr=0x5555570ad690) = 5622 [pid 5622] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5622] chdir("./28") = 0 [pid 5622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5622] setpgid(0, 0) = 0 [pid 5622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5622] write(3, "1000", 4) = 4 [pid 5622] close(3) = 0 [pid 5622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5622] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5622] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5622] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5623 attached => {parent_tid=[5623]}, 88) = 5623 [pid 5623] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], [pid 5623] set_robust_list(0x7f0bd5e299a0, 24 [pid 5622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5623] <... set_robust_list resumed>) = 0 [pid 5623] rt_sigprocmask(SIG_SETMASK, [], [pid 5622] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5622] <... futex resumed>) = 0 [pid 5622] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5623] memfd_create("syzkaller", 0) = 3 [pid 5623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5623] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5623] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5623] close(3) = 0 [pid 5623] mkdir("./file0", 0777) = 0 [ 79.348734][ T5623] loop0: detected capacity change from 0 to 32768 [ 79.358392][ T5623] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5623) [ 79.375107][ T5623] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 79.384383][ T5623] BTRFS info (device loop0): force clearing of disk cache [ 79.391481][ T5623] BTRFS info (device loop0): setting nodatasum [ 79.397710][ T5623] BTRFS info (device loop0): allowing degraded mounts [ 79.404499][ T5623] BTRFS info (device loop0): enabling disk space caching [ 79.411507][ T5623] BTRFS info (device loop0): disk space caching is enabled [ 79.430671][ T5623] BTRFS info (device loop0): enabling ssd optimizations [ 79.437751][ T5623] BTRFS info (device loop0): auto enabling async discard [pid 5623] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5623] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5623] chdir("./file0") = 0 [pid 5623] ioctl(4, LOOP_CLR_FD) = 0 [pid 5623] close(4) = 0 [ 79.445691][ T5623] BTRFS info (device loop0): rebuilding free space tree [ 79.457620][ T5623] BTRFS info (device loop0): disabling free space tree [ 79.464647][ T5623] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 79.474352][ T5623] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 79.487108][ T5623] BTRFS info (device loop0): checking UUID tree [pid 5623] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] <... futex resumed>) = 0 [pid 5622] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5622] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] <... futex resumed>) = 0 [pid 5623] open("./file0", O_RDONLY) = 4 [pid 5623] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5622] <... futex resumed>) = 0 [pid 5623] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5622] <... futex resumed>) = 0 [pid 5623] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5622] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] <... ioctl resumed>) = 0 [pid 5623] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... futex resumed>) = 0 [pid 5622] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5623] <... futex resumed>) = 1 [pid 5623] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5622] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5622] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5622] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5622] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5641]}, 88) = 5641 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5622] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5622] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5641 attached [pid 5641] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5641] set_robust_list(0x7f0bd5e089a0, 24) = 0 [ 79.585511][ T5623] BTRFS info (device loop0): balance: start -d -m [ 79.594502][ T5623] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5641] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5641] open(".", O_RDONLY) = 5 [pid 5641] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] <... futex resumed>) = 0 [pid 5622] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] <... futex resumed>) = 0 [pid 5641] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5622] <... futex resumed>) = 1 [pid 5622] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5641] <... ioctl resumed>) = 0 [pid 5641] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] <... futex resumed>) = 0 [ 79.630964][ T5623] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 79.668727][ T5623] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5623] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5623] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5622] exit_group(0 [pid 5641] <... futex resumed>) = ? [pid 5622] <... exit_group resumed>) = ? [pid 5623] <... futex resumed>) = ? [pid 5641] +++ exited with 0 +++ [pid 5623] +++ exited with 0 +++ [pid 5622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5622, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 79.691265][ T5623] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 79.711166][ T5623] BTRFS info (device loop0): balance: ended with status: 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5642 attached , child_tidptr=0x5555570ad690) = 5642 [pid 5642] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5642] chdir("./29") = 0 [pid 5642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5642] setpgid(0, 0) = 0 [pid 5642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5642] write(3, "1000", 4) = 4 [pid 5642] close(3) = 0 [pid 5642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5642] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5642] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5642] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5643 attached => {parent_tid=[5643]}, 88) = 5643 [pid 5642] rt_sigprocmask(SIG_SETMASK, [], [pid 5643] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5642] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5643] <... rseq resumed>) = 0 [pid 5643] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5643] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... futex resumed>) = 0 [pid 5643] memfd_create("syzkaller", 0 [pid 5642] <... futex resumed>) = 1 [pid 5642] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5643] <... memfd_create resumed>) = 3 [pid 5643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5643] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5643] close(3) = 0 [pid 5643] mkdir("./file0", 0777) = 0 [ 80.217179][ T5643] loop0: detected capacity change from 0 to 32768 [ 80.236942][ T5643] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5643) [ 80.252751][ T5643] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5643] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5643] chdir("./file0") = 0 [ 80.262064][ T5643] BTRFS info (device loop0): force clearing of disk cache [ 80.269225][ T5643] BTRFS info (device loop0): setting nodatasum [ 80.275607][ T5643] BTRFS info (device loop0): allowing degraded mounts [ 80.282373][ T5643] BTRFS info (device loop0): enabling disk space caching [pid 5643] ioctl(4, LOOP_CLR_FD) = 0 [pid 5643] close(4) = 0 [pid 5643] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] open("./file0", O_RDONLY [pid 5642] <... futex resumed>) = 0 [pid 5643] <... open resumed>) = 4 [pid 5642] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] <... futex resumed>) = 1 [pid 5642] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5643] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5643] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5642] <... futex resumed>) = 0 [pid 5643] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5642] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5642] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5642] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5661]}, 88) = 5661 [pid 5642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5642] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5661 attached [pid 5661] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5661] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5661] open(".", O_RDONLY) = 5 [pid 5661] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5661] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5642] <... futex resumed>) = 0 [pid 5661] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5642] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5661] <... ioctl resumed>) = 0 [pid 5661] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] <... futex resumed>) = 0 [pid 5661] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5643] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5643] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5643] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5642] exit_group(0 [pid 5643] <... futex resumed>) = ? [pid 5642] <... exit_group resumed>) = ? [pid 5643] +++ exited with 0 +++ [pid 5661] <... futex resumed>) = ? [pid 5661] +++ exited with 0 +++ [pid 5642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5642, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5662 attached , child_tidptr=0x5555570ad690) = 5662 [pid 5662] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5662] chdir("./30") = 0 [pid 5662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5662] setpgid(0, 0) = 0 [pid 5662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5662] write(3, "1000", 4) = 4 [pid 5662] close(3) = 0 [pid 5662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5662] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5662] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5663 attached => {parent_tid=[5663]}, 88) = 5663 [pid 5663] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5662] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5663] <... rseq resumed>) = 0 [pid 5663] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5663] memfd_create("syzkaller", 0) = 3 [pid 5663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5663] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5663] close(3) = 0 [pid 5663] mkdir("./file0", 0777) = 0 [ 81.090138][ T5663] loop0: detected capacity change from 0 to 32768 [ 81.103960][ T5663] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5663) [ 81.120300][ T5663] _btrfs_printk: 14 callbacks suppressed [ 81.120315][ T5663] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 81.135257][ T5663] BTRFS info (device loop0): force clearing of disk cache [ 81.142358][ T5663] BTRFS info (device loop0): setting nodatasum [ 81.148566][ T5663] BTRFS info (device loop0): allowing degraded mounts [ 81.155358][ T5663] BTRFS info (device loop0): enabling disk space caching [ 81.162376][ T5663] BTRFS info (device loop0): disk space caching is enabled [ 81.181227][ T5663] BTRFS info (device loop0): enabling ssd optimizations [ 81.188238][ T5663] BTRFS info (device loop0): auto enabling async discard [ 81.196241][ T5663] BTRFS info (device loop0): rebuilding free space tree [ 81.207345][ T5663] BTRFS info (device loop0): disabling free space tree [ 81.214489][ T5663] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 81.224321][ T5663] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5663] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5663] chdir("./file0") = 0 [pid 5663] ioctl(4, LOOP_CLR_FD) = 0 [pid 5663] close(4) = 0 [pid 5663] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] open("./file0", O_RDONLY [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... open resumed>) = 4 [ 81.236747][ T5663] BTRFS info (device loop0): checking UUID tree [pid 5663] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5662] <... futex resumed>) = 0 [pid 5663] <... futex resumed>) = 1 [pid 5662] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5662] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... ioctl resumed>) = 0 [pid 5663] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] <... futex resumed>) = 0 [pid 5663] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5662] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5662] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5662] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5681 attached [pid 5681] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5681] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5681] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] <... clone3 resumed> => {parent_tid=[5681]}, 88) = 5681 [pid 5662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5662] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... futex resumed>) = 0 [pid 5681] open(".", O_RDONLY) = 5 [pid 5681] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5681] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5681] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5662] <... futex resumed>) = 0 [ 81.320048][ T5663] BTRFS info (device loop0): balance: start -d -m [ 81.330863][ T5663] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 81.356424][ T5663] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5662] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... ioctl resumed>) = 0 [pid 5681] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5681] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5663] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5663] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] exit_group(0 [pid 5681] <... futex resumed>) = ? [pid 5681] +++ exited with 0 +++ [pid 5663] <... futex resumed>) = ? [pid 5662] <... exit_group resumed>) = ? [pid 5663] +++ exited with 0 +++ [pid 5662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5662, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 81.414770][ T5663] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 81.437058][ T5663] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 81.454983][ T5663] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5682 attached , child_tidptr=0x5555570ad690) = 5682 [pid 5682] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5682] chdir("./31") = 0 [pid 5682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5682] setpgid(0, 0) = 0 [pid 5682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5682] write(3, "1000", 4) = 4 [pid 5682] close(3) = 0 [pid 5682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5682] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5682] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5682] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5683 attached [pid 5683] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5682] <... clone3 resumed> => {parent_tid=[5683]}, 88) = 5683 [pid 5683] <... rseq resumed>) = 0 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], [pid 5683] set_robust_list(0x7f0bd5e299a0, 24 [pid 5682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5683] <... set_robust_list resumed>) = 0 [pid 5682] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5682] <... futex resumed>) = 0 [pid 5683] memfd_create("syzkaller", 0 [pid 5682] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5683] <... memfd_create resumed>) = 3 [pid 5683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5683] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5683] close(3) = 0 [pid 5683] mkdir("./file0", 0777) = 0 [ 81.995142][ T5683] loop0: detected capacity change from 0 to 32768 [ 82.020124][ T5683] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5683) [ 82.035905][ T5683] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 82.045191][ T5683] BTRFS info (device loop0): force clearing of disk cache [ 82.052303][ T5683] BTRFS info (device loop0): setting nodatasum [ 82.058539][ T5683] BTRFS info (device loop0): allowing degraded mounts [ 82.065373][ T5683] BTRFS info (device loop0): enabling disk space caching [ 82.072423][ T5683] BTRFS info (device loop0): disk space caching is enabled [ 82.091282][ T5683] BTRFS info (device loop0): enabling ssd optimizations [ 82.098375][ T5683] BTRFS info (device loop0): auto enabling async discard [ 82.106740][ T5683] BTRFS info (device loop0): rebuilding free space tree [ 82.117920][ T5683] BTRFS info (device loop0): disabling free space tree [ 82.124944][ T5683] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 82.134731][ T5683] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5683] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5683] chdir("./file0") = 0 [pid 5683] ioctl(4, LOOP_CLR_FD) = 0 [pid 5683] close(4) = 0 [pid 5683] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5683] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] <... futex resumed>) = 0 [pid 5683] open("./file0", O_RDONLY) = 4 [pid 5683] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] <... futex resumed>) = 0 [pid 5682] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [ 82.147263][ T5683] BTRFS info (device loop0): checking UUID tree [pid 5682] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5683] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5683] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5683] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5682] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5682] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5682] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5682] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5682] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5701 attached [pid 5701] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5682] <... clone3 resumed> => {parent_tid=[5701]}, 88) = 5701 [pid 5701] <... rseq resumed>) = 0 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], [pid 5701] set_robust_list(0x7f0bd5e089a0, 24 [pid 5682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5701] <... set_robust_list resumed>) = 0 [pid 5682] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] rt_sigprocmask(SIG_SETMASK, [], [pid 5682] <... futex resumed>) = 0 [pid 5701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5682] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] open(".", O_RDONLY) = 5 [pid 5701] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5701] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5682] <... futex resumed>) = 0 [pid 5701] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 82.215228][ T5683] BTRFS info (device loop0): balance: start -d -m [ 82.226178][ T5683] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 82.251864][ T5683] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5682] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5701] <... ioctl resumed>) = 0 [pid 5701] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5682] <... futex resumed>) = 0 [pid 5701] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5683] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5683] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5682] exit_group(0 [pid 5701] <... futex resumed>) = ? [pid 5683] <... futex resumed>) = ? [pid 5682] <... exit_group resumed>) = ? [pid 5701] +++ exited with 0 +++ [pid 5683] +++ exited with 0 +++ [pid 5682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5682, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- [ 82.327854][ T5683] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 82.348991][ T5683] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 82.366894][ T5683] BTRFS info (device loop0): balance: ended with status: 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5702 attached , child_tidptr=0x5555570ad690) = 5702 [pid 5702] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5702] chdir("./32") = 0 [pid 5702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5702] setpgid(0, 0) = 0 [pid 5702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5702] write(3, "1000", 4) = 4 [pid 5702] close(3) = 0 [pid 5702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5702] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5702] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5703 attached [pid 5703] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5702] <... clone3 resumed> => {parent_tid=[5703]}, 88) = 5703 [pid 5703] set_robust_list(0x7f0bd5e299a0, 24 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], [pid 5703] <... set_robust_list resumed>) = 0 [pid 5703] rt_sigprocmask(SIG_SETMASK, [], [pid 5702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5702] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] memfd_create("syzkaller", 0 [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5703] <... memfd_create resumed>) = 3 [pid 5703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5703] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5703] close(3) = 0 [pid 5703] mkdir("./file0", 0777) = 0 [ 82.910601][ T5703] loop0: detected capacity change from 0 to 32768 [ 82.925267][ T5703] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5703) [ 82.940133][ T5703] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 82.949442][ T5703] BTRFS info (device loop0): force clearing of disk cache [ 82.956684][ T5703] BTRFS info (device loop0): setting nodatasum [ 82.962845][ T5703] BTRFS info (device loop0): allowing degraded mounts [ 82.969662][ T5703] BTRFS info (device loop0): enabling disk space caching [ 82.976739][ T5703] BTRFS info (device loop0): disk space caching is enabled [ 82.996003][ T5703] BTRFS info (device loop0): enabling ssd optimizations [ 83.003090][ T5703] BTRFS info (device loop0): auto enabling async discard [pid 5703] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5703] chdir("./file0") = 0 [pid 5703] ioctl(4, LOOP_CLR_FD) = 0 [pid 5703] close(4) = 0 [pid 5703] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5703] <... futex resumed>) = 1 [pid 5702] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] open("./file0", O_RDONLY [pid 5702] <... futex resumed>) = 0 [pid 5703] <... open resumed>) = 4 [pid 5702] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [ 83.011316][ T5703] BTRFS info (device loop0): rebuilding free space tree [ 83.022387][ T5703] BTRFS info (device loop0): disabling free space tree [ 83.029364][ T5703] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 83.039172][ T5703] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 83.051805][ T5703] BTRFS info (device loop0): checking UUID tree [pid 5703] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] <... futex resumed>) = 0 [pid 5703] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5702] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... ioctl resumed>) = 0 [pid 5703] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5703] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5702] <... futex resumed>) = 0 [pid 5703] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5702] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5702] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5702] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5721]}, 88) = 5721 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5702] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5721 attached [pid 5721] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5721] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5721] open(".", O_RDONLY) = 5 [pid 5721] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5721] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5702] <... futex resumed>) = 0 [pid 5702] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = 0 [pid 5702] <... futex resumed>) = 1 [pid 5721] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 83.119532][ T5703] BTRFS info (device loop0): balance: start -d -m [ 83.129939][ T5703] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 83.155647][ T5703] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5702] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5721] <... ioctl resumed>) = 0 [pid 5721] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5721] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5703] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5703] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] exit_group(0 [pid 5721] <... futex resumed>) = ? [pid 5721] +++ exited with 0 +++ [pid 5702] <... exit_group resumed>) = ? [pid 5703] +++ exited with 0 +++ [pid 5702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5702, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 83.215631][ T5703] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 83.236581][ T5703] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 83.254636][ T5703] BTRFS info (device loop0): balance: ended with status: 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5722 attached , child_tidptr=0x5555570ad690) = 5722 [pid 5722] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5722] chdir("./33") = 0 [pid 5722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5722] setpgid(0, 0) = 0 [pid 5722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5722] write(3, "1000", 4) = 4 [pid 5722] close(3) = 0 [pid 5722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5722] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5722] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5722] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5722] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5722] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5722] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5723 attached [pid 5723] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5722] <... clone3 resumed> => {parent_tid=[5723]}, 88) = 5723 [pid 5723] <... rseq resumed>) = 0 [pid 5722] rt_sigprocmask(SIG_SETMASK, [], [pid 5723] set_robust_list(0x7f0bd5e299a0, 24 [pid 5722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5723] <... set_robust_list resumed>) = 0 [pid 5722] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] rt_sigprocmask(SIG_SETMASK, [], [pid 5722] <... futex resumed>) = 0 [pid 5723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5723] memfd_create("syzkaller", 0 [pid 5722] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5723] <... memfd_create resumed>) = 3 [pid 5723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5723] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5723] close(3) = 0 [pid 5723] mkdir("./file0", 0777) = 0 [ 83.753552][ T5723] loop0: detected capacity change from 0 to 32768 [ 83.777428][ T5723] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5723) [ 83.792567][ T5723] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.801987][ T5723] BTRFS info (device loop0): force clearing of disk cache [ 83.809162][ T5723] BTRFS info (device loop0): setting nodatasum [ 83.815356][ T5723] BTRFS info (device loop0): allowing degraded mounts [ 83.822128][ T5723] BTRFS info (device loop0): enabling disk space caching [ 83.829179][ T5723] BTRFS info (device loop0): disk space caching is enabled [ 83.848163][ T5723] BTRFS info (device loop0): enabling ssd optimizations [ 83.855199][ T5723] BTRFS info (device loop0): auto enabling async discard [ 83.863149][ T5723] BTRFS info (device loop0): rebuilding free space tree [ 83.874317][ T5723] BTRFS info (device loop0): disabling free space tree [ 83.881238][ T5723] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 83.890943][ T5723] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5723] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5723] chdir("./file0") = 0 [pid 5723] ioctl(4, LOOP_CLR_FD) = 0 [pid 5723] close(4) = 0 [pid 5723] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5723] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] <... futex resumed>) = 0 [pid 5722] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 1 [pid 5723] open("./file0", O_RDONLY [pid 5722] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] <... open resumed>) = 4 [ 83.903687][ T5723] BTRFS info (device loop0): checking UUID tree [pid 5723] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [pid 5723] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5722] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... ioctl resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5722] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5723] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [pid 5723] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5722] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5722] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5722] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5722] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5722] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5722] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5741 attached => {parent_tid=[5741]}, 88) = 5741 [pid 5741] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5722] rt_sigprocmask(SIG_SETMASK, [], [pid 5741] <... rseq resumed>) = 0 [pid 5722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5741] set_robust_list(0x7f0bd5e089a0, 24 [pid 5722] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... set_robust_list resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5741] rt_sigprocmask(SIG_SETMASK, [], [pid 5722] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5741] open(".", O_RDONLY) = 5 [pid 5741] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [pid 5741] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5722] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5722] <... futex resumed>) = 0 [pid 5741] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 83.975434][ T5723] BTRFS info (device loop0): balance: start -d -m [ 83.985384][ T5723] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 84.009069][ T5723] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5722] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... ioctl resumed>) = 0 [pid 5741] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5722] <... futex resumed>) = 0 [pid 5741] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5723] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5723] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] exit_group(0 [pid 5723] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = ? [pid 5741] +++ exited with 0 +++ [pid 5723] +++ exited with 0 +++ [pid 5722] <... exit_group resumed>) = ? [pid 5722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5722, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 84.086687][ T5723] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 84.110054][ T5723] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 84.127514][ T5723] BTRFS info (device loop0): balance: ended with status: 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5742 attached [pid 5742] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5742] chdir("./34") = 0 [pid 5742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5742 [pid 5742] setpgid(0, 0) = 0 [pid 5742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5742] write(3, "1000", 4) = 4 [pid 5742] close(3) = 0 [pid 5742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5742] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5742] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5742] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5743 attached [pid 5743] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5742] <... clone3 resumed> => {parent_tid=[5743]}, 88) = 5743 [pid 5743] set_robust_list(0x7f0bd5e299a0, 24 [pid 5742] rt_sigprocmask(SIG_SETMASK, [], [pid 5743] <... set_robust_list resumed>) = 0 [pid 5742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5743] rt_sigprocmask(SIG_SETMASK, [], [pid 5742] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5742] <... futex resumed>) = 0 [pid 5743] memfd_create("syzkaller", 0 [pid 5742] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5743] <... memfd_create resumed>) = 3 [pid 5743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5743] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5743] close(3) = 0 [pid 5743] mkdir("./file0", 0777) = 0 [ 84.559337][ T5743] loop0: detected capacity change from 0 to 32768 [ 84.586038][ T5743] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5743) [ 84.602670][ T5743] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.612032][ T5743] BTRFS info (device loop0): force clearing of disk cache [ 84.619233][ T5743] BTRFS info (device loop0): setting nodatasum [ 84.625548][ T5743] BTRFS info (device loop0): allowing degraded mounts [ 84.632338][ T5743] BTRFS info (device loop0): enabling disk space caching [ 84.639577][ T5743] BTRFS info (device loop0): disk space caching is enabled [ 84.659054][ T5743] BTRFS info (device loop0): enabling ssd optimizations [ 84.666172][ T5743] BTRFS info (device loop0): auto enabling async discard [ 84.673942][ T5743] BTRFS info (device loop0): rebuilding free space tree [ 84.684631][ T5743] BTRFS info (device loop0): disabling free space tree [ 84.691537][ T5743] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5743] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5743] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5743] chdir("./file0") = 0 [pid 5743] ioctl(4, LOOP_CLR_FD) = 0 [pid 5743] close(4) = 0 [pid 5743] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5743] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5742] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5742] <... futex resumed>) = 0 [pid 5743] open("./file0", O_RDONLY [pid 5742] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] <... open resumed>) = 4 [pid 5743] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5742] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5742] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] <... ioctl resumed>) = 0 [pid 5743] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5743] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5742] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 84.701231][ T5743] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 84.713670][ T5743] BTRFS info (device loop0): checking UUID tree [pid 5742] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5742] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5742] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5742] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5742] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5761 attached => {parent_tid=[5761]}, 88) = 5761 [pid 5761] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5761] set_robust_list(0x7f0bd5e089a0, 24 [pid 5742] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... set_robust_list resumed>) = 0 [pid 5742] <... futex resumed>) = 0 [pid 5761] rt_sigprocmask(SIG_SETMASK, [], [pid 5742] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5761] open(".", O_RDONLY) = 5 [pid 5761] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5742] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5761] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 84.765171][ T5743] BTRFS info (device loop0): balance: start -d -m [ 84.774930][ T5743] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 84.798585][ T5743] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5742] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] <... ioctl resumed>) = 0 [pid 5761] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [ 84.867040][ T5743] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 84.894530][ T5743] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5761] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5743] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] exit_group(0 [pid 5743] <... futex resumed>) = ? [pid 5742] <... exit_group resumed>) = ? [pid 5761] <... futex resumed>) = ? [pid 5743] +++ exited with 0 +++ [pid 5761] +++ exited with 0 +++ [pid 5742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5742, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 84.911053][ T5743] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5762 attached , child_tidptr=0x5555570ad690) = 5762 [pid 5762] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5762] chdir("./35") = 0 [pid 5762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5762] setpgid(0, 0) = 0 [pid 5762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5762] write(3, "1000", 4) = 4 [pid 5762] close(3) = 0 [pid 5762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5762] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5762] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5762] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5762] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5762] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5762] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5763 attached [pid 5763] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5762] <... clone3 resumed> => {parent_tid=[5763]}, 88) = 5763 [pid 5763] <... rseq resumed>) = 0 [pid 5763] set_robust_list(0x7f0bd5e299a0, 24 [pid 5762] rt_sigprocmask(SIG_SETMASK, [], [pid 5763] <... set_robust_list resumed>) = 0 [pid 5762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5762] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] memfd_create("syzkaller", 0 [pid 5762] <... futex resumed>) = 0 [pid 5762] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5763] <... memfd_create resumed>) = 3 [pid 5763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5763] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5763] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5763] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5763] close(3) = 0 [pid 5763] mkdir("./file0", 0777) = 0 [ 85.416077][ T5763] loop0: detected capacity change from 0 to 32768 [ 85.440360][ T5763] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5763) [ 85.456416][ T5763] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 5763] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5763] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5763] chdir("./file0") = 0 [pid 5763] ioctl(4, LOOP_CLR_FD) = 0 [pid 5763] close(4) = 0 [pid 5763] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5763] open("./file0", O_RDONLY [pid 5762] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] <... open resumed>) = 4 [pid 5762] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] <... futex resumed>) = 0 [pid 5763] <... futex resumed>) = 1 [pid 5762] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5762] <... futex resumed>) = 0 [pid 5763] <... ioctl resumed>) = 0 [pid 5763] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5763] <... futex resumed>) = 0 [pid 5762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5763] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5762] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 85.465747][ T5763] BTRFS info (device loop0): force clearing of disk cache [ 85.472847][ T5763] BTRFS info (device loop0): setting nodatasum [ 85.479043][ T5763] BTRFS info (device loop0): allowing degraded mounts [ 85.485847][ T5763] BTRFS info (device loop0): enabling disk space caching [pid 5762] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5762] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5762] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5762] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5762] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5781 attached [pid 5781] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5762] <... clone3 resumed> => {parent_tid=[5781]}, 88) = 5781 [pid 5762] rt_sigprocmask(SIG_SETMASK, [], [pid 5781] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5781] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5762] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... futex resumed>) = 0 [pid 5781] open(".", O_RDONLY) = 5 [pid 5781] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5762] <... futex resumed>) = 0 [pid 5762] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = 0 [pid 5762] <... futex resumed>) = 1 [pid 5781] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5762] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] <... ioctl resumed>) = 0 [pid 5781] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5762] <... futex resumed>) = 0 [pid 5781] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5763] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5762] exit_group(0 [pid 5781] <... futex resumed>) = ? [pid 5762] <... exit_group resumed>) = ? [pid 5781] +++ exited with 0 +++ [pid 5763] <... futex resumed>) = ? [pid 5763] +++ exited with 0 +++ [pid 5762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5762, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5782 attached [pid 5782] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5782] chdir("./36" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5782 [pid 5782] <... chdir resumed>) = 0 [pid 5782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5782] setpgid(0, 0) = 0 [pid 5782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "1000", 4) = 4 [pid 5782] close(3) = 0 [pid 5782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5782] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5782] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5782] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5782] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5782] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5783 attached [pid 5783] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5782] <... clone3 resumed> => {parent_tid=[5783]}, 88) = 5783 [pid 5783] <... rseq resumed>) = 0 [pid 5783] set_robust_list(0x7f0bd5e299a0, 24 [pid 5782] rt_sigprocmask(SIG_SETMASK, [], [pid 5783] <... set_robust_list resumed>) = 0 [pid 5782] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5783] rt_sigprocmask(SIG_SETMASK, [], [pid 5782] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5782] <... futex resumed>) = 0 [pid 5783] memfd_create("syzkaller", 0 [pid 5782] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5783] <... memfd_create resumed>) = 3 [pid 5783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5783] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5783] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5783] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5783] close(3) = 0 [pid 5783] mkdir("./file0", 0777) = 0 [ 86.200166][ T5783] loop0: detected capacity change from 0 to 32768 [ 86.215239][ T5783] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5783) [ 86.230943][ T5783] _btrfs_printk: 14 callbacks suppressed [ 86.230958][ T5783] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 86.246301][ T5783] BTRFS info (device loop0): force clearing of disk cache [ 86.253547][ T5783] BTRFS info (device loop0): setting nodatasum [ 86.259753][ T5783] BTRFS info (device loop0): allowing degraded mounts [ 86.266879][ T5783] BTRFS info (device loop0): enabling disk space caching [ 86.273962][ T5783] BTRFS info (device loop0): disk space caching is enabled [ 86.292594][ T5783] BTRFS info (device loop0): enabling ssd optimizations [ 86.299619][ T5783] BTRFS info (device loop0): auto enabling async discard [ 86.307654][ T5783] BTRFS info (device loop0): rebuilding free space tree [ 86.318306][ T5783] BTRFS info (device loop0): disabling free space tree [ 86.325313][ T5783] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 86.335045][ T5783] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5783] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5783] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5783] chdir("./file0") = 0 [pid 5783] ioctl(4, LOOP_CLR_FD) = 0 [pid 5783] close(4) = 0 [pid 5783] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5783] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5782] <... futex resumed>) = 0 [pid 5783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5782] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 86.347952][ T5783] BTRFS info (device loop0): checking UUID tree [pid 5783] open("./file0", O_RDONLY) = 4 [pid 5783] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5783] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5782] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... ioctl resumed>) = 0 [pid 5782] <... futex resumed>) = 0 [pid 5782] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5783] <... futex resumed>) = 0 [pid 5783] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5782] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5782] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5782] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5782] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5782] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5801 attached [pid 5801] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5801] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5801] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5801] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5782] <... clone3 resumed> => {parent_tid=[5801]}, 88) = 5801 [pid 5782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5782] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = 0 [pid 5782] <... futex resumed>) = 1 [pid 5801] open(".", O_RDONLY) = 5 [pid 5782] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5801] <... futex resumed>) = 0 [pid 5801] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5782] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5782] <... futex resumed>) = 0 [pid 5801] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 86.405484][ T5783] BTRFS info (device loop0): balance: start -d -m [ 86.413267][ T5783] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 86.435987][ T5783] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5782] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5801] <... ioctl resumed>) = 0 [pid 5801] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5801] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5783] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5783] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] exit_group(0) = ? [pid 5801] <... futex resumed>) = ? [pid 5783] <... futex resumed>) = ? [pid 5801] +++ exited with 0 +++ [pid 5783] +++ exited with 0 +++ [pid 5782] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5782, si_uid=0, si_status=0, si_utime=0, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 86.522036][ T5783] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 86.542752][ T5783] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 86.560367][ T5783] BTRFS info (device loop0): balance: ended with status: 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5802 attached [pid 5802] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5802] chdir("./37") = 0 [pid 5802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5802 [pid 5802] setpgid(0, 0) = 0 [pid 5802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5802] write(3, "1000", 4) = 4 [pid 5802] close(3) = 0 [pid 5802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5802] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5802] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5802] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5802] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5802] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5803 attached => {parent_tid=[5803]}, 88) = 5803 [pid 5803] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5802] rt_sigprocmask(SIG_SETMASK, [], [pid 5803] <... rseq resumed>) = 0 [pid 5802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5803] set_robust_list(0x7f0bd5e299a0, 24 [pid 5802] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... set_robust_list resumed>) = 0 [pid 5803] rt_sigprocmask(SIG_SETMASK, [], [pid 5802] <... futex resumed>) = 0 [pid 5803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5802] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5803] memfd_create("syzkaller", 0) = 3 [pid 5803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5803] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5803] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5803] close(3) = 0 [pid 5803] mkdir("./file0", 0777) = 0 [ 87.083785][ T5803] loop0: detected capacity change from 0 to 32768 [ 87.093539][ T5803] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5803) [ 87.109859][ T5803] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 87.119146][ T5803] BTRFS info (device loop0): force clearing of disk cache [ 87.126296][ T5803] BTRFS info (device loop0): setting nodatasum [ 87.132460][ T5803] BTRFS info (device loop0): allowing degraded mounts [ 87.139312][ T5803] BTRFS info (device loop0): enabling disk space caching [ 87.146416][ T5803] BTRFS info (device loop0): disk space caching is enabled [ 87.166028][ T5803] BTRFS info (device loop0): enabling ssd optimizations [ 87.173271][ T5803] BTRFS info (device loop0): auto enabling async discard [pid 5803] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5803] chdir("./file0") = 0 [pid 5803] ioctl(4, LOOP_CLR_FD) = 0 [pid 5803] close(4) = 0 [pid 5803] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = 0 [pid 5802] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... futex resumed>) = 1 [pid 5802] <... futex resumed>) = 0 [pid 5803] open("./file0", O_RDONLY [pid 5802] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5803] <... open resumed>) = 4 [ 87.181519][ T5803] BTRFS info (device loop0): rebuilding free space tree [ 87.192650][ T5803] BTRFS info (device loop0): disabling free space tree [ 87.199831][ T5803] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 87.209878][ T5803] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 87.222644][ T5803] BTRFS info (device loop0): checking UUID tree [pid 5803] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] <... futex resumed>) = 0 [pid 5803] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5802] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5802] <... futex resumed>) = 0 [pid 5803] <... ioctl resumed>) = 0 [pid 5802] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5803] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] <... futex resumed>) = 0 [pid 5803] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5802] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5802] <... futex resumed>) = 0 [pid 5803] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5802] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5802] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5802] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5802] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5821 attached => {parent_tid=[5821]}, 88) = 5821 [pid 5821] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5802] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... rseq resumed>) = 0 [pid 5802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] set_robust_list(0x7f0bd5e089a0, 24 [pid 5802] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... set_robust_list resumed>) = 0 [pid 5802] <... futex resumed>) = 0 [pid 5821] rt_sigprocmask(SIG_SETMASK, [], [pid 5802] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] open(".", O_RDONLY) = 5 [pid 5821] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] <... futex resumed>) = 0 [pid 5821] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5802] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5802] <... futex resumed>) = 0 [pid 5821] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 87.281277][ T5803] BTRFS info (device loop0): balance: start -d -m [ 87.289399][ T5803] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 87.311545][ T5803] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5802] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... ioctl resumed>) = 0 [pid 5821] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5802] <... futex resumed>) = 0 [ 87.384659][ T5803] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 87.419186][ T5803] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5821] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5803] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5803] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] exit_group(0 [pid 5821] <... futex resumed>) = ? [pid 5803] <... futex resumed>) = ? [pid 5802] <... exit_group resumed>) = ? [pid 5821] +++ exited with 0 +++ [pid 5803] +++ exited with 0 +++ [pid 5802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5802, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 87.443631][ T5803] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5822 attached [pid 5822] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5822] chdir("./38") = 0 [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5822 [pid 5822] setpgid(0, 0) = 0 [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5822] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5822] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5823 attached [pid 5823] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5822] <... clone3 resumed> => {parent_tid=[5823]}, 88) = 5823 [pid 5823] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], [pid 5823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5823] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5823] memfd_create("syzkaller", 0 [pid 5822] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5823] <... memfd_create resumed>) = 3 [pid 5823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5823] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5823] close(3) = 0 [pid 5823] mkdir("./file0", 0777) = 0 [ 87.987318][ T5823] loop0: detected capacity change from 0 to 32768 [ 88.001041][ T5823] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5823) [ 88.017577][ T5823] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.026909][ T5823] BTRFS info (device loop0): force clearing of disk cache [ 88.034072][ T5823] BTRFS info (device loop0): setting nodatasum [ 88.040229][ T5823] BTRFS info (device loop0): allowing degraded mounts [ 88.047163][ T5823] BTRFS info (device loop0): enabling disk space caching [ 88.054259][ T5823] BTRFS info (device loop0): disk space caching is enabled [ 88.073983][ T5823] BTRFS info (device loop0): enabling ssd optimizations [ 88.080969][ T5823] BTRFS info (device loop0): auto enabling async discard [pid 5823] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5823] chdir("./file0") = 0 [pid 5823] ioctl(4, LOOP_CLR_FD) = 0 [pid 5823] close(4) = 0 [pid 5823] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... futex resumed>) = 0 [pid 5822] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5823] open("./file0", O_RDONLY [pid 5822] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... open resumed>) = 4 [pid 5823] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... futex resumed>) = 0 [pid 5822] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5822] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [ 88.088972][ T5823] BTRFS info (device loop0): rebuilding free space tree [ 88.100277][ T5823] BTRFS info (device loop0): disabling free space tree [ 88.107224][ T5823] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 88.117009][ T5823] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.129660][ T5823] BTRFS info (device loop0): checking UUID tree [pid 5823] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5823] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5822] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5822] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5822] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5841]}, 88) = 5841 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5822] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5841 attached [pid 5841] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5841] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5841] open(".", O_RDONLY) = 5 [pid 5841] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5841] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5841] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 88.179058][ T5823] BTRFS info (device loop0): balance: start -d -m [ 88.187487][ T5823] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 88.212738][ T5823] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5822] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] <... ioctl resumed>) = 0 [pid 5841] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5841] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5823] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] exit_group(0 [pid 5841] <... futex resumed>) = ? [pid 5823] <... futex resumed>) = ? [pid 5822] <... exit_group resumed>) = ? [pid 5841] +++ exited with 0 +++ [pid 5823] +++ exited with 0 +++ [pid 5822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5822, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 88.287992][ T5823] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 88.308474][ T5823] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 88.326060][ T5823] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached , child_tidptr=0x5555570ad690) = 5842 [pid 5842] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5842] chdir("./39") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5842] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5843 attached [pid 5843] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5842] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5843] set_robust_list(0x7f0bd5e299a0, 24 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] <... set_robust_list resumed>) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] memfd_create("syzkaller", 0 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5843] <... memfd_create resumed>) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5843] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] mkdir("./file0", 0777) = 0 [ 88.851880][ T5843] loop0: detected capacity change from 0 to 32768 [ 88.861381][ T5843] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5843) [ 88.877670][ T5843] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.886946][ T5843] BTRFS info (device loop0): force clearing of disk cache [ 88.894134][ T5843] BTRFS info (device loop0): setting nodatasum [ 88.900306][ T5843] BTRFS info (device loop0): allowing degraded mounts [ 88.907177][ T5843] BTRFS info (device loop0): enabling disk space caching [ 88.914267][ T5843] BTRFS info (device loop0): disk space caching is enabled [ 88.933899][ T5843] BTRFS info (device loop0): enabling ssd optimizations [ 88.940869][ T5843] BTRFS info (device loop0): auto enabling async discard [pid 5843] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./file0") = 0 [pid 5843] ioctl(4, LOOP_CLR_FD) = 0 [pid 5843] close(4) = 0 [pid 5843] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5843] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5843] open("./file0", O_RDONLY [pid 5842] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... open resumed>) = 4 [pid 5843] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5843] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [ 88.949299][ T5843] BTRFS info (device loop0): rebuilding free space tree [ 88.959937][ T5843] BTRFS info (device loop0): disabling free space tree [ 88.966927][ T5843] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 88.976619][ T5843] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.989040][ T5843] BTRFS info (device loop0): checking UUID tree [pid 5843] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5842] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... ioctl resumed>) = 0 [pid 5843] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5843] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5842] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5842] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5842] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5861 attached [pid 5861] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5861] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5842] <... clone3 resumed> => {parent_tid=[5861]}, 88) = 5861 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] open(".", O_RDONLY) = 5 [pid 5861] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 89.037697][ T5843] BTRFS info (device loop0): balance: start -d -m [ 89.047399][ T5843] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 89.073964][ T5843] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5861] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 5861] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [ 89.153701][ T5843] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 89.180023][ T5843] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 89.196947][ T5843] BTRFS info (device loop0): balance: ended with status: 0 [pid 5861] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5843] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] exit_group(0 [pid 5843] <... futex resumed>) = ? [pid 5842] <... exit_group resumed>) = ? [pid 5861] <... futex resumed>) = ? [pid 5843] +++ exited with 0 +++ [pid 5861] +++ exited with 0 +++ [pid 5842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached , child_tidptr=0x5555570ad690) = 5862 [pid 5862] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5862] chdir("./40") = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5862] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5862] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5863 attached => {parent_tid=[5863]}, 88) = 5863 [pid 5863] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5863] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... futex resumed>) = 0 [pid 5862] <... futex resumed>) = 1 [pid 5863] memfd_create("syzkaller", 0 [pid 5862] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5863] <... memfd_create resumed>) = 3 [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5863] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5863] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5863] close(3) = 0 [pid 5863] mkdir("./file0", 0777) = 0 [ 89.747482][ T5863] loop0: detected capacity change from 0 to 32768 [ 89.762056][ T5863] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5863) [ 89.777963][ T5863] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.787260][ T5863] BTRFS info (device loop0): force clearing of disk cache [ 89.794417][ T5863] BTRFS info (device loop0): setting nodatasum [ 89.800582][ T5863] BTRFS info (device loop0): allowing degraded mounts [ 89.807395][ T5863] BTRFS info (device loop0): enabling disk space caching [ 89.814467][ T5863] BTRFS info (device loop0): disk space caching is enabled [ 89.832897][ T5863] BTRFS info (device loop0): enabling ssd optimizations [ 89.840301][ T5863] BTRFS info (device loop0): auto enabling async discard [pid 5863] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5863] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5863] chdir("./file0") = 0 [pid 5863] ioctl(4, LOOP_CLR_FD) = 0 [pid 5863] close(4) = 0 [pid 5863] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5863] open("./file0", O_RDONLY [pid 5862] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... open resumed>) = 4 [pid 5862] <... futex resumed>) = 0 [ 89.848474][ T5863] BTRFS info (device loop0): rebuilding free space tree [ 89.860951][ T5863] BTRFS info (device loop0): disabling free space tree [ 89.868059][ T5863] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 89.877769][ T5863] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 89.890428][ T5863] BTRFS info (device loop0): checking UUID tree [pid 5863] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] <... futex resumed>) = 0 [pid 5862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5862] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5862] <... futex resumed>) = 0 [pid 5863] <... ioctl resumed>) = 0 [pid 5862] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5863] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5863] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5862] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5862] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 89.941591][ T5863] BTRFS info (device loop0): balance: start -d -m [ 89.951542][ T5863] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 89.972370][ T5863] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5881 attached => {parent_tid=[5881]}, 88) = 5881 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5881] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5881] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = 0 [pid 5862] <... futex resumed>) = 1 [pid 5881] open(".", O_RDONLY [pid 5862] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] <... open resumed>) = 5 [pid 5881] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] <... ioctl resumed>) = 0 [pid 5881] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] <... futex resumed>) = 0 [ 90.016007][ T5863] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5863] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5863] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] exit_group(0 [pid 5881] <... futex resumed>) = ? [pid 5863] <... futex resumed>) = ? [pid 5862] <... exit_group resumed>) = ? [pid 5881] +++ exited with 0 +++ [pid 5863] +++ exited with 0 +++ [pid 5862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=39 /* 0.39 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 90.069728][ T5863] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 90.092512][ T5863] BTRFS info (device loop0): balance: ended with status: 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5882 attached , child_tidptr=0x5555570ad690) = 5882 [pid 5882] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5882] chdir("./41") = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5882] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5882] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5882] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5883 attached => {parent_tid=[5883]}, 88) = 5883 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5882] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5882] <... futex resumed>) = 0 [pid 5883] set_robust_list(0x7f0bd5e299a0, 24 [pid 5882] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5883] <... set_robust_list resumed>) = 0 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5883] memfd_create("syzkaller", 0) = 3 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5883] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5883] close(3) = 0 [pid 5883] mkdir("./file0", 0777) = 0 [ 90.623355][ T5883] loop0: detected capacity change from 0 to 32768 [ 90.632790][ T5883] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5883) [ 90.648530][ T5883] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 90.657865][ T5883] BTRFS info (device loop0): force clearing of disk cache [ 90.665091][ T5883] BTRFS info (device loop0): setting nodatasum [pid 5883] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./file0") = 0 [pid 5883] ioctl(4, LOOP_CLR_FD) = 0 [pid 5883] close(4) = 0 [pid 5883] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5883] open("./file0", O_RDONLY [pid 5882] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... open resumed>) = 4 [pid 5882] <... futex resumed>) = 0 [pid 5883] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... futex resumed>) = 0 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5882] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... ioctl resumed>) = 0 [pid 5882] <... futex resumed>) = 0 [pid 5883] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... futex resumed>) = 0 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5882] <... futex resumed>) = 0 [pid 5883] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 90.671315][ T5883] BTRFS info (device loop0): allowing degraded mounts [ 90.678137][ T5883] BTRFS info (device loop0): enabling disk space caching [pid 5882] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5882] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5882] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5882] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5882] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5901]}, 88) = 5901 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5901 attached NULL, 8) = 0 [pid 5901] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5882] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... rseq resumed>) = 0 [pid 5882] <... futex resumed>) = 0 [pid 5901] set_robust_list(0x7f0bd5e089a0, 24 [pid 5882] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... set_robust_list resumed>) = 0 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5901] open(".", O_RDONLY) = 5 [pid 5901] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... ioctl resumed>) = 0 [pid 5901] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5901] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5883] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] exit_group(0 [pid 5901] <... futex resumed>) = ? [pid 5883] <... futex resumed>) = ? [pid 5882] <... exit_group resumed>) = ? [pid 5901] +++ exited with 0 +++ [pid 5883] +++ exited with 0 +++ [pid 5882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5902 attached [pid 5902] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5902] chdir("./42" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5902 [pid 5902] <... chdir resumed>) = 0 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5902] setpgid(0, 0) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5902] write(3, "1000", 4) = 4 [pid 5902] close(3) = 0 [pid 5902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5902] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5902] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5902] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5902] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5902] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5903 attached [pid 5903] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5902] <... clone3 resumed> => {parent_tid=[5903]}, 88) = 5903 [pid 5903] <... rseq resumed>) = 0 [pid 5903] set_robust_list(0x7f0bd5e299a0, 24 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5903] <... set_robust_list resumed>) = 0 [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] <... futex resumed>) = 0 [pid 5903] memfd_create("syzkaller", 0 [pid 5902] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5903] <... memfd_create resumed>) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5903] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5903] close(3) = 0 [pid 5903] mkdir("./file0", 0777) = 0 [ 91.340436][ T5903] loop0: detected capacity change from 0 to 32768 [ 91.366079][ T5903] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5903) [ 91.381493][ T5903] _btrfs_printk: 14 callbacks suppressed [ 91.381504][ T5903] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 91.396438][ T5903] BTRFS info (device loop0): force clearing of disk cache [ 91.403547][ T5903] BTRFS info (device loop0): setting nodatasum [ 91.409792][ T5903] BTRFS info (device loop0): allowing degraded mounts [ 91.416645][ T5903] BTRFS info (device loop0): enabling disk space caching [ 91.423657][ T5903] BTRFS info (device loop0): disk space caching is enabled [ 91.441680][ T5903] BTRFS info (device loop0): enabling ssd optimizations [ 91.448720][ T5903] BTRFS info (device loop0): auto enabling async discard [ 91.456941][ T5903] BTRFS info (device loop0): rebuilding free space tree [ 91.467823][ T5903] BTRFS info (device loop0): disabling free space tree [ 91.474884][ T5903] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5903] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5903] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] chdir("./file0") = 0 [pid 5903] ioctl(4, LOOP_CLR_FD) = 0 [pid 5903] close(4) = 0 [pid 5903] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = 0 [pid 5903] <... futex resumed>) = 1 [pid 5902] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] open("./file0", O_RDONLY [pid 5902] <... futex resumed>) = 0 [pid 5903] <... open resumed>) = 4 [pid 5902] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5902] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5902] <... futex resumed>) = 0 [pid 5903] <... ioctl resumed>) = 0 [pid 5902] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = 0 [pid 5903] <... futex resumed>) = 1 [pid 5902] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5902] <... futex resumed>) = 0 [ 91.484565][ T5903] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 91.497234][ T5903] BTRFS info (device loop0): checking UUID tree [pid 5902] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5902] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5902] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5902] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5902] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5921]}, 88) = 5921 ./strace-static-x86_64: Process 5921 attached [pid 5921] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5921] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5902] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5921] open(".", O_RDONLY) = 5 [pid 5921] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [pid 5921] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5902] <... futex resumed>) = 0 [pid 5921] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 91.555210][ T5903] BTRFS info (device loop0): balance: start -d -m [ 91.563580][ T5903] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 91.587553][ T5903] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5902] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... ioctl resumed>) = 0 [pid 5921] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5902] <... futex resumed>) = 0 [ 91.659682][ T5903] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 91.696835][ T5903] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5921] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5903] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5902] exit_group(0 [pid 5921] <... futex resumed>) = ? [pid 5903] <... futex resumed>) = ? [pid 5902] <... exit_group resumed>) = ? [pid 5921] +++ exited with 0 +++ [pid 5903] +++ exited with 0 +++ [pid 5902] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 91.718422][ T5903] BTRFS info (device loop0): balance: ended with status: 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5922 attached [pid 5922] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5922] chdir("./43") = 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5922 [pid 5922] setpgid(0, 0) = 0 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5922] write(3, "1000", 4) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5922] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5922] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5922] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5923 attached [pid 5923] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5923] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5922] <... clone3 resumed> => {parent_tid=[5923]}, 88) = 5923 [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... futex resumed>) = 0 [pid 5922] <... futex resumed>) = 1 [pid 5923] memfd_create("syzkaller", 0 [pid 5922] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5923] <... memfd_create resumed>) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5923] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5923] close(3) = 0 [pid 5923] mkdir("./file0", 0777) = 0 [ 92.235895][ T5923] loop0: detected capacity change from 0 to 32768 [ 92.255570][ T5923] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5923) [ 92.270519][ T5923] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.280058][ T5923] BTRFS info (device loop0): force clearing of disk cache [ 92.287251][ T5923] BTRFS info (device loop0): setting nodatasum [ 92.293448][ T5923] BTRFS info (device loop0): allowing degraded mounts [ 92.300284][ T5923] BTRFS info (device loop0): enabling disk space caching [ 92.307367][ T5923] BTRFS info (device loop0): disk space caching is enabled [ 92.326755][ T5923] BTRFS info (device loop0): enabling ssd optimizations [ 92.333781][ T5923] BTRFS info (device loop0): auto enabling async discard [ 92.341899][ T5923] BTRFS info (device loop0): rebuilding free space tree [ 92.352766][ T5923] BTRFS info (device loop0): disabling free space tree [ 92.359797][ T5923] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 92.369491][ T5923] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5923] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5923] chdir("./file0") = 0 [pid 5923] ioctl(4, LOOP_CLR_FD) = 0 [pid 5923] close(4) = 0 [ 92.382105][ T5923] BTRFS info (device loop0): checking UUID tree [pid 5923] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... futex resumed>) = 0 [pid 5922] <... futex resumed>) = 1 [pid 5923] open("./file0", O_RDONLY [pid 5922] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... open resumed>) = 4 [pid 5923] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] <... futex resumed>) = 1 [pid 5922] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5923] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] <... futex resumed>) = 0 [pid 5923] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5923] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5922] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5922] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5922] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5941]}, 88) = 5941 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5922] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5941 attached [pid 5941] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5941] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] open(".", O_RDONLY) = 5 [ 92.463603][ T5923] BTRFS info (device loop0): balance: start -d -m [ 92.473240][ T5923] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 92.496664][ T5923] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5941] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5922] <... futex resumed>) = 1 [pid 5941] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5922] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... ioctl resumed>) = 0 [pid 5941] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] <... futex resumed>) = 0 [pid 5941] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5923] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] exit_group(0 [pid 5941] <... futex resumed>) = ? [pid 5923] <... futex resumed>) = ? [pid 5922] <... exit_group resumed>) = ? [pid 5923] +++ exited with 0 +++ [pid 5941] +++ exited with 0 +++ [pid 5922] +++ exited with 0 +++ [ 92.566629][ T5923] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 92.590703][ T5923] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 92.608280][ T5923] BTRFS info (device loop0): balance: ended with status: 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5942 attached [pid 5942] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5942] chdir("./44" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5942 [pid 5942] <... chdir resumed>) = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5942] setpgid(0, 0) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5942] write(3, "1000", 4) = 4 [pid 5942] close(3) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5942] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5942] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5942] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5943 attached [pid 5943] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5942] <... clone3 resumed> => {parent_tid=[5943]}, 88) = 5943 [pid 5943] <... rseq resumed>) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5943] set_robust_list(0x7f0bd5e299a0, 24 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] <... set_robust_list resumed>) = 0 [pid 5942] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... futex resumed>) = 0 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] memfd_create("syzkaller", 0) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5943] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5943] close(3) = 0 [pid 5943] mkdir("./file0", 0777) = 0 [ 93.119396][ T5943] loop0: detected capacity change from 0 to 32768 [ 93.134339][ T5943] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5943) [ 93.149974][ T5943] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.159284][ T5943] BTRFS info (device loop0): force clearing of disk cache [ 93.166463][ T5943] BTRFS info (device loop0): setting nodatasum [ 93.172638][ T5943] BTRFS info (device loop0): allowing degraded mounts [ 93.179502][ T5943] BTRFS info (device loop0): enabling disk space caching [ 93.186602][ T5943] BTRFS info (device loop0): disk space caching is enabled [ 93.206024][ T5943] BTRFS info (device loop0): enabling ssd optimizations [ 93.212994][ T5943] BTRFS info (device loop0): auto enabling async discard [pid 5943] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5943] chdir("./file0") = 0 [pid 5943] ioctl(4, LOOP_CLR_FD) = 0 [pid 5943] close(4) = 0 [pid 5943] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [ 93.221717][ T5943] BTRFS info (device loop0): rebuilding free space tree [ 93.232432][ T5943] BTRFS info (device loop0): disabling free space tree [ 93.239790][ T5943] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 93.249480][ T5943] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 93.262693][ T5943] BTRFS info (device loop0): checking UUID tree [pid 5943] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5943] open("./file0", O_RDONLY [pid 5942] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... open resumed>) = 4 [pid 5943] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... ioctl resumed>) = 0 [pid 5943] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5942] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5942] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5942] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.335062][ T5943] BTRFS info (device loop0): balance: start -d -m [ 93.354732][ T5943] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 93.376417][ T5943] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5942] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 5961 attached [pid 5961] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 5942] <... clone3 resumed> => {parent_tid=[5961]}, 88) = 5961 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5942] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] <... rseq resumed>) = 0 [pid 5961] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5961] open(".", O_RDONLY) = 5 [pid 5961] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5961] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5961] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5942] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] <... ioctl resumed>) = 0 [pid 5961] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [ 93.419344][ T5943] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5961] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5943] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] exit_group(0 [pid 5943] <... futex resumed>) = 231 [pid 5961] <... futex resumed>) = ? [pid 5943] +++ exited with 0 +++ [pid 5942] <... exit_group resumed>) = ? [pid 5961] +++ exited with 0 +++ [pid 5942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [ 93.470943][ T5943] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 93.488432][ T5943] BTRFS info (device loop0): balance: ended with status: 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5962 attached , child_tidptr=0x5555570ad690) = 5962 [pid 5962] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5962] chdir("./45") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5962] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5962] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5963 attached [pid 5963] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5962] <... clone3 resumed> => {parent_tid=[5963]}, 88) = 5963 [pid 5963] set_robust_list(0x7f0bd5e299a0, 24 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5963] <... set_robust_list resumed>) = 0 [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] memfd_create("syzkaller", 0 [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5963] <... memfd_create resumed>) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5963] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5963] close(3) = 0 [pid 5963] mkdir("./file0", 0777) = 0 [ 94.032526][ T5963] loop0: detected capacity change from 0 to 32768 [ 94.041999][ T5963] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5963) [ 94.058008][ T5963] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 94.067351][ T5963] BTRFS info (device loop0): force clearing of disk cache [ 94.074671][ T5963] BTRFS info (device loop0): setting nodatasum [ 94.080825][ T5963] BTRFS info (device loop0): allowing degraded mounts [ 94.087668][ T5963] BTRFS info (device loop0): enabling disk space caching [ 94.094745][ T5963] BTRFS info (device loop0): disk space caching is enabled [ 94.113348][ T5963] BTRFS info (device loop0): enabling ssd optimizations [ 94.120463][ T5963] BTRFS info (device loop0): auto enabling async discard [pid 5963] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5963] chdir("./file0") = 0 [pid 5963] ioctl(4, LOOP_CLR_FD) = 0 [pid 5963] close(4) = 0 [pid 5963] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] open("./file0", O_RDONLY [pid 5962] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... open resumed>) = 4 [pid 5963] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = 0 [ 94.128428][ T5963] BTRFS info (device loop0): rebuilding free space tree [ 94.141923][ T5963] BTRFS info (device loop0): disabling free space tree [ 94.149058][ T5963] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 94.159189][ T5963] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 94.172050][ T5963] BTRFS info (device loop0): checking UUID tree [pid 5963] <... futex resumed>) = 0 [pid 5962] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5962] <... futex resumed>) = 0 [pid 5963] <... ioctl resumed>) = 0 [pid 5962] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5963] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5962] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5962] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5962] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 94.222044][ T5963] BTRFS info (device loop0): balance: start -d -m [ 94.230068][ T5963] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 94.257560][ T5963] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[5982]}, 88) = 5982 ./strace-static-x86_64: Process 5982 attached [pid 5982] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 5982] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5982] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5982] open(".", O_RDONLY) = 5 [pid 5982] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5982] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5962] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... ioctl resumed>) = 0 [pid 5982] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [ 94.309379][ T5963] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5982] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5963] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] exit_group(0 [pid 5982] <... futex resumed>) = ? [pid 5982] +++ exited with 0 +++ [pid 5963] +++ exited with 0 +++ [pid 5962] <... exit_group resumed>) = ? [pid 5962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 94.357943][ T5963] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 94.375389][ T5963] BTRFS info (device loop0): balance: ended with status: 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5984 attached [pid 5984] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5984] chdir("./46") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 5984 [pid 5984] <... prctl resumed>) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5984] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 5984] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 5984] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 5985 attached [pid 5985] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 5984] <... clone3 resumed> => {parent_tid=[5985]}, 88) = 5985 [pid 5985] <... rseq resumed>) = 0 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], [pid 5985] set_robust_list(0x7f0bd5e299a0, 24 [pid 5984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] <... set_robust_list resumed>) = 0 [pid 5984] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] <... futex resumed>) = 0 [pid 5985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] memfd_create("syzkaller", 0 [pid 5984] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5985] <... memfd_create resumed>) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 5985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5985] munmap(0x7f0bcda09000, 138412032) = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5985] close(3) = 0 [pid 5985] mkdir("./file0", 0777) = 0 [ 94.943651][ T5985] loop0: detected capacity change from 0 to 32768 [ 94.958966][ T5985] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (5985) [ 94.974636][ T5985] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 94.983971][ T5985] BTRFS info (device loop0): force clearing of disk cache [ 94.991122][ T5985] BTRFS info (device loop0): setting nodatasum [ 94.997319][ T5985] BTRFS info (device loop0): allowing degraded mounts [ 95.004119][ T5985] BTRFS info (device loop0): enabling disk space caching [ 95.011150][ T5985] BTRFS info (device loop0): disk space caching is enabled [ 95.031375][ T5985] BTRFS info (device loop0): enabling ssd optimizations [pid 5985] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5985] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./file0") = 0 [pid 5985] ioctl(4, LOOP_CLR_FD) = 0 [pid 5985] close(4) = 0 [pid 5985] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5984] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] open("./file0", O_RDONLY) = 4 [pid 5985] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5984] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... ioctl resumed>) = 0 [pid 5985] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [pid 5985] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5984] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.038461][ T5985] BTRFS info (device loop0): auto enabling async discard [ 95.046477][ T5985] BTRFS info (device loop0): rebuilding free space tree [ 95.057474][ T5985] BTRFS info (device loop0): disabling free space tree [ 95.064542][ T5985] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 95.074247][ T5985] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 95.087197][ T5985] BTRFS info (device loop0): checking UUID tree [pid 5984] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5984] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 5984] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6005 attached => {parent_tid=[6005]}, 88) = 6005 [ 95.115921][ T5985] BTRFS info (device loop0): balance: start -d -m [ 95.125162][ T5985] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 95.149326][ T5985] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5984] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6005] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6005] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5984] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 1 [pid 6005] open(".", O_RDONLY) = 5 [pid 5984] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 1 [pid 6005] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5984] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... ioctl resumed>) = 0 [pid 6005] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] <... futex resumed>) = 0 [ 95.194587][ T5985] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6005] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5985] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] exit_group(0 [pid 6005] <... futex resumed>) = ? [pid 6005] +++ exited with 0 +++ [pid 5984] <... exit_group resumed>) = ? [pid 5985] <... futex resumed>) = ? [pid 5985] +++ exited with 0 +++ [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 95.254778][ T5985] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 95.281418][ T5985] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6006 attached [pid 6006] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6006] chdir("./47" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6006 [pid 6006] <... chdir resumed>) = 0 [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6006] setpgid(0, 0) = 0 [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6006] write(3, "1000", 4) = 4 [pid 6006] close(3) = 0 [pid 6006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6006] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6006] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6006] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6007 attached => {parent_tid=[6007]}, 88) = 6007 [pid 6007] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6006] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6007] <... rseq resumed>) = 0 [pid 6007] set_robust_list(0x7f0bd5e299a0, 24 [pid 6006] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6007] <... set_robust_list resumed>) = 0 [pid 6007] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6007] memfd_create("syzkaller", 0) = 3 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6007] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6007] close(3) = 0 [pid 6007] mkdir("./file0", 0777) = 0 [ 95.771554][ T6007] loop0: detected capacity change from 0 to 32768 [ 95.786271][ T6007] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6007) [ 95.802485][ T6007] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 95.811835][ T6007] BTRFS info (device loop0): force clearing of disk cache [pid 6007] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6007] chdir("./file0") = 0 [pid 6007] ioctl(4, LOOP_CLR_FD) = 0 [pid 6007] close(4) = 0 [ 95.819006][ T6007] BTRFS info (device loop0): setting nodatasum [ 95.825240][ T6007] BTRFS info (device loop0): allowing degraded mounts [ 95.832033][ T6007] BTRFS info (device loop0): enabling disk space caching [pid 6007] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6007] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6007] open("./file0", O_RDONLY) = 4 [pid 6007] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] <... futex resumed>) = 0 [pid 6006] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] <... futex resumed>) = 0 [pid 6007] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6007] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6006] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6007] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6006] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6006] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6006] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6025 attached => {parent_tid=[6025]}, 88) = 6025 [pid 6025] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], [pid 6025] <... rseq resumed>) = 0 [pid 6006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6025] set_robust_list(0x7f0bd5e089a0, 24 [pid 6006] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... set_robust_list resumed>) = 0 [pid 6025] rt_sigprocmask(SIG_SETMASK, [], [pid 6006] <... futex resumed>) = 0 [pid 6025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6006] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] open(".", O_RDONLY) = 5 [pid 6025] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6025] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6006] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6007] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... ioctl resumed>) = 0 [pid 6007] <... futex resumed>) = 0 [pid 6025] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] <... futex resumed>) = 0 [pid 6025] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] exit_group(0 [pid 6025] <... futex resumed>) = ? [pid 6007] <... futex resumed>) = ? [pid 6025] +++ exited with 0 +++ [pid 6007] +++ exited with 0 +++ [pid 6006] <... exit_group resumed>) = ? [pid 6006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6026 attached , child_tidptr=0x5555570ad690) = 6026 [pid 6026] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6026] chdir("./48") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6026] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6026] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6027 attached [pid 6027] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6026] <... clone3 resumed> => {parent_tid=[6027]}, 88) = 6027 [pid 6027] set_robust_list(0x7f0bd5e299a0, 24 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], [pid 6027] <... set_robust_list resumed>) = 0 [pid 6026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6027] rt_sigprocmask(SIG_SETMASK, [], [pid 6026] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6026] <... futex resumed>) = 0 [pid 6027] memfd_create("syzkaller", 0 [pid 6026] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6027] <... memfd_create resumed>) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6027] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] mkdir("./file0", 0777) = 0 [ 96.533714][ T6027] loop0: detected capacity change from 0 to 32768 [ 96.543677][ T6027] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6027) [ 96.559358][ T6027] _btrfs_printk: 14 callbacks suppressed [ 96.559372][ T6027] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 96.574414][ T6027] BTRFS info (device loop0): force clearing of disk cache [ 96.581613][ T6027] BTRFS info (device loop0): setting nodatasum [ 96.587846][ T6027] BTRFS info (device loop0): allowing degraded mounts [ 96.594806][ T6027] BTRFS info (device loop0): enabling disk space caching [ 96.601859][ T6027] BTRFS info (device loop0): disk space caching is enabled [ 96.621515][ T6027] BTRFS info (device loop0): enabling ssd optimizations [pid 6027] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("./file0") = 0 [pid 6027] ioctl(4, LOOP_CLR_FD) = 0 [pid 6027] close(4) = 0 [pid 6027] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6027] <... futex resumed>) = 1 [pid 6026] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] open("./file0", O_RDONLY [pid 6026] <... futex resumed>) = 0 [pid 6027] <... open resumed>) = 4 [ 96.628579][ T6027] BTRFS info (device loop0): auto enabling async discard [ 96.636872][ T6027] BTRFS info (device loop0): rebuilding free space tree [ 96.648127][ T6027] BTRFS info (device loop0): disabling free space tree [ 96.655186][ T6027] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 96.664982][ T6027] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 96.678009][ T6027] BTRFS info (device loop0): checking UUID tree [pid 6026] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6026] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... ioctl resumed>) = 0 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6027] <... futex resumed>) = 0 [pid 6027] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6026] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6026] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6026] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6046]}, 88) = 6046 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6046 attached [pid 6026] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6046] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6026] <... futex resumed>) = 0 [pid 6046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6026] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6046] open(".", O_RDONLY) = 5 [pid 6046] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6046] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] <... futex resumed>) = 0 [pid 6026] <... futex resumed>) = 1 [pid 6046] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 96.734298][ T6027] BTRFS info (device loop0): balance: start -d -m [ 96.742941][ T6027] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 96.766978][ T6027] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6026] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6046] <... ioctl resumed>) = 0 [pid 6046] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [ 96.844042][ T6027] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 96.874571][ T6027] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6046] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6027] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6027] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] exit_group(0 [pid 6046] <... futex resumed>) = ? [pid 6027] <... futex resumed>) = ? [pid 6026] <... exit_group resumed>) = ? [pid 6046] +++ exited with 0 +++ [pid 6027] +++ exited with 0 +++ [pid 6026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=0, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 96.894104][ T6027] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6048 attached , child_tidptr=0x5555570ad690) = 6048 [pid 6048] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6048] chdir("./49") = 0 [pid 6048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6048] setpgid(0, 0) = 0 [pid 6048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6048] write(3, "1000", 4) = 4 [pid 6048] close(3) = 0 [pid 6048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6048] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6048] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6048] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6049 attached [pid 6049] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6049] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6048] <... clone3 resumed> => {parent_tid=[6049]}, 88) = 6049 [pid 6049] rt_sigprocmask(SIG_SETMASK, [], [pid 6048] rt_sigprocmask(SIG_SETMASK, [], [pid 6049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6049] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6048] <... futex resumed>) = 0 [pid 6049] memfd_create("syzkaller", 0 [pid 6048] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6049] <... memfd_create resumed>) = 3 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6049] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6049] close(3) = 0 [pid 6049] mkdir("./file0", 0777) = 0 [ 97.460737][ T6049] loop0: detected capacity change from 0 to 32768 [ 97.475904][ T6049] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6049) [ 97.491977][ T6049] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 97.501329][ T6049] BTRFS info (device loop0): force clearing of disk cache [ 97.508488][ T6049] BTRFS info (device loop0): setting nodatasum [ 97.514805][ T6049] BTRFS info (device loop0): allowing degraded mounts [ 97.521584][ T6049] BTRFS info (device loop0): enabling disk space caching [ 97.528660][ T6049] BTRFS info (device loop0): disk space caching is enabled [ 97.547987][ T6049] BTRFS info (device loop0): enabling ssd optimizations [ 97.555099][ T6049] BTRFS info (device loop0): auto enabling async discard [ 97.563330][ T6049] BTRFS info (device loop0): rebuilding free space tree [ 97.575253][ T6049] BTRFS info (device loop0): disabling free space tree [ 97.582464][ T6049] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 97.592169][ T6049] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6049] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6049] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6049] chdir("./file0") = 0 [pid 6049] ioctl(4, LOOP_CLR_FD) = 0 [pid 6049] close(4) = 0 [pid 6049] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6048] <... futex resumed>) = 0 [pid 6049] open("./file0", O_RDONLY [pid 6048] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... open resumed>) = 4 [pid 6049] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6048] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... ioctl resumed>) = 0 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6048] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.605849][ T6049] BTRFS info (device loop0): checking UUID tree [pid 6048] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6048] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6048] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6067]}, 88) = 6067 ./strace-static-x86_64: Process 6067 attached [pid 6048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6067] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6048] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... rseq resumed>) = 0 [pid 6048] <... futex resumed>) = 0 [pid 6067] set_robust_list(0x7f0bd5e089a0, 24 [pid 6048] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... set_robust_list resumed>) = 0 [pid 6067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6067] open(".", O_RDONLY) = 5 [pid 6067] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... futex resumed>) = 1 [ 97.647025][ T6049] BTRFS info (device loop0): balance: start -d -m [ 97.655283][ T6049] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 97.678331][ T6049] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6067] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 6067] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 1 [ 97.720088][ T6049] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6067] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6049] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6049] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6049] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] exit_group(0 [pid 6067] <... futex resumed>) = ? [pid 6048] <... exit_group resumed>) = ? [pid 6067] +++ exited with 0 +++ [pid 6049] <... futex resumed>) = ? [pid 6049] +++ exited with 0 +++ [pid 6048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6048, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 97.775742][ T6049] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 97.801763][ T6049] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6068 attached , child_tidptr=0x5555570ad690) = 6068 [pid 6068] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6068] chdir("./50") = 0 [pid 6068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6068] setpgid(0, 0) = 0 [pid 6068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6068] write(3, "1000", 4) = 4 [pid 6068] close(3) = 0 [pid 6068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6068] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6068] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6069 attached [pid 6069] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6068] <... clone3 resumed> => {parent_tid=[6069]}, 88) = 6069 [pid 6069] set_robust_list(0x7f0bd5e299a0, 24 [pid 6068] rt_sigprocmask(SIG_SETMASK, [], [pid 6069] <... set_robust_list resumed>) = 0 [pid 6068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6069] rt_sigprocmask(SIG_SETMASK, [], [pid 6068] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6068] <... futex resumed>) = 0 [pid 6069] memfd_create("syzkaller", 0 [pid 6068] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6069] <... memfd_create resumed>) = 3 [pid 6069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6069] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6069] close(3) = 0 [pid 6069] mkdir("./file0", 0777) = 0 [ 98.332082][ T6069] loop0: detected capacity change from 0 to 32768 [ 98.356114][ T6069] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6069) [ 98.371060][ T6069] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 98.380392][ T6069] BTRFS info (device loop0): force clearing of disk cache [ 98.387593][ T6069] BTRFS info (device loop0): setting nodatasum [ 98.393775][ T6069] BTRFS info (device loop0): allowing degraded mounts [ 98.400750][ T6069] BTRFS info (device loop0): enabling disk space caching [ 98.407830][ T6069] BTRFS info (device loop0): disk space caching is enabled [ 98.426599][ T6069] BTRFS info (device loop0): enabling ssd optimizations [ 98.433579][ T6069] BTRFS info (device loop0): auto enabling async discard [ 98.442243][ T6069] BTRFS info (device loop0): rebuilding free space tree [ 98.453753][ T6069] BTRFS info (device loop0): disabling free space tree [ 98.460807][ T6069] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 98.470499][ T6069] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6069] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6069] chdir("./file0") = 0 [pid 6069] ioctl(4, LOOP_CLR_FD) = 0 [pid 6069] close(4) = 0 [pid 6069] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] <... futex resumed>) = 0 [pid 6068] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] open("./file0", O_RDONLY [pid 6068] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] <... open resumed>) = 4 [pid 6069] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] <... futex resumed>) = 0 [pid 6069] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6068] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6068] <... futex resumed>) = 0 [pid 6069] <... ioctl resumed>) = 0 [pid 6068] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 98.483274][ T6069] BTRFS info (device loop0): checking UUID tree [pid 6069] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6068] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6068] <... futex resumed>) = 0 [pid 6069] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6068] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6068] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6068] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6087]}, 88) = 6087 [pid 6068] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6087 attached [pid 6087] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6087] <... rseq resumed>) = 0 [pid 6068] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] set_robust_list(0x7f0bd5e089a0, 24 [pid 6068] <... futex resumed>) = 0 [pid 6087] <... set_robust_list resumed>) = 0 [pid 6068] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6087] open(".", O_RDONLY) = 5 [pid 6087] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... futex resumed>) = 0 [pid 6068] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] <... futex resumed>) = 1 [ 98.550701][ T6069] BTRFS info (device loop0): balance: start -d -m [ 98.559711][ T6069] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 98.580576][ T6069] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6087] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 6087] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] <... futex resumed>) = 0 [ 98.650646][ T6069] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 98.679614][ T6069] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6087] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6069] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6068] exit_group(0 [pid 6087] <... futex resumed>) = ? [pid 6087] +++ exited with 0 +++ [pid 6069] <... futex resumed>) = ? [pid 6068] <... exit_group resumed>) = ? [pid 6069] +++ exited with 0 +++ [pid 6068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6068, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 98.697328][ T6069] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6088 attached , child_tidptr=0x5555570ad690) = 6088 [pid 6088] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6088] chdir("./51") = 0 [pid 6088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6088] setpgid(0, 0) = 0 [pid 6088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6088] write(3, "1000", 4) = 4 [pid 6088] close(3) = 0 [pid 6088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6088] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6088] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6089 attached [pid 6089] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6088] <... clone3 resumed> => {parent_tid=[6089]}, 88) = 6089 [pid 6089] set_robust_list(0x7f0bd5e299a0, 24 [pid 6088] rt_sigprocmask(SIG_SETMASK, [], [pid 6089] <... set_robust_list resumed>) = 0 [pid 6088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6088] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] memfd_create("syzkaller", 0 [pid 6088] <... futex resumed>) = 0 [pid 6088] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6089] <... memfd_create resumed>) = 3 [pid 6089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6089] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6089] close(3) = 0 [pid 6089] mkdir("./file0", 0777) = 0 [ 99.179021][ T6089] loop0: detected capacity change from 0 to 32768 [ 99.206074][ T6089] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6089) [ 99.221859][ T6089] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 99.231171][ T6089] BTRFS info (device loop0): force clearing of disk cache [ 99.238379][ T6089] BTRFS info (device loop0): setting nodatasum [ 99.244581][ T6089] BTRFS info (device loop0): allowing degraded mounts [ 99.251440][ T6089] BTRFS info (device loop0): enabling disk space caching [ 99.258610][ T6089] BTRFS info (device loop0): disk space caching is enabled [ 99.278029][ T6089] BTRFS info (device loop0): enabling ssd optimizations [ 99.285077][ T6089] BTRFS info (device loop0): auto enabling async discard [ 99.292981][ T6089] BTRFS info (device loop0): rebuilding free space tree [ 99.304627][ T6089] BTRFS info (device loop0): disabling free space tree [ 99.311704][ T6089] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6089] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6089] chdir("./file0") = 0 [pid 6089] ioctl(4, LOOP_CLR_FD) = 0 [pid 6089] close(4) = 0 [pid 6089] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6089] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] <... futex resumed>) = 0 [pid 6088] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] <... futex resumed>) = 0 [ 99.322090][ T6089] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 99.335345][ T6089] BTRFS info (device loop0): checking UUID tree [pid 6089] open("./file0", O_RDONLY) = 4 [pid 6089] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6088] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6089] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6088] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] <... ioctl resumed>) = 0 [pid 6089] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... futex resumed>) = 0 [pid 6088] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6089] <... futex resumed>) = 1 [pid 6089] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6088] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6088] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6088] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6107 attached [pid 6107] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6107] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6088] <... clone3 resumed> => {parent_tid=[6107]}, 88) = 6107 [pid 6107] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6088] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6107] <... futex resumed>) = 0 [pid 6107] open(".", O_RDONLY) = 5 [pid 6107] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] <... futex resumed>) = 1 [pid 6088] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6088] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6107] <... futex resumed>) = 0 [pid 6107] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 99.407321][ T6089] BTRFS info (device loop0): balance: start -d -m [ 99.417279][ T6089] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 99.447402][ T6089] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6088] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6107] <... ioctl resumed>) = 0 [pid 6107] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] <... futex resumed>) = 0 [pid 6107] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6089] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6089] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6089] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6088] exit_group(0 [pid 6107] <... futex resumed>) = ? [pid 6107] +++ exited with 0 +++ [pid 6088] <... exit_group resumed>) = ? [pid 6089] <... futex resumed>) = ? [pid 6089] +++ exited with 0 +++ [pid 6088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6088, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [ 99.519409][ T6089] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 99.540023][ T6089] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 99.558696][ T6089] BTRFS info (device loop0): balance: ended with status: 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6108 attached , child_tidptr=0x5555570ad690) = 6108 [pid 6108] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6108] chdir("./52") = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6108] setpgid(0, 0) = 0 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6108] write(3, "1000", 4) = 4 [pid 6108] close(3) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6108] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6108] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6109 attached => {parent_tid=[6109]}, 88) = 6109 [pid 6109] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], [pid 6109] set_robust_list(0x7f0bd5e299a0, 24 [pid 6108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6109] <... set_robust_list resumed>) = 0 [pid 6109] rt_sigprocmask(SIG_SETMASK, [], [pid 6108] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6109] memfd_create("syzkaller", 0) = 3 [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6109] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6109] close(3) = 0 [pid 6109] mkdir("./file0", 0777) = 0 [ 100.091490][ T6109] loop0: detected capacity change from 0 to 32768 [ 100.107108][ T6109] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6109) [ 100.123393][ T6109] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 100.132740][ T6109] BTRFS info (device loop0): force clearing of disk cache [ 100.139949][ T6109] BTRFS info (device loop0): setting nodatasum [ 100.146170][ T6109] BTRFS info (device loop0): allowing degraded mounts [ 100.152956][ T6109] BTRFS info (device loop0): enabling disk space caching [ 100.160025][ T6109] BTRFS info (device loop0): disk space caching is enabled [ 100.179331][ T6109] BTRFS info (device loop0): enabling ssd optimizations [pid 6109] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6109] chdir("./file0") = 0 [pid 6109] ioctl(4, LOOP_CLR_FD) = 0 [pid 6109] close(4) = 0 [pid 6109] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6109] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6108] <... futex resumed>) = 0 [pid 6109] open("./file0", O_RDONLY [pid 6108] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] <... open resumed>) = 4 [ 100.186367][ T6109] BTRFS info (device loop0): auto enabling async discard [ 100.194466][ T6109] BTRFS info (device loop0): rebuilding free space tree [ 100.205531][ T6109] BTRFS info (device loop0): disabling free space tree [ 100.212427][ T6109] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 100.222167][ T6109] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 100.234875][ T6109] BTRFS info (device loop0): checking UUID tree [pid 6109] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6109] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6108] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6108] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6108] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6127]}, 88) = 6127 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6108] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6127 attached [pid 6127] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6127] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 100.289958][ T6109] BTRFS info (device loop0): balance: start -d -m [ 100.298802][ T6109] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 100.325859][ T6109] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6127] open(".", O_RDONLY) = 5 [pid 6127] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = 1 [pid 6127] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6108] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] <... ioctl resumed>) = 0 [pid 6127] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] <... futex resumed>) = 0 [pid 6127] <... futex resumed>) = 1 [pid 6127] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6109] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6109] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] exit_group(0 [pid 6127] <... futex resumed>) = ? [pid 6108] <... exit_group resumed>) = ? [pid 6127] +++ exited with 0 +++ [pid 6109] <... futex resumed>) = ? [pid 6109] +++ exited with 0 +++ [pid 6108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6108, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 100.409728][ T6109] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 100.429849][ T6109] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 100.448122][ T6109] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6128 attached , child_tidptr=0x5555570ad690) = 6128 [pid 6128] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6128] chdir("./53") = 0 [pid 6128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6128] setpgid(0, 0) = 0 [pid 6128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6128] write(3, "1000", 4) = 4 [pid 6128] close(3) = 0 [pid 6128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6128] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6128] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6128] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6129 attached [pid 6129] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6128] <... clone3 resumed> => {parent_tid=[6129]}, 88) = 6129 [pid 6129] set_robust_list(0x7f0bd5e299a0, 24 [pid 6128] rt_sigprocmask(SIG_SETMASK, [], [pid 6129] <... set_robust_list resumed>) = 0 [pid 6128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6129] rt_sigprocmask(SIG_SETMASK, [], [pid 6128] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6128] <... futex resumed>) = 0 [pid 6129] memfd_create("syzkaller", 0 [pid 6128] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6129] <... memfd_create resumed>) = 3 [pid 6129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6129] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6129] close(3) = 0 [pid 6129] mkdir("./file0", 0777) = 0 [ 100.944180][ T6129] loop0: detected capacity change from 0 to 32768 [ 100.963596][ T6129] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6129) [ 100.980437][ T6129] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 6129] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6129] chdir("./file0") = 0 [ 100.989791][ T6129] BTRFS info (device loop0): force clearing of disk cache [ 100.996975][ T6129] BTRFS info (device loop0): setting nodatasum [ 101.003139][ T6129] BTRFS info (device loop0): allowing degraded mounts [ 101.009995][ T6129] BTRFS info (device loop0): enabling disk space caching [pid 6129] ioctl(4, LOOP_CLR_FD) = 0 [pid 6129] close(4) = 0 [pid 6129] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6128] <... futex resumed>) = 0 [pid 6128] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6129] open("./file0", O_RDONLY [pid 6128] <... futex resumed>) = 0 [pid 6128] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6129] <... open resumed>) = 4 [pid 6129] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6128] <... futex resumed>) = 0 [pid 6129] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6128] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6128] <... futex resumed>) = 0 [pid 6129] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6128] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6129] <... ioctl resumed>) = 0 [pid 6129] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] <... futex resumed>) = 0 [pid 6129] <... futex resumed>) = 1 [pid 6128] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6129] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6128] <... futex resumed>) = 0 [pid 6128] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6128] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6128] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6147 attached [pid 6147] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6128] <... clone3 resumed> => {parent_tid=[6147]}, 88) = 6147 [pid 6147] <... rseq resumed>) = 0 [pid 6128] rt_sigprocmask(SIG_SETMASK, [], [pid 6147] set_robust_list(0x7f0bd5e089a0, 24 [pid 6128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] <... set_robust_list resumed>) = 0 [pid 6128] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], [pid 6128] <... futex resumed>) = 0 [pid 6147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6128] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] open(".", O_RDONLY) = 5 [pid 6147] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6128] <... futex resumed>) = 0 [pid 6147] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6128] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6128] <... futex resumed>) = 1 [pid 6147] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6128] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... ioctl resumed>) = 0 [pid 6147] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6128] <... futex resumed>) = 0 [pid 6129] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6129] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] exit_group(0 [pid 6129] <... futex resumed>) = 231 [pid 6147] <... futex resumed>) = ? [pid 6128] <... exit_group resumed>) = ? [pid 6147] +++ exited with 0 +++ [pid 6129] +++ exited with 0 +++ [pid 6128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6128, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6148 attached [pid 6148] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6148] chdir("./54") = 0 [pid 6148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6148 [pid 6148] setpgid(0, 0) = 0 [pid 6148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6148] write(3, "1000", 4) = 4 [pid 6148] close(3) = 0 [pid 6148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6148] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6148] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6148] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6148] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6149 attached [pid 6149] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6148] <... clone3 resumed> => {parent_tid=[6149]}, 88) = 6149 [pid 6149] <... rseq resumed>) = 0 [pid 6148] rt_sigprocmask(SIG_SETMASK, [], [pid 6149] set_robust_list(0x7f0bd5e299a0, 24 [pid 6148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6149] <... set_robust_list resumed>) = 0 [pid 6148] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] rt_sigprocmask(SIG_SETMASK, [], [pid 6148] <... futex resumed>) = 0 [pid 6149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6148] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6149] memfd_create("syzkaller", 0) = 3 [pid 6149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6149] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6149] close(3) = 0 [pid 6149] mkdir("./file0", 0777) = 0 [ 101.641868][ T6149] loop0: detected capacity change from 0 to 32768 [ 101.667007][ T6149] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6149) [ 101.684112][ T6149] _btrfs_printk: 14 callbacks suppressed [ 101.684127][ T6149] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 101.699197][ T6149] BTRFS info (device loop0): force clearing of disk cache [ 101.706396][ T6149] BTRFS info (device loop0): setting nodatasum [ 101.712559][ T6149] BTRFS info (device loop0): allowing degraded mounts [ 101.719375][ T6149] BTRFS info (device loop0): enabling disk space caching [ 101.726443][ T6149] BTRFS info (device loop0): disk space caching is enabled [ 101.747610][ T6149] BTRFS info (device loop0): enabling ssd optimizations [ 101.754720][ T6149] BTRFS info (device loop0): auto enabling async discard [ 101.762574][ T6149] BTRFS info (device loop0): rebuilding free space tree [ 101.776759][ T6149] BTRFS info (device loop0): disabling free space tree [ 101.783979][ T6149] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6149] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6149] chdir("./file0") = 0 [pid 6149] ioctl(4, LOOP_CLR_FD) = 0 [pid 6149] close(4) = 0 [pid 6149] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [pid 6149] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6148] <... futex resumed>) = 0 [pid 6149] open("./file0", O_RDONLY [pid 6148] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... open resumed>) = 4 [pid 6149] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [pid 6149] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6148] <... futex resumed>) = 0 [pid 6149] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6148] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... ioctl resumed>) = 0 [pid 6149] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [pid 6149] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6149] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 101.793666][ T6149] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 101.806990][ T6149] BTRFS info (device loop0): checking UUID tree [pid 6148] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6148] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6148] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6167]}, 88) = 6167 ./strace-static-x86_64: Process 6167 attached [pid 6148] rt_sigprocmask(SIG_SETMASK, [], [pid 6167] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6167] <... rseq resumed>) = 0 [pid 6167] set_robust_list(0x7f0bd5e089a0, 24 [pid 6148] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... set_robust_list resumed>) = 0 [pid 6167] rt_sigprocmask(SIG_SETMASK, [], [pid 6148] <... futex resumed>) = 0 [pid 6167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6148] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6167] open(".", O_RDONLY) = 5 [pid 6167] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 101.857750][ T6149] BTRFS info (device loop0): balance: start -d -m [ 101.865479][ T6149] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 101.888439][ T6149] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6148] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6167] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 6167] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6148] <... futex resumed>) = 0 [ 101.973897][ T6149] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 101.999710][ T6149] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6167] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6149] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6149] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6148] exit_group(0 [pid 6167] <... futex resumed>) = ? [pid 6149] <... futex resumed>) = ? [pid 6148] <... exit_group resumed>) = ? [pid 6167] +++ exited with 0 +++ [pid 6149] +++ exited with 0 +++ [pid 6148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6148, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 102.017823][ T6149] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6168 attached , child_tidptr=0x5555570ad690) = 6168 [pid 6168] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6168] chdir("./55") = 0 [pid 6168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6168] setpgid(0, 0) = 0 [pid 6168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6168] write(3, "1000", 4) = 4 [pid 6168] close(3) = 0 [pid 6168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6168] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6168] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6168] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6169 attached [pid 6169] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6168] <... clone3 resumed> => {parent_tid=[6169]}, 88) = 6169 [pid 6169] <... rseq resumed>) = 0 [pid 6168] rt_sigprocmask(SIG_SETMASK, [], [pid 6169] set_robust_list(0x7f0bd5e299a0, 24 [pid 6168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6169] <... set_robust_list resumed>) = 0 [pid 6168] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] rt_sigprocmask(SIG_SETMASK, [], [pid 6168] <... futex resumed>) = 0 [pid 6169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6168] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6169] memfd_create("syzkaller", 0) = 3 [pid 6169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6169] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6169] close(3) = 0 [pid 6169] mkdir("./file0", 0777) = 0 [ 102.595015][ T6169] loop0: detected capacity change from 0 to 32768 [ 102.610042][ T6169] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6169) [ 102.625140][ T6169] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 102.634431][ T6169] BTRFS info (device loop0): force clearing of disk cache [ 102.641552][ T6169] BTRFS info (device loop0): setting nodatasum [ 102.647755][ T6169] BTRFS info (device loop0): allowing degraded mounts [ 102.654608][ T6169] BTRFS info (device loop0): enabling disk space caching [ 102.661641][ T6169] BTRFS info (device loop0): disk space caching is enabled [ 102.680901][ T6169] BTRFS info (device loop0): enabling ssd optimizations [ 102.687935][ T6169] BTRFS info (device loop0): auto enabling async discard [pid 6169] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6169] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6169] chdir("./file0") = 0 [pid 6169] ioctl(4, LOOP_CLR_FD) = 0 [pid 6169] close(4) = 0 [pid 6169] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] open("./file0", O_RDONLY [pid 6168] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] <... open resumed>) = 4 [ 102.696679][ T6169] BTRFS info (device loop0): rebuilding free space tree [ 102.707765][ T6169] BTRFS info (device loop0): disabling free space tree [ 102.714880][ T6169] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 102.724593][ T6169] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 102.737265][ T6169] BTRFS info (device loop0): checking UUID tree [pid 6169] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6168] <... futex resumed>) = 0 [pid 6168] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] <... ioctl resumed>) = 0 [pid 6169] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6169] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6168] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6168] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6168] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6187 attached [pid 6187] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6168] <... clone3 resumed> => {parent_tid=[6187]}, 88) = 6187 [pid 6187] <... rseq resumed>) = 0 [pid 6168] rt_sigprocmask(SIG_SETMASK, [], [pid 6187] set_robust_list(0x7f0bd5e089a0, 24 [pid 6168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6187] <... set_robust_list resumed>) = 0 [pid 6187] rt_sigprocmask(SIG_SETMASK, [], [pid 6168] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6168] <... futex resumed>) = 0 [pid 6187] open(".", O_RDONLY [pid 6168] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... open resumed>) = 5 [ 102.823805][ T6169] BTRFS info (device loop0): balance: start -d -m [ 102.832767][ T6169] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 102.859273][ T6169] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6187] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6187] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = 0 [pid 6168] <... futex resumed>) = 1 [pid 6187] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6168] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... ioctl resumed>) = 0 [pid 6187] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [ 102.898905][ T6169] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 102.926077][ T6169] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6187] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6169] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6169] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6169] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] exit_group(0 [pid 6187] <... futex resumed>) = ? [pid 6168] <... exit_group resumed>) = ? [pid 6187] +++ exited with 0 +++ [pid 6169] <... futex resumed>) = ? [pid 6169] +++ exited with 0 +++ [pid 6168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6168, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 102.945433][ T6169] BTRFS info (device loop0): balance: ended with status: 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6188 attached , child_tidptr=0x5555570ad690) = 6188 [pid 6188] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6188] chdir("./56") = 0 [pid 6188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6188] setpgid(0, 0) = 0 [pid 6188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6188] write(3, "1000", 4) = 4 [pid 6188] close(3) = 0 [pid 6188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6188] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6188] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6188] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6189 attached => {parent_tid=[6189]}, 88) = 6189 [pid 6189] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6188] rt_sigprocmask(SIG_SETMASK, [], [pid 6189] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6188] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] memfd_create("syzkaller", 0 [pid 6188] <... futex resumed>) = 0 [pid 6189] <... memfd_create resumed>) = 3 [pid 6188] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6189] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6189] close(3) = 0 [pid 6189] mkdir("./file0", 0777) = 0 [ 103.494911][ T6189] loop0: detected capacity change from 0 to 32768 [ 103.505182][ T6189] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6189) [ 103.521901][ T6189] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 103.531295][ T6189] BTRFS info (device loop0): force clearing of disk cache [ 103.538668][ T6189] BTRFS info (device loop0): setting nodatasum [ 103.545175][ T6189] BTRFS info (device loop0): allowing degraded mounts [ 103.551962][ T6189] BTRFS info (device loop0): enabling disk space caching [ 103.559096][ T6189] BTRFS info (device loop0): disk space caching is enabled [ 103.580290][ T6189] BTRFS info (device loop0): enabling ssd optimizations [ 103.587355][ T6189] BTRFS info (device loop0): auto enabling async discard [pid 6189] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6189] chdir("./file0") = 0 [pid 6189] ioctl(4, LOOP_CLR_FD) = 0 [pid 6189] close(4) = 0 [pid 6189] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6189] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6188] <... futex resumed>) = 1 [pid 6189] open("./file0", O_RDONLY [pid 6188] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] <... open resumed>) = 4 [pid 6189] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6189] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6188] <... futex resumed>) = 0 [pid 6189] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6188] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] <... ioctl resumed>) = 0 [ 103.595474][ T6189] BTRFS info (device loop0): rebuilding free space tree [ 103.607038][ T6189] BTRFS info (device loop0): disabling free space tree [ 103.614081][ T6189] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 103.623750][ T6189] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 103.636633][ T6189] BTRFS info (device loop0): checking UUID tree [pid 6189] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6189] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6188] <... futex resumed>) = 0 [pid 6189] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6188] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6188] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6188] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6207 attached => {parent_tid=[6207]}, 88) = 6207 [pid 6207] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6188] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6207] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6207] open(".", O_RDONLY) = 5 [pid 6207] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6207] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 103.679804][ T6189] BTRFS info (device loop0): balance: start -d -m [ 103.690601][ T6189] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 103.715299][ T6189] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6207] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 6207] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6207] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6189] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] exit_group(0 [pid 6207] <... futex resumed>) = ? [pid 6189] <... futex resumed>) = ? [pid 6188] <... exit_group resumed>) = ? [pid 6207] +++ exited with 0 +++ [pid 6189] +++ exited with 0 +++ [pid 6188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6188, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 103.793729][ T6189] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 103.817713][ T6189] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 103.836218][ T6189] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6208 attached , child_tidptr=0x5555570ad690) = 6208 [pid 6208] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6208] chdir("./57") = 0 [pid 6208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6208] setpgid(0, 0) = 0 [pid 6208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6208] write(3, "1000", 4) = 4 [pid 6208] close(3) = 0 [pid 6208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6208] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6208] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6208] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6208] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6209 attached [pid 6209] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6208] <... clone3 resumed> => {parent_tid=[6209]}, 88) = 6209 [pid 6209] <... rseq resumed>) = 0 [pid 6208] rt_sigprocmask(SIG_SETMASK, [], [pid 6209] set_robust_list(0x7f0bd5e299a0, 24 [pid 6208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6209] <... set_robust_list resumed>) = 0 [pid 6208] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] rt_sigprocmask(SIG_SETMASK, [], [pid 6208] <... futex resumed>) = 0 [pid 6209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6208] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6209] memfd_create("syzkaller", 0) = 3 [pid 6209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6209] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6209] close(3) = 0 [pid 6209] mkdir("./file0", 0777) = 0 [ 104.326352][ T6209] loop0: detected capacity change from 0 to 32768 [ 104.341201][ T6209] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6209) [ 104.357248][ T6209] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 104.366689][ T6209] BTRFS info (device loop0): force clearing of disk cache [ 104.373894][ T6209] BTRFS info (device loop0): setting nodatasum [ 104.380264][ T6209] BTRFS info (device loop0): allowing degraded mounts [ 104.387375][ T6209] BTRFS info (device loop0): enabling disk space caching [ 104.394617][ T6209] BTRFS info (device loop0): disk space caching is enabled [ 104.413803][ T6209] BTRFS info (device loop0): enabling ssd optimizations [pid 6209] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6209] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6209] chdir("./file0") = 0 [pid 6209] ioctl(4, LOOP_CLR_FD) = 0 [pid 6209] close(4) = 0 [ 104.420823][ T6209] BTRFS info (device loop0): auto enabling async discard [ 104.429222][ T6209] BTRFS info (device loop0): rebuilding free space tree [ 104.440075][ T6209] BTRFS info (device loop0): disabling free space tree [ 104.447158][ T6209] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 104.456897][ T6209] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 104.469708][ T6209] BTRFS info (device loop0): checking UUID tree [pid 6209] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6209] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6208] <... futex resumed>) = 0 [pid 6208] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6208] <... futex resumed>) = 0 [pid 6209] open("./file0", O_RDONLY [pid 6208] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6209] <... open resumed>) = 4 [pid 6209] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6209] <... futex resumed>) = 0 [pid 6208] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6208] <... futex resumed>) = 0 [pid 6208] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6209] <... ioctl resumed>) = 0 [pid 6209] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6208] <... futex resumed>) = 0 [pid 6209] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6208] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6208] <... futex resumed>) = 0 [pid 6209] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6208] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6208] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6208] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6208] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6227]}, 88) = 6227 [pid 6208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6208] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6208] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6227 attached [pid 6227] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6227] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 104.561430][ T6209] BTRFS info (device loop0): balance: start -d -m [ 104.571188][ T6209] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 104.596368][ T6209] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6227] open(".", O_RDONLY) = 5 [pid 6227] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6208] <... futex resumed>) = 0 [pid 6227] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6208] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6227] <... futex resumed>) = 0 [pid 6208] <... futex resumed>) = 1 [pid 6227] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6208] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6227] <... ioctl resumed>) = 0 [pid 6227] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6208] <... futex resumed>) = 0 [ 104.637771][ T6209] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6227] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6209] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6209] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6208] exit_group(0 [pid 6227] <... futex resumed>) = ? [pid 6209] <... futex resumed>) = ? [pid 6208] <... exit_group resumed>) = ? [pid 6227] +++ exited with 0 +++ [pid 6209] +++ exited with 0 +++ [pid 6208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6208, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 104.679087][ T6209] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 104.698042][ T6209] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6228 attached , child_tidptr=0x5555570ad690) = 6228 [pid 6228] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6228] chdir("./58") = 0 [pid 6228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6228] setpgid(0, 0) = 0 [pid 6228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6228] write(3, "1000", 4) = 4 [pid 6228] close(3) = 0 [pid 6228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6228] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6228] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6229 attached [pid 6229] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6228] <... clone3 resumed> => {parent_tid=[6229]}, 88) = 6229 [pid 6229] set_robust_list(0x7f0bd5e299a0, 24 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], [pid 6229] <... set_robust_list resumed>) = 0 [pid 6228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6229] rt_sigprocmask(SIG_SETMASK, [], [pid 6228] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6228] <... futex resumed>) = 0 [pid 6229] memfd_create("syzkaller", 0 [pid 6228] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6229] <... memfd_create resumed>) = 3 [pid 6229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6229] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6229] close(3) = 0 [pid 6229] mkdir("./file0", 0777) = 0 [ 105.222006][ T6229] loop0: detected capacity change from 0 to 32768 [ 105.237754][ T6229] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6229) [ 105.254311][ T6229] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 105.263556][ T6229] BTRFS info (device loop0): force clearing of disk cache [ 105.270723][ T6229] BTRFS info (device loop0): setting nodatasum [ 105.276935][ T6229] BTRFS info (device loop0): allowing degraded mounts [ 105.283703][ T6229] BTRFS info (device loop0): enabling disk space caching [ 105.290766][ T6229] BTRFS info (device loop0): disk space caching is enabled [ 105.309546][ T6229] BTRFS info (device loop0): enabling ssd optimizations [pid 6229] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6229] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6229] chdir("./file0") = 0 [pid 6229] ioctl(4, LOOP_CLR_FD) = 0 [pid 6229] close(4) = 0 [pid 6229] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 105.316589][ T6229] BTRFS info (device loop0): auto enabling async discard [ 105.324729][ T6229] BTRFS info (device loop0): rebuilding free space tree [ 105.336150][ T6229] BTRFS info (device loop0): disabling free space tree [ 105.343062][ T6229] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 105.352814][ T6229] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 105.366379][ T6229] BTRFS info (device loop0): checking UUID tree [pid 6229] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = 0 [pid 6228] <... futex resumed>) = 1 [pid 6229] open("./file0", O_RDONLY [pid 6228] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... open resumed>) = 4 [pid 6229] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6229] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6228] <... futex resumed>) = 0 [pid 6229] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6228] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... ioctl resumed>) = 0 [pid 6229] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6229] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6228] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6228] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6228] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6228] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6247]}, 88) = 6247 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6228] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6247 attached ) = 0 [pid 6228] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6247] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6247] open(".", O_RDONLY) = 5 [pid 6247] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 6247] <... futex resumed>) = 1 [pid 6228] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6228] <... futex resumed>) = 0 [ 105.444447][ T6229] BTRFS info (device loop0): balance: start -d -m [ 105.453126][ T6229] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 105.475252][ T6229] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6228] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... ioctl resumed>) = 0 [pid 6247] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6247] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] <... futex resumed>) = 0 [pid 6229] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6229] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] exit_group(0 [pid 6247] <... futex resumed>) = ? [pid 6228] <... exit_group resumed>) = ? [pid 6247] +++ exited with 0 +++ [pid 6229] <... futex resumed>) = ? [pid 6229] +++ exited with 0 +++ [pid 6228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6228, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 105.549220][ T6229] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 105.569934][ T6229] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 105.588232][ T6229] BTRFS info (device loop0): balance: ended with status: 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6248 attached , child_tidptr=0x5555570ad690) = 6248 [pid 6248] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6248] chdir("./59") = 0 [pid 6248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6248] setpgid(0, 0) = 0 [pid 6248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6248] write(3, "1000", 4) = 4 [pid 6248] close(3) = 0 [pid 6248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6248] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6248] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6248] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6249 attached [pid 6249] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6248] <... clone3 resumed> => {parent_tid=[6249]}, 88) = 6249 [pid 6249] set_robust_list(0x7f0bd5e299a0, 24 [pid 6248] rt_sigprocmask(SIG_SETMASK, [], [pid 6249] <... set_robust_list resumed>) = 0 [pid 6248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6249] rt_sigprocmask(SIG_SETMASK, [], [pid 6248] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6249] memfd_create("syzkaller", 0) = 3 [pid 6249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6249] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6249] close(3) = 0 [pid 6249] mkdir("./file0", 0777) = 0 [ 106.145094][ T6249] loop0: detected capacity change from 0 to 32768 [ 106.165197][ T6249] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6249) [ 106.180152][ T6249] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 6249] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6249] chdir("./file0") = 0 [ 106.189496][ T6249] BTRFS info (device loop0): force clearing of disk cache [ 106.196684][ T6249] BTRFS info (device loop0): setting nodatasum [ 106.202883][ T6249] BTRFS info (device loop0): allowing degraded mounts [ 106.209689][ T6249] BTRFS info (device loop0): enabling disk space caching [pid 6249] ioctl(4, LOOP_CLR_FD) = 0 [pid 6249] close(4) = 0 [pid 6249] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6248] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] <... futex resumed>) = 0 [pid 6249] open("./file0", O_RDONLY) = 4 [pid 6249] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6248] <... futex resumed>) = 0 [pid 6249] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6248] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6249] <... futex resumed>) = 0 [pid 6249] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6249] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6249] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6248] <... futex resumed>) = 1 [pid 6248] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6248] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6249] <... futex resumed>) = 0 [pid 6249] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6248] <... futex resumed>) = 1 [pid 6248] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6248] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6248] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6248] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6249] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6267 attached [pid 6249] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6248] <... clone3 resumed> => {parent_tid=[6267]}, 88) = 6267 [pid 6267] <... rseq resumed>) = 0 [pid 6248] rt_sigprocmask(SIG_SETMASK, [], [pid 6267] set_robust_list(0x7f0bd5e089a0, 24 [pid 6248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6267] <... set_robust_list resumed>) = 0 [pid 6248] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6248] <... futex resumed>) = 0 [pid 6267] open(".", O_RDONLY [pid 6248] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... open resumed>) = 5 [pid 6267] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6249] <... futex resumed>) = 0 [pid 6267] <... futex resumed>) = 1 [pid 6249] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6248] <... futex resumed>) = 0 [pid 6267] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6248] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6249] <... futex resumed>) = 0 [pid 6248] <... futex resumed>) = 1 [pid 6249] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6248] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] <... ioctl resumed>) = 0 [pid 6249] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6248] <... futex resumed>) = 0 [pid 6249] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6248] exit_group(0 [pid 6267] <... futex resumed>) = ? [pid 6249] <... futex resumed>) = ? [pid 6248] <... exit_group resumed>) = ? [pid 6267] +++ exited with 0 +++ [pid 6249] +++ exited with 0 +++ [pid 6248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6248, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6268 attached , child_tidptr=0x5555570ad690) = 6268 [pid 6268] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6268] chdir("./60") = 0 [pid 6268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6268] setpgid(0, 0) = 0 [pid 6268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6268] write(3, "1000", 4) = 4 [pid 6268] close(3) = 0 [pid 6268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6268] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6268] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6268] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6269 attached [pid 6269] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6268] <... clone3 resumed> => {parent_tid=[6269]}, 88) = 6269 [pid 6269] set_robust_list(0x7f0bd5e299a0, 24 [pid 6268] rt_sigprocmask(SIG_SETMASK, [], [pid 6269] <... set_robust_list resumed>) = 0 [pid 6268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6269] rt_sigprocmask(SIG_SETMASK, [], [pid 6268] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6268] <... futex resumed>) = 0 [pid 6269] memfd_create("syzkaller", 0 [pid 6268] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6269] <... memfd_create resumed>) = 3 [pid 6269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6269] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6269] close(3) = 0 [pid 6269] mkdir("./file0", 0777) = 0 [ 106.971438][ T6269] loop0: detected capacity change from 0 to 32768 [ 106.985732][ T6269] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6269) [ 107.002301][ T6269] _btrfs_printk: 14 callbacks suppressed [ 107.002316][ T6269] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 107.017386][ T6269] BTRFS info (device loop0): force clearing of disk cache [ 107.024560][ T6269] BTRFS info (device loop0): setting nodatasum [ 107.030722][ T6269] BTRFS info (device loop0): allowing degraded mounts [ 107.037643][ T6269] BTRFS info (device loop0): enabling disk space caching [ 107.044731][ T6269] BTRFS info (device loop0): disk space caching is enabled [ 107.065263][ T6269] BTRFS info (device loop0): enabling ssd optimizations [ 107.072241][ T6269] BTRFS info (device loop0): auto enabling async discard [ 107.080533][ T6269] BTRFS info (device loop0): rebuilding free space tree [ 107.091192][ T6269] BTRFS info (device loop0): disabling free space tree [ 107.098209][ T6269] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 107.107889][ T6269] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6269] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6269] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6269] chdir("./file0") = 0 [pid 6269] ioctl(4, LOOP_CLR_FD) = 0 [pid 6269] close(4) = 0 [pid 6269] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... futex resumed>) = 0 [pid 6268] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] <... futex resumed>) = 1 [pid 6268] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 107.120440][ T6269] BTRFS info (device loop0): checking UUID tree [pid 6269] open("./file0", O_RDONLY) = 4 [pid 6269] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6268] <... futex resumed>) = 0 [pid 6269] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6268] <... futex resumed>) = 0 [pid 6269] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6268] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6269] <... ioctl resumed>) = 0 [pid 6269] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6268] <... futex resumed>) = 0 [pid 6269] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6269] <... futex resumed>) = 0 [pid 6268] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6269] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6268] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6268] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6268] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6287 attached [ 107.211182][ T6269] BTRFS info (device loop0): balance: start -d -m [ 107.220225][ T6269] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 107.247896][ T6269] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6287] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6268] <... clone3 resumed> => {parent_tid=[6287]}, 88) = 6287 [pid 6287] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6268] rt_sigprocmask(SIG_SETMASK, [], [pid 6287] rt_sigprocmask(SIG_SETMASK, [], [pid 6268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6268] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] open(".", O_RDONLY [pid 6268] <... futex resumed>) = 0 [pid 6287] <... open resumed>) = 5 [pid 6268] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6287] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6287] <... futex resumed>) = 0 [pid 6268] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6268] <... futex resumed>) = 0 [pid 6268] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6287] <... ioctl resumed>) = 0 [pid 6287] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6268] <... futex resumed>) = 0 [ 107.279739][ T6269] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 107.319260][ T6269] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6287] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6269] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6269] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] exit_group(0 [pid 6269] <... futex resumed>) = ? [pid 6268] <... exit_group resumed>) = ? [pid 6269] +++ exited with 0 +++ [pid 6287] <... futex resumed>) = ? [pid 6287] +++ exited with 0 +++ [pid 6268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6268, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 107.336504][ T6269] BTRFS info (device loop0): balance: ended with status: 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6288 attached , child_tidptr=0x5555570ad690) = 6288 [pid 6288] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6288] chdir("./61") = 0 [pid 6288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6288] setpgid(0, 0) = 0 [pid 6288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6288] write(3, "1000", 4) = 4 [pid 6288] close(3) = 0 [pid 6288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6288] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6288] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6289 attached [pid 6289] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6288] <... clone3 resumed> => {parent_tid=[6289]}, 88) = 6289 [pid 6289] <... rseq resumed>) = 0 [pid 6288] rt_sigprocmask(SIG_SETMASK, [], [pid 6289] set_robust_list(0x7f0bd5e299a0, 24 [pid 6288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6289] <... set_robust_list resumed>) = 0 [pid 6288] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6288] <... futex resumed>) = 0 [pid 6289] memfd_create("syzkaller", 0 [pid 6288] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6289] <... memfd_create resumed>) = 3 [pid 6289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6289] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6289] close(3) = 0 [pid 6289] mkdir("./file0", 0777) = 0 [ 107.856678][ T6289] loop0: detected capacity change from 0 to 32768 [ 107.870634][ T6289] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6289) [ 107.885727][ T6289] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 107.895263][ T6289] BTRFS info (device loop0): force clearing of disk cache [ 107.902382][ T6289] BTRFS info (device loop0): setting nodatasum [ 107.908583][ T6289] BTRFS info (device loop0): allowing degraded mounts [ 107.915396][ T6289] BTRFS info (device loop0): enabling disk space caching [ 107.922426][ T6289] BTRFS info (device loop0): disk space caching is enabled [ 107.941572][ T6289] BTRFS info (device loop0): enabling ssd optimizations [ 107.948747][ T6289] BTRFS info (device loop0): auto enabling async discard [pid 6289] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6289] chdir("./file0") = 0 [pid 6289] ioctl(4, LOOP_CLR_FD) = 0 [pid 6289] close(4) = 0 [pid 6289] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6289] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6288] <... futex resumed>) = 0 [pid 6289] open("./file0", O_RDONLY [pid 6288] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... open resumed>) = 4 [pid 6289] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6289] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6288] <... futex resumed>) = 0 [pid 6289] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6288] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... ioctl resumed>) = 0 [ 107.956789][ T6289] BTRFS info (device loop0): rebuilding free space tree [ 107.967902][ T6289] BTRFS info (device loop0): disabling free space tree [ 107.974924][ T6289] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 107.984621][ T6289] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 107.997928][ T6289] BTRFS info (device loop0): checking UUID tree [pid 6289] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6288] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6288] <... futex resumed>) = 0 [pid 6288] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6288] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6288] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6307 attached => {parent_tid=[6307]}, 88) = 6307 [ 108.042453][ T6289] BTRFS info (device loop0): balance: start -d -m [ 108.050647][ T6289] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 108.077637][ T6289] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6307] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6288] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... rseq resumed>) = 0 [pid 6288] <... futex resumed>) = 0 [pid 6307] set_robust_list(0x7f0bd5e089a0, 24 [pid 6288] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... set_robust_list resumed>) = 0 [pid 6307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6307] open(".", O_RDONLY) = 5 [pid 6307] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6288] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6288] <... futex resumed>) = 0 [ 108.125494][ T6289] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 108.161100][ T6289] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6288] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... ioctl resumed>) = 0 [pid 6307] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6307] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] <... futex resumed>) = 0 [pid 6289] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6289] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] exit_group(0 [pid 6307] <... futex resumed>) = ? [pid 6289] <... futex resumed>) = ? [pid 6288] <... exit_group resumed>) = ? [pid 6307] +++ exited with 0 +++ [pid 6289] +++ exited with 0 +++ [pid 6288] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6288, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 108.186246][ T6289] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6308 attached , child_tidptr=0x5555570ad690) = 6308 [pid 6308] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6308] chdir("./62") = 0 [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6308] setpgid(0, 0) = 0 [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6308] write(3, "1000", 4) = 4 [pid 6308] close(3) = 0 [pid 6308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6308] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6308] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6309 attached [pid 6309] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6308] <... clone3 resumed> => {parent_tid=[6309]}, 88) = 6309 [pid 6309] set_robust_list(0x7f0bd5e299a0, 24 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], [pid 6309] <... set_robust_list resumed>) = 0 [pid 6309] rt_sigprocmask(SIG_SETMASK, [], [pid 6308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6308] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] memfd_create("syzkaller", 0 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6309] <... memfd_create resumed>) = 3 [pid 6309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6309] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6309] close(3) = 0 [pid 6309] mkdir("./file0", 0777) = 0 [ 108.636440][ T6309] loop0: detected capacity change from 0 to 32768 [ 108.666288][ T6309] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6309) [ 108.682961][ T6309] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 108.692271][ T6309] BTRFS info (device loop0): force clearing of disk cache [ 108.699558][ T6309] BTRFS info (device loop0): setting nodatasum [ 108.705760][ T6309] BTRFS info (device loop0): allowing degraded mounts [ 108.712541][ T6309] BTRFS info (device loop0): enabling disk space caching [ 108.719769][ T6309] BTRFS info (device loop0): disk space caching is enabled [ 108.739096][ T6309] BTRFS info (device loop0): enabling ssd optimizations [ 108.746131][ T6309] BTRFS info (device loop0): auto enabling async discard [ 108.754476][ T6309] BTRFS info (device loop0): rebuilding free space tree [ 108.765773][ T6309] BTRFS info (device loop0): disabling free space tree [ 108.772669][ T6309] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6309] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6309] chdir("./file0") = 0 [pid 6309] ioctl(4, LOOP_CLR_FD) = 0 [pid 6309] close(4) = 0 [pid 6309] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] <... futex resumed>) = 0 [pid 6309] open("./file0", O_RDONLY [pid 6308] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... open resumed>) = 4 [pid 6309] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6309] <... futex resumed>) = 1 [pid 6309] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6308] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... ioctl resumed>) = 0 [pid 6309] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6308] <... futex resumed>) = 0 [ 108.782426][ T6309] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 108.794934][ T6309] BTRFS info (device loop0): checking UUID tree [pid 6308] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6308] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6308] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 108.845101][ T6309] BTRFS info (device loop0): balance: start -d -m [ 108.853676][ T6309] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 108.878755][ T6309] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6327]}, 88) = 6327 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6308] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6327 attached [pid 6327] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6327] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6327] open(".", O_RDONLY) = 5 [pid 6327] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] <... futex resumed>) = 0 [pid 6308] <... futex resumed>) = 1 [pid 6327] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6308] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6327] <... ioctl resumed>) = 0 [pid 6327] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [ 108.926504][ T6309] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 108.958347][ T6309] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6327] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6309] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] exit_group(0 [pid 6327] <... futex resumed>) = ? [pid 6309] <... futex resumed>) = ? [pid 6308] <... exit_group resumed>) = ? [pid 6327] +++ exited with 0 +++ [pid 6309] +++ exited with 0 +++ [pid 6308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6308, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 108.990606][ T6309] BTRFS info (device loop0): balance: ended with status: 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6328 attached [pid 6328] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6328] chdir("./63") = 0 [pid 6328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6328 [pid 6328] setpgid(0, 0) = 0 [pid 6328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6328] write(3, "1000", 4) = 4 [pid 6328] close(3) = 0 [pid 6328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6328] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6328] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6329 attached [pid 6329] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6328] <... clone3 resumed> => {parent_tid=[6329]}, 88) = 6329 [pid 6329] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6329] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] <... futex resumed>) = 0 [pid 6328] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] memfd_create("syzkaller", 0) = 3 [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6329] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6329] close(3) = 0 [pid 6329] mkdir("./file0", 0777) = 0 [ 109.533429][ T6329] loop0: detected capacity change from 0 to 32768 [ 109.543592][ T6329] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6329) [ 109.559109][ T6329] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 109.568629][ T6329] BTRFS info (device loop0): force clearing of disk cache [ 109.575836][ T6329] BTRFS info (device loop0): setting nodatasum [ 109.582008][ T6329] BTRFS info (device loop0): allowing degraded mounts [ 109.588852][ T6329] BTRFS info (device loop0): enabling disk space caching [ 109.595940][ T6329] BTRFS info (device loop0): disk space caching is enabled [ 109.615482][ T6329] BTRFS info (device loop0): enabling ssd optimizations [ 109.622459][ T6329] BTRFS info (device loop0): auto enabling async discard [pid 6329] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6329] chdir("./file0") = 0 [pid 6329] ioctl(4, LOOP_CLR_FD) = 0 [pid 6329] close(4) = 0 [pid 6329] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6329] <... futex resumed>) = 1 [pid 6328] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] open("./file0", O_RDONLY) = 4 [pid 6329] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6329] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6328] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... ioctl resumed>) = 0 [pid 6328] <... futex resumed>) = 0 [pid 6329] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] <... futex resumed>) = 0 [pid 6328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6329] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6328] <... futex resumed>) = 0 [pid 6329] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 109.631223][ T6329] BTRFS info (device loop0): rebuilding free space tree [ 109.642664][ T6329] BTRFS info (device loop0): disabling free space tree [ 109.649911][ T6329] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 109.659767][ T6329] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 109.672658][ T6329] BTRFS info (device loop0): checking UUID tree [pid 6328] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6328] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6328] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6347 attached [ 109.712056][ T6329] BTRFS info (device loop0): balance: start -d -m [ 109.720742][ T6329] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 109.742955][ T6329] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata => {parent_tid=[6347]}, 88) = 6347 [pid 6347] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6347] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6347] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... futex resumed>) = 0 [pid 6328] <... futex resumed>) = 1 [pid 6347] open(".", O_RDONLY [pid 6328] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... open resumed>) = 5 [pid 6347] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6347] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6328] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.788187][ T6329] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6328] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... ioctl resumed>) = 0 [pid 6347] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6347] <... futex resumed>) = 1 [pid 6347] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6329] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6329] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6329] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] exit_group(0 [pid 6347] <... futex resumed>) = ? [pid 6347] +++ exited with 0 +++ [pid 6328] <... exit_group resumed>) = ? [pid 6329] <... futex resumed>) = ? [pid 6329] +++ exited with 0 +++ [pid 6328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6328, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 109.850739][ T6329] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 109.870473][ T6329] BTRFS info (device loop0): balance: ended with status: 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6348 attached , child_tidptr=0x5555570ad690) = 6348 [pid 6348] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6348] chdir("./64") = 0 [pid 6348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6348] setpgid(0, 0) = 0 [pid 6348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6348] write(3, "1000", 4) = 4 [pid 6348] close(3) = 0 [pid 6348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6348] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6348] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6349 attached [pid 6349] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6349] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6349] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] <... clone3 resumed> => {parent_tid=[6349]}, 88) = 6349 [pid 6348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6348] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = 0 [pid 6348] <... futex resumed>) = 1 [pid 6349] memfd_create("syzkaller", 0 [pid 6348] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6349] <... memfd_create resumed>) = 3 [pid 6349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6349] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6349] close(3) = 0 [pid 6349] mkdir("./file0", 0777) = 0 [ 110.346393][ T6349] loop0: detected capacity change from 0 to 32768 [ 110.361719][ T6349] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6349) [ 110.378515][ T6349] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 110.387811][ T6349] BTRFS info (device loop0): force clearing of disk cache [ 110.395065][ T6349] BTRFS info (device loop0): setting nodatasum [ 110.401223][ T6349] BTRFS info (device loop0): allowing degraded mounts [ 110.408239][ T6349] BTRFS info (device loop0): enabling disk space caching [ 110.415404][ T6349] BTRFS info (device loop0): disk space caching is enabled [ 110.434957][ T6349] BTRFS info (device loop0): enabling ssd optimizations [pid 6349] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6349] chdir("./file0") = 0 [pid 6349] ioctl(4, LOOP_CLR_FD) = 0 [pid 6349] close(4) = 0 [pid 6349] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 110.441983][ T6349] BTRFS info (device loop0): auto enabling async discard [ 110.450487][ T6349] BTRFS info (device loop0): rebuilding free space tree [ 110.461224][ T6349] BTRFS info (device loop0): disabling free space tree [ 110.468222][ T6349] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 110.478043][ T6349] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 110.490607][ T6349] BTRFS info (device loop0): checking UUID tree [pid 6349] open("./file0", O_RDONLY) = 4 [pid 6349] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6349] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] <... futex resumed>) = 0 [pid 6349] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6349] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = 0 [pid 6349] <... futex resumed>) = 1 [pid 6349] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6348] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6348] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6348] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6367]}, 88) = 6367 ./strace-static-x86_64: Process 6367 attached [pid 6348] rt_sigprocmask(SIG_SETMASK, [], [pid 6367] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6367] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6367] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6348] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6348] <... futex resumed>) = 0 [pid 6367] open(".", O_RDONLY) = 5 [pid 6348] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6367] <... futex resumed>) = 0 [pid 6367] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6367] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6348] <... futex resumed>) = 0 [ 110.558975][ T6349] BTRFS info (device loop0): balance: start -d -m [ 110.569710][ T6349] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 110.595742][ T6349] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6348] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] <... ioctl resumed>) = 0 [pid 6367] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6348] <... futex resumed>) = 0 [ 110.658159][ T6349] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 110.689874][ T6349] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6367] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6349] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6349] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] exit_group(0 [pid 6367] <... futex resumed>) = ? [pid 6349] <... futex resumed>) = ? [pid 6348] <... exit_group resumed>) = ? [pid 6367] +++ exited with 0 +++ [pid 6349] +++ exited with 0 +++ [pid 6348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6348, si_uid=0, si_status=0, si_utime=0, si_stime=35 /* 0.35 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 110.708874][ T6349] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6368 attached [pid 6368] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6368] chdir("./65") = 0 [pid 6368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6368 [pid 6368] setpgid(0, 0) = 0 [pid 6368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6368] write(3, "1000", 4) = 4 [pid 6368] close(3) = 0 [pid 6368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6368] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6368] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6369 attached => {parent_tid=[6369]}, 88) = 6369 [pid 6369] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6369] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6369] rt_sigprocmask(SIG_SETMASK, [], [pid 6368] rt_sigprocmask(SIG_SETMASK, [], [pid 6369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6368] <... futex resumed>) = 0 [pid 6369] memfd_create("syzkaller", 0 [pid 6368] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6369] <... memfd_create resumed>) = 3 [pid 6369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6369] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6369] close(3) = 0 [pid 6369] mkdir("./file0", 0777) = 0 [ 111.261358][ T6369] loop0: detected capacity change from 0 to 32768 [ 111.276298][ T6369] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6369) [ 111.291334][ T6369] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 111.300692][ T6369] BTRFS info (device loop0): force clearing of disk cache [pid 6369] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6369] chdir("./file0") = 0 [pid 6369] ioctl(4, LOOP_CLR_FD) = 0 [ 111.307918][ T6369] BTRFS info (device loop0): setting nodatasum [ 111.314145][ T6369] BTRFS info (device loop0): allowing degraded mounts [ 111.320929][ T6369] BTRFS info (device loop0): enabling disk space caching [pid 6369] close(4) = 0 [pid 6369] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6369] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6368] <... futex resumed>) = 0 [pid 6369] open("./file0", O_RDONLY [pid 6368] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... open resumed>) = 4 [pid 6369] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6369] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6368] <... futex resumed>) = 0 [pid 6369] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6368] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... ioctl resumed>) = 0 [pid 6369] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6369] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6368] <... futex resumed>) = 0 [pid 6369] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6368] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6368] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6368] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6387 attached => {parent_tid=[6387]}, 88) = 6387 [pid 6368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6368] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6387] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6387] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6387] open(".", O_RDONLY) = 5 [pid 6387] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6387] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6368] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6387] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 6369] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6387] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6387] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6369] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] exit_group(0 [pid 6387] <... futex resumed>) = ? [pid 6369] <... futex resumed>) = ? [pid 6368] <... exit_group resumed>) = ? [pid 6387] +++ exited with 0 +++ [pid 6369] +++ exited with 0 +++ [pid 6368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6368, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6388 attached , child_tidptr=0x5555570ad690) = 6388 [pid 6388] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6388] chdir("./66") = 0 [pid 6388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6388] setpgid(0, 0) = 0 [pid 6388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6388] write(3, "1000", 4) = 4 [pid 6388] close(3) = 0 [pid 6388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6388] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6388] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6388] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6389 attached [pid 6389] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6388] <... clone3 resumed> => {parent_tid=[6389]}, 88) = 6389 [pid 6389] <... rseq resumed>) = 0 [pid 6389] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6389] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6388] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] <... futex resumed>) = 0 [pid 6389] memfd_create("syzkaller", 0 [pid 6388] <... futex resumed>) = 1 [pid 6388] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6389] <... memfd_create resumed>) = 3 [pid 6389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6389] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6389] close(3) = 0 [pid 6389] mkdir("./file0", 0777) = 0 [pid 6389] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [ 111.926503][ T6389] loop0: detected capacity change from 0 to 32768 [ 111.951905][ T6389] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6389) [pid 6389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6389] chdir("./file0") = 0 [pid 6389] ioctl(4, LOOP_CLR_FD) = 0 [pid 6389] close(4) = 0 [pid 6389] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6388] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] open("./file0", O_RDONLY [pid 6388] <... futex resumed>) = 0 [pid 6389] <... open resumed>) = 4 [pid 6388] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6389] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6388] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6389] <... ioctl resumed>) = 0 [pid 6388] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = 0 [pid 6389] <... futex resumed>) = 1 [pid 6388] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6388] <... futex resumed>) = 0 [pid 6388] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6388] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6388] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6407 attached [pid 6407] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6388] <... clone3 resumed> => {parent_tid=[6407]}, 88) = 6407 [pid 6407] <... rseq resumed>) = 0 [pid 6407] set_robust_list(0x7f0bd5e089a0, 24 [pid 6388] rt_sigprocmask(SIG_SETMASK, [], [pid 6407] <... set_robust_list resumed>) = 0 [pid 6388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6407] rt_sigprocmask(SIG_SETMASK, [], [pid 6388] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6388] <... futex resumed>) = 0 [pid 6407] open(".", O_RDONLY [pid 6388] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] <... open resumed>) = 5 [pid 6407] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6407] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6388] <... futex resumed>) = 0 [pid 6407] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 112.061932][ T6389] _btrfs_printk: 27 callbacks suppressed [ 112.061947][ T6389] BTRFS info (device loop0): balance: start -d -m [ 112.077506][ T6389] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 112.098206][ T6389] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6388] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] <... ioctl resumed>) = 0 [pid 6407] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [ 112.163704][ T6389] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 112.196006][ T6389] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6407] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6389] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6389] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6389] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] exit_group(0 [pid 6407] <... futex resumed>) = ? [pid 6407] +++ exited with 0 +++ [pid 6389] <... futex resumed>) = ? [pid 6388] <... exit_group resumed>) = ? [pid 6389] +++ exited with 0 +++ [pid 6388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6388, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 112.217399][ T6389] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6408 attached , child_tidptr=0x5555570ad690) = 6408 [pid 6408] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6408] chdir("./67") = 0 [pid 6408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6408] setpgid(0, 0) = 0 [pid 6408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6408] write(3, "1000", 4) = 4 [pid 6408] close(3) = 0 [pid 6408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6408] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6408] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6409 attached => {parent_tid=[6409]}, 88) = 6409 [pid 6409] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], [pid 6409] set_robust_list(0x7f0bd5e299a0, 24 [pid 6408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6409] <... set_robust_list resumed>) = 0 [pid 6409] rt_sigprocmask(SIG_SETMASK, [], [pid 6408] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6409] memfd_create("syzkaller", 0) = 3 [pid 6409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6409] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6409] close(3) = 0 [pid 6409] mkdir("./file0", 0777) = 0 [ 112.776380][ T6409] loop0: detected capacity change from 0 to 32768 [ 112.790175][ T6409] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6409) [ 112.807871][ T6409] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 112.817156][ T6409] BTRFS info (device loop0): force clearing of disk cache [ 112.824304][ T6409] BTRFS info (device loop0): setting nodatasum [ 112.830469][ T6409] BTRFS info (device loop0): allowing degraded mounts [ 112.837359][ T6409] BTRFS info (device loop0): enabling disk space caching [ 112.844406][ T6409] BTRFS info (device loop0): disk space caching is enabled [ 112.863186][ T6409] BTRFS info (device loop0): enabling ssd optimizations [pid 6409] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6409] chdir("./file0") = 0 [pid 6409] ioctl(4, LOOP_CLR_FD) = 0 [pid 6409] close(4) = 0 [pid 6409] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [ 112.870232][ T6409] BTRFS info (device loop0): auto enabling async discard [ 112.878398][ T6409] BTRFS info (device loop0): rebuilding free space tree [ 112.889169][ T6409] BTRFS info (device loop0): disabling free space tree [ 112.896527][ T6409] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 112.906189][ T6409] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 112.918832][ T6409] BTRFS info (device loop0): checking UUID tree [pid 6408] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] open("./file0", O_RDONLY) = 4 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6409] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6408] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... ioctl resumed>) = 0 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6409] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6408] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6408] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6408] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 112.974977][ T6409] BTRFS info (device loop0): balance: start -d -m [ 112.982833][ T6409] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 113.003722][ T6409] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6427]}, 88) = 6427 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6408] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6427 attached [pid 6427] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6427] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6427] open(".", O_RDONLY) = 5 [pid 6427] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6427] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6408] <... futex resumed>) = 0 [pid 6427] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 113.050784][ T6409] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6408] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] <... ioctl resumed>) = 0 [pid 6427] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6427] <... futex resumed>) = 1 [pid 6427] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6409] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] exit_group(0) = ? [pid 6427] <... futex resumed>) = ? [pid 6409] <... futex resumed>) = ? [pid 6427] +++ exited with 0 +++ [pid 6409] +++ exited with 0 +++ [pid 6408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6408, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 113.119058][ T6409] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 113.136654][ T6409] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6428 attached , child_tidptr=0x5555570ad690) = 6428 [pid 6428] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6428] chdir("./68") = 0 [pid 6428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6428] setpgid(0, 0) = 0 [pid 6428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6428] write(3, "1000", 4) = 4 [pid 6428] close(3) = 0 [pid 6428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6428] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6428] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6429 attached [pid 6429] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6428] <... clone3 resumed> => {parent_tid=[6429]}, 88) = 6429 [pid 6429] set_robust_list(0x7f0bd5e299a0, 24 [pid 6428] rt_sigprocmask(SIG_SETMASK, [], [pid 6429] <... set_robust_list resumed>) = 0 [pid 6429] rt_sigprocmask(SIG_SETMASK, [], [pid 6428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6428] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] memfd_create("syzkaller", 0 [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6429] <... memfd_create resumed>) = 3 [pid 6429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6429] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6429] close(3) = 0 [pid 6429] mkdir("./file0", 0777) = 0 [ 113.647302][ T6429] loop0: detected capacity change from 0 to 32768 [ 113.670867][ T6429] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6429) [ 113.686502][ T6429] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 113.695813][ T6429] BTRFS info (device loop0): force clearing of disk cache [ 113.702954][ T6429] BTRFS info (device loop0): setting nodatasum [ 113.709193][ T6429] BTRFS info (device loop0): allowing degraded mounts [ 113.716015][ T6429] BTRFS info (device loop0): enabling disk space caching [ 113.723052][ T6429] BTRFS info (device loop0): disk space caching is enabled [ 113.742746][ T6429] BTRFS info (device loop0): enabling ssd optimizations [ 113.749829][ T6429] BTRFS info (device loop0): auto enabling async discard [ 113.758234][ T6429] BTRFS info (device loop0): rebuilding free space tree [ 113.769477][ T6429] BTRFS info (device loop0): disabling free space tree [ 113.776523][ T6429] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 113.786201][ T6429] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6429] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6429] chdir("./file0") = 0 [pid 6429] ioctl(4, LOOP_CLR_FD) = 0 [pid 6429] close(4) = 0 [pid 6429] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6429] open("./file0", O_RDONLY) = 4 [ 113.798776][ T6429] BTRFS info (device loop0): checking UUID tree [pid 6429] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] <... futex resumed>) = 0 [pid 6428] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6429] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6428] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6428] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6428] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6447]}, 88) = 6447 [pid 6428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6447 attached [pid 6428] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6447] set_robust_list(0x7f0bd5e089a0, 24 [pid 6428] <... futex resumed>) = 0 [pid 6447] <... set_robust_list resumed>) = 0 [pid 6447] rt_sigprocmask(SIG_SETMASK, [], [pid 6428] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6447] open(".", O_RDONLY) = 5 [pid 6447] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6447] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6447] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6428] <... futex resumed>) = 0 [ 113.890021][ T6429] BTRFS info (device loop0): balance: start -d -m [ 113.899222][ T6429] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 113.925884][ T6429] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6428] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... ioctl resumed>) = 0 [pid 6447] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [ 113.973026][ T6429] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 114.000828][ T6429] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6447] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6429] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6429] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] exit_group(0 [pid 6447] <... futex resumed>) = ? [pid 6429] <... futex resumed>) = ? [pid 6428] <... exit_group resumed>) = ? [pid 6429] +++ exited with 0 +++ [pid 6447] +++ exited with 0 +++ [pid 6428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6428, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 114.017885][ T6429] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6448 attached , child_tidptr=0x5555570ad690) = 6448 [pid 6448] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6448] chdir("./69") = 0 [pid 6448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6448] setpgid(0, 0) = 0 [pid 6448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6448] write(3, "1000", 4) = 4 [pid 6448] close(3) = 0 [pid 6448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6448] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6448] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6449 attached [pid 6449] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6448] <... clone3 resumed> => {parent_tid=[6449]}, 88) = 6449 [pid 6449] <... rseq resumed>) = 0 [pid 6449] set_robust_list(0x7f0bd5e299a0, 24 [pid 6448] rt_sigprocmask(SIG_SETMASK, [], [pid 6449] <... set_robust_list resumed>) = 0 [pid 6448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6449] rt_sigprocmask(SIG_SETMASK, [], [pid 6448] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6448] <... futex resumed>) = 0 [pid 6449] memfd_create("syzkaller", 0 [pid 6448] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6449] <... memfd_create resumed>) = 3 [pid 6449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6449] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6449] close(3) = 0 [pid 6449] mkdir("./file0", 0777) = 0 [ 114.509728][ T6449] loop0: detected capacity change from 0 to 32768 [ 114.528120][ T6449] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6449) [ 114.543121][ T6449] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 114.552509][ T6449] BTRFS info (device loop0): force clearing of disk cache [ 114.559924][ T6449] BTRFS info (device loop0): setting nodatasum [ 114.566204][ T6449] BTRFS info (device loop0): allowing degraded mounts [ 114.572979][ T6449] BTRFS info (device loop0): enabling disk space caching [ 114.580061][ T6449] BTRFS info (device loop0): disk space caching is enabled [ 114.599025][ T6449] BTRFS info (device loop0): enabling ssd optimizations [ 114.606053][ T6449] BTRFS info (device loop0): auto enabling async discard [ 114.614021][ T6449] BTRFS info (device loop0): rebuilding free space tree [ 114.624851][ T6449] BTRFS info (device loop0): disabling free space tree [ 114.631779][ T6449] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 114.641494][ T6449] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6449] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6449] chdir("./file0") = 0 [pid 6449] ioctl(4, LOOP_CLR_FD) = 0 [pid 6449] close(4) = 0 [pid 6449] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6449] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6448] <... futex resumed>) = 0 [pid 6448] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6449] <... futex resumed>) = 0 [pid 6448] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6449] open("./file0", O_RDONLY) = 4 [ 114.654470][ T6449] BTRFS info (device loop0): checking UUID tree [pid 6449] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6448] <... futex resumed>) = 0 [pid 6448] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6448] <... futex resumed>) = 0 [pid 6449] <... ioctl resumed>) = 0 [pid 6448] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6449] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6448] <... futex resumed>) = 0 [pid 6449] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6448] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6448] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6448] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 114.712288][ T6449] BTRFS info (device loop0): balance: start -d -m [ 114.720723][ T6449] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 114.747288][ T6449] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6467 attached [pid 6467] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6467] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6448] <... clone3 resumed> => {parent_tid=[6467]}, 88) = 6467 [pid 6467] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6448] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6467] <... futex resumed>) = 0 [pid 6448] <... futex resumed>) = 1 [pid 6467] open(".", O_RDONLY) = 5 [pid 6448] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6467] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6467] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6448] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6467] <... futex resumed>) = 0 [pid 6448] <... futex resumed>) = 1 [pid 6467] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6448] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6467] <... ioctl resumed>) = 0 [pid 6467] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6448] <... futex resumed>) = 0 [ 114.800856][ T6449] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 114.840003][ T6449] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6467] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6449] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6449] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6449] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6448] exit_group(0 [pid 6467] <... futex resumed>) = ? [pid 6449] <... futex resumed>) = ? [pid 6467] +++ exited with 0 +++ [pid 6449] +++ exited with 0 +++ [pid 6448] <... exit_group resumed>) = ? [pid 6448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6448, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 114.859559][ T6449] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6468 attached , child_tidptr=0x5555570ad690) = 6468 [pid 6468] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6468] chdir("./70") = 0 [pid 6468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6468] setpgid(0, 0) = 0 [pid 6468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6468] write(3, "1000", 4) = 4 [pid 6468] close(3) = 0 [pid 6468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6468] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6468] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6469 attached [pid 6469] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6468] <... clone3 resumed> => {parent_tid=[6469]}, 88) = 6469 [pid 6469] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6468] rt_sigprocmask(SIG_SETMASK, [], [pid 6469] rt_sigprocmask(SIG_SETMASK, [], [pid 6468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6468] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] memfd_create("syzkaller", 0 [pid 6468] <... futex resumed>) = 0 [pid 6468] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6469] <... memfd_create resumed>) = 3 [pid 6469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6469] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6469] close(3) = 0 [pid 6469] mkdir("./file0", 0777) = 0 [ 115.412195][ T6469] loop0: detected capacity change from 0 to 32768 [ 115.430233][ T6469] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6469) [ 115.446856][ T6469] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 115.457247][ T6469] BTRFS info (device loop0): force clearing of disk cache [ 115.464930][ T6469] BTRFS info (device loop0): setting nodatasum [ 115.471541][ T6469] BTRFS info (device loop0): allowing degraded mounts [ 115.478907][ T6469] BTRFS info (device loop0): enabling disk space caching [ 115.486426][ T6469] BTRFS info (device loop0): disk space caching is enabled [ 115.508183][ T6469] BTRFS info (device loop0): enabling ssd optimizations [ 115.515214][ T6469] BTRFS info (device loop0): auto enabling async discard [ 115.522860][ T6469] BTRFS info (device loop0): rebuilding free space tree [ 115.535402][ T6469] BTRFS info (device loop0): disabling free space tree [ 115.542351][ T6469] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 115.552086][ T6469] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6469] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6469] chdir("./file0") = 0 [pid 6469] ioctl(4, LOOP_CLR_FD) = 0 [pid 6469] close(4) = 0 [pid 6469] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6469] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6468] <... futex resumed>) = 0 [pid 6469] open("./file0", O_RDONLY) = 4 [pid 6469] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6468] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6468] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = 0 [pid 6468] <... futex resumed>) = 0 [pid 6468] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6469] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6469] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6468] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 115.565459][ T6469] BTRFS info (device loop0): checking UUID tree [pid 6468] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6468] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6468] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6487 attached [pid 6487] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6468] <... clone3 resumed> => {parent_tid=[6487]}, 88) = 6487 [pid 6487] <... rseq resumed>) = 0 [pid 6468] rt_sigprocmask(SIG_SETMASK, [], [pid 6487] set_robust_list(0x7f0bd5e089a0, 24 [pid 6468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6487] <... set_robust_list resumed>) = 0 [pid 6468] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] rt_sigprocmask(SIG_SETMASK, [], [pid 6468] <... futex resumed>) = 0 [pid 6487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6468] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6487] open(".", O_RDONLY) = 5 [pid 6487] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [ 115.614997][ T6469] BTRFS info (device loop0): balance: start -d -m [ 115.622855][ T6469] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 115.645038][ T6469] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6487] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6468] <... futex resumed>) = 0 [pid 6487] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6468] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6487] <... ioctl resumed>) = 0 [pid 6487] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [ 115.691091][ T6469] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6487] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6469] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6469] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6469] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] exit_group(0 [pid 6487] <... futex resumed>) = ? [pid 6469] <... futex resumed>) = ? [pid 6468] <... exit_group resumed>) = ? [pid 6487] +++ exited with 0 +++ [pid 6469] +++ exited with 0 +++ [pid 6468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6468, si_uid=0, si_status=0, si_utime=0, si_stime=39 /* 0.39 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 115.748351][ T6469] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 115.773944][ T6469] BTRFS info (device loop0): balance: ended with status: 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6488 attached , child_tidptr=0x5555570ad690) = 6488 [pid 6488] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6488] chdir("./71") = 0 [pid 6488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6488] setpgid(0, 0) = 0 [pid 6488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6488] write(3, "1000", 4) = 4 [pid 6488] close(3) = 0 [pid 6488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6488] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6488] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6489 attached => {parent_tid=[6489]}, 88) = 6489 [pid 6489] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6488] rt_sigprocmask(SIG_SETMASK, [], [pid 6489] set_robust_list(0x7f0bd5e299a0, 24 [pid 6488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6489] <... set_robust_list resumed>) = 0 [pid 6488] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6489] rt_sigprocmask(SIG_SETMASK, [], [pid 6488] <... futex resumed>) = 0 [pid 6489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6489] memfd_create("syzkaller", 0 [pid 6488] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6489] <... memfd_create resumed>) = 3 [pid 6489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6489] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6489] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6489] close(3) = 0 [pid 6489] mkdir("./file0", 0777) = 0 [ 116.291534][ T6489] loop0: detected capacity change from 0 to 32768 [ 116.301106][ T6489] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6489) [ 116.319774][ T6489] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 116.329080][ T6489] BTRFS info (device loop0): force clearing of disk cache [ 116.336263][ T6489] BTRFS info (device loop0): setting nodatasum [ 116.342483][ T6489] BTRFS info (device loop0): allowing degraded mounts [ 116.349359][ T6489] BTRFS info (device loop0): enabling disk space caching [ 116.356493][ T6489] BTRFS info (device loop0): disk space caching is enabled [ 116.376543][ T6489] BTRFS info (device loop0): enabling ssd optimizations [ 116.383578][ T6489] BTRFS info (device loop0): auto enabling async discard [pid 6489] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6489] chdir("./file0") = 0 [pid 6489] ioctl(4, LOOP_CLR_FD) = 0 [pid 6489] close(4) = 0 [pid 6489] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6488] <... futex resumed>) = 0 [pid 6488] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6489] open("./file0", O_RDONLY [pid 6488] <... futex resumed>) = 0 [pid 6489] <... open resumed>) = 4 [pid 6488] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6489] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6488] <... futex resumed>) = 0 [pid 6488] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6489] <... futex resumed>) = 1 [ 116.391621][ T6489] BTRFS info (device loop0): rebuilding free space tree [ 116.402459][ T6489] BTRFS info (device loop0): disabling free space tree [ 116.409536][ T6489] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 116.419221][ T6489] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 116.432331][ T6489] BTRFS info (device loop0): checking UUID tree [pid 6489] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6489] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6488] <... futex resumed>) = 0 [pid 6488] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6489] <... futex resumed>) = 0 [pid 6488] <... futex resumed>) = 1 [pid 6489] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6488] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6488] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6488] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6507]}, 88) = 6507 [pid 6488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6488] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6507 attached [pid 6507] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6507] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6507] open(".", O_RDONLY) = 5 [pid 6507] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6488] <... futex resumed>) = 0 [pid 6507] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6488] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6488] <... futex resumed>) = 0 [pid 6507] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 116.479048][ T6489] BTRFS info (device loop0): balance: start -d -m [ 116.488031][ T6489] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 116.513119][ T6489] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6488] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6507] <... ioctl resumed>) = 0 [pid 6507] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6507] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6488] <... futex resumed>) = 0 [pid 6489] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6489] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6488] exit_group(0 [pid 6507] <... futex resumed>) = ? [pid 6507] +++ exited with 0 +++ [pid 6489] <... futex resumed>) = ? [pid 6488] <... exit_group resumed>) = ? [pid 6489] +++ exited with 0 +++ [pid 6488] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6488, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 116.599041][ T6489] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 116.624822][ T6489] BTRFS info (device loop0): found 1 extents, stage: update data pointers umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6508 attached [pid 6508] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6508] chdir("./72") = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6508 [pid 6508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6508] setpgid(0, 0) = 0 [pid 6508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6508] write(3, "1000", 4) = 4 [pid 6508] close(3) = 0 [pid 6508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6508] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6508] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6509 attached [pid 6509] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6508] <... clone3 resumed> => {parent_tid=[6509]}, 88) = 6509 [pid 6509] set_robust_list(0x7f0bd5e299a0, 24 [pid 6508] rt_sigprocmask(SIG_SETMASK, [], [pid 6509] <... set_robust_list resumed>) = 0 [pid 6508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6509] rt_sigprocmask(SIG_SETMASK, [], [pid 6508] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6508] <... futex resumed>) = 0 [pid 6509] memfd_create("syzkaller", 0 [pid 6508] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6509] <... memfd_create resumed>) = 3 [pid 6509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6509] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6509] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6509] close(3) = 0 [pid 6509] mkdir("./file0", 0777) = 0 [ 117.198373][ T6509] loop0: detected capacity change from 0 to 32768 [ 117.207831][ T6509] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6509) [ 117.223547][ T6509] _btrfs_printk: 1 callbacks suppressed [ 117.223561][ T6509] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 117.238496][ T6509] BTRFS info (device loop0): force clearing of disk cache [ 117.245699][ T6509] BTRFS info (device loop0): setting nodatasum [ 117.251877][ T6509] BTRFS info (device loop0): allowing degraded mounts [ 117.258692][ T6509] BTRFS info (device loop0): enabling disk space caching [ 117.265772][ T6509] BTRFS info (device loop0): disk space caching is enabled [ 117.285022][ T6509] BTRFS info (device loop0): enabling ssd optimizations [ 117.291989][ T6509] BTRFS info (device loop0): auto enabling async discard [pid 6509] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6509] chdir("./file0") = 0 [pid 6509] ioctl(4, LOOP_CLR_FD) = 0 [pid 6509] close(4) = 0 [ 117.300348][ T6509] BTRFS info (device loop0): rebuilding free space tree [ 117.311453][ T6509] BTRFS info (device loop0): disabling free space tree [ 117.318407][ T6509] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 117.328077][ T6509] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 117.340804][ T6509] BTRFS info (device loop0): checking UUID tree [pid 6509] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6509] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6508] <... futex resumed>) = 0 [pid 6508] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6509] <... futex resumed>) = 0 [pid 6509] open("./file0", O_RDONLY) = 4 [pid 6508] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6509] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6509] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6508] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6508] <... futex resumed>) = 0 [pid 6509] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6508] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6509] <... ioctl resumed>) = 0 [pid 6509] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6508] <... futex resumed>) = 0 [pid 6508] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6509] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6508] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6508] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6508] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6527]}, 88) = 6527 ./strace-static-x86_64: Process 6527 attached [pid 6527] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6527] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6527] rt_sigprocmask(SIG_SETMASK, [], [pid 6508] rt_sigprocmask(SIG_SETMASK, [], [pid 6527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6527] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6508] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6527] <... futex resumed>) = 0 [pid 6508] <... futex resumed>) = 1 [pid 6527] open(".", O_RDONLY) = 5 [pid 6508] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6527] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6527] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6508] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6508] <... futex resumed>) = 0 [pid 6527] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 117.408827][ T6509] BTRFS info (device loop0): balance: start -d -m [ 117.418876][ T6509] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 117.445087][ T6509] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6508] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6527] <... ioctl resumed>) = 0 [pid 6527] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6508] <... futex resumed>) = 0 [pid 6527] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6509] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6509] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6508] exit_group(0 [pid 6527] <... futex resumed>) = ? [pid 6508] <... exit_group resumed>) = ? [pid 6509] <... futex resumed>) = ? [pid 6527] +++ exited with 0 +++ [pid 6509] +++ exited with 0 +++ [pid 6508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6508, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 117.523159][ T6509] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 117.545116][ T6509] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 117.562845][ T6509] BTRFS info (device loop0): balance: ended with status: 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6528 attached , child_tidptr=0x5555570ad690) = 6528 [pid 6528] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6528] chdir("./73") = 0 [pid 6528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6528] setpgid(0, 0) = 0 [pid 6528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6528] write(3, "1000", 4) = 4 [pid 6528] close(3) = 0 [pid 6528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6528] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6528] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6528] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6529 attached [pid 6529] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6528] <... clone3 resumed> => {parent_tid=[6529]}, 88) = 6529 [pid 6529] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6528] rt_sigprocmask(SIG_SETMASK, [], [pid 6529] rt_sigprocmask(SIG_SETMASK, [], [pid 6528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6528] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] memfd_create("syzkaller", 0 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6529] <... memfd_create resumed>) = 3 [pid 6529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6529] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6529] close(3) = 0 [pid 6529] mkdir("./file0", 0777) = 0 [ 118.120701][ T6529] loop0: detected capacity change from 0 to 32768 [ 118.130309][ T6529] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6529) [ 118.146263][ T6529] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 118.155543][ T6529] BTRFS info (device loop0): force clearing of disk cache [ 118.162646][ T6529] BTRFS info (device loop0): setting nodatasum [ 118.168836][ T6529] BTRFS info (device loop0): allowing degraded mounts [ 118.175634][ T6529] BTRFS info (device loop0): enabling disk space caching [ 118.182647][ T6529] BTRFS info (device loop0): disk space caching is enabled [ 118.201985][ T6529] BTRFS info (device loop0): enabling ssd optimizations [ 118.209355][ T6529] BTRFS info (device loop0): auto enabling async discard [pid 6529] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6529] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6529] chdir("./file0") = 0 [pid 6529] ioctl(4, LOOP_CLR_FD) = 0 [pid 6529] close(4) = 0 [pid 6529] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] open("./file0", O_RDONLY [pid 6528] <... futex resumed>) = 0 [ 118.217503][ T6529] BTRFS info (device loop0): rebuilding free space tree [ 118.228471][ T6529] BTRFS info (device loop0): disabling free space tree [ 118.235579][ T6529] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 118.245264][ T6529] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 118.257830][ T6529] BTRFS info (device loop0): checking UUID tree [pid 6529] <... open resumed>) = 4 [pid 6528] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] <... ioctl resumed>) = 0 [pid 6529] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6529] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6528] <... futex resumed>) = 0 [pid 6528] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6528] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6528] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6547]}, 88) = 6547 [pid 6528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6528] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6547 attached [pid 6547] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6547] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6528] <... futex resumed>) = 0 [pid 6547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6528] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] open(".", O_RDONLY) = 5 [pid 6547] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6528] <... futex resumed>) = 0 [pid 6547] <... futex resumed>) = 1 [pid 6547] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6528] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6528] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 118.338962][ T6529] BTRFS info (device loop0): balance: start -d -m [ 118.348882][ T6529] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 118.371146][ T6529] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6547] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 6547] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6547] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6529] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6529] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6528] exit_group(0 [pid 6547] <... futex resumed>) = ? [pid 6529] <... futex resumed>) = ? [pid 6528] <... exit_group resumed>) = ? [pid 6547] +++ exited with 0 +++ [pid 6529] +++ exited with 0 +++ [pid 6528] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6528, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 118.436677][ T6529] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 118.457601][ T6529] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 118.475695][ T6529] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6548 attached [pid 6548] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6548] chdir("./74") = 0 [pid 6548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6548 [pid 6548] setpgid(0, 0) = 0 [pid 6548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6548] write(3, "1000", 4) = 4 [pid 6548] close(3) = 0 [pid 6548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6548] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6548] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6549 attached [pid 6549] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6548] <... clone3 resumed> => {parent_tid=[6549]}, 88) = 6549 [pid 6549] <... rseq resumed>) = 0 [pid 6549] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6548] rt_sigprocmask(SIG_SETMASK, [], [pid 6549] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6548] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6548] <... futex resumed>) = 1 [pid 6549] memfd_create("syzkaller", 0 [pid 6548] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6549] <... memfd_create resumed>) = 3 [pid 6549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6549] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6549] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6549] close(3) = 0 [pid 6549] mkdir("./file0", 0777) = 0 [ 118.981896][ T6549] loop0: detected capacity change from 0 to 32768 [ 118.997457][ T6549] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6549) [ 119.014006][ T6549] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.023244][ T6549] BTRFS info (device loop0): force clearing of disk cache [ 119.030427][ T6549] BTRFS info (device loop0): setting nodatasum [ 119.036715][ T6549] BTRFS info (device loop0): allowing degraded mounts [ 119.043474][ T6549] BTRFS info (device loop0): enabling disk space caching [ 119.050611][ T6549] BTRFS info (device loop0): disk space caching is enabled [ 119.070463][ T6549] BTRFS info (device loop0): enabling ssd optimizations [ 119.077596][ T6549] BTRFS info (device loop0): auto enabling async discard [ 119.085582][ T6549] BTRFS info (device loop0): rebuilding free space tree [ 119.096596][ T6549] BTRFS info (device loop0): disabling free space tree [ 119.103514][ T6549] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 119.113276][ T6549] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 119.126406][ T6549] BTRFS info (device loop0): checking UUID tree [pid 6549] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6549] chdir("./file0") = 0 [pid 6549] ioctl(4, LOOP_CLR_FD) = 0 [pid 6549] close(4) = 0 [pid 6549] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6548] <... futex resumed>) = 0 [pid 6549] open("./file0", O_RDONLY [pid 6548] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6549] <... open resumed>) = 4 [pid 6549] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6549] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6548] <... futex resumed>) = 0 [pid 6548] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... futex resumed>) = 0 [pid 6548] <... futex resumed>) = 1 [pid 6549] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6548] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6549] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6548] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6548] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6548] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6549] <... futex resumed>) = 0 [pid 6549] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6548] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6548] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 119.236934][ T6549] BTRFS info (device loop0): balance: start -d -m [ 119.246982][ T6549] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 119.268318][ T6549] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6548] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6567 attached => {parent_tid=[6567]}, 88) = 6567 [pid 6548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6548] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6567] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6548] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6567] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6567] open(".", O_RDONLY) = 5 [pid 6567] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6548] <... futex resumed>) = 0 [pid 6548] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6567] <... futex resumed>) = 1 [pid 6548] <... futex resumed>) = 0 [pid 6567] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6548] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6567] <... ioctl resumed>) = 0 [pid 6567] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 119.297283][ T6549] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 119.320553][ T6549] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6567] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6548] <... futex resumed>) = 0 [pid 6549] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6549] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6548] exit_group(0 [pid 6567] <... futex resumed>) = ? [pid 6549] <... futex resumed>) = ? [pid 6548] <... exit_group resumed>) = ? [pid 6567] +++ exited with 0 +++ [pid 6549] +++ exited with 0 +++ [pid 6548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6548, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 119.347294][ T6549] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6568 attached , child_tidptr=0x5555570ad690) = 6568 [pid 6568] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6568] chdir("./75") = 0 [pid 6568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6568] setpgid(0, 0) = 0 [pid 6568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6568] write(3, "1000", 4) = 4 [pid 6568] close(3) = 0 [pid 6568] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6568] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6568] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6568] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6569 attached [pid 6569] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6569] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6568] <... clone3 resumed> => {parent_tid=[6569]}, 88) = 6569 [pid 6569] rt_sigprocmask(SIG_SETMASK, [], [pid 6568] rt_sigprocmask(SIG_SETMASK, [], [pid 6569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6568] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6569] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6568] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6569] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6568] <... futex resumed>) = 0 [pid 6569] memfd_create("syzkaller", 0 [pid 6568] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6569] <... memfd_create resumed>) = 3 [pid 6569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6569] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6569] close(3) = 0 [pid 6569] mkdir("./file0", 0777) = 0 [ 119.914708][ T6569] loop0: detected capacity change from 0 to 32768 [ 119.924972][ T6569] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6569) [ 119.939935][ T6569] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.949250][ T6569] BTRFS info (device loop0): force clearing of disk cache [ 119.956418][ T6569] BTRFS info (device loop0): setting nodatasum [ 119.962573][ T6569] BTRFS info (device loop0): allowing degraded mounts [ 119.969389][ T6569] BTRFS info (device loop0): enabling disk space caching [ 119.976486][ T6569] BTRFS info (device loop0): disk space caching is enabled [ 119.995125][ T6569] BTRFS info (device loop0): enabling ssd optimizations [ 120.002096][ T6569] BTRFS info (device loop0): auto enabling async discard [pid 6569] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6569] chdir("./file0") = 0 [pid 6569] ioctl(4, LOOP_CLR_FD) = 0 [pid 6569] close(4) = 0 [pid 6569] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6569] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6568] <... futex resumed>) = 0 [pid 6568] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6569] <... futex resumed>) = 0 [pid 6568] <... futex resumed>) = 1 [pid 6569] open("./file0", O_RDONLY [pid 6568] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6569] <... open resumed>) = 4 [pid 6569] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6568] <... futex resumed>) = 0 [pid 6568] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6568] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6569] <... ioctl resumed>) = 0 [pid 6569] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6568] <... futex resumed>) = 0 [pid 6568] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6569] <... futex resumed>) = 1 [pid 6568] <... futex resumed>) = 0 [pid 6569] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 120.010749][ T6569] BTRFS info (device loop0): rebuilding free space tree [ 120.021493][ T6569] BTRFS info (device loop0): disabling free space tree [ 120.028825][ T6569] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 120.038599][ T6569] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 120.051421][ T6569] BTRFS info (device loop0): checking UUID tree [pid 6568] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6568] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6568] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6587 attached [pid 6587] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6587] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6568] <... clone3 resumed> => {parent_tid=[6587]}, 88) = 6587 [pid 6587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6587] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6568] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6587] <... futex resumed>) = 0 [pid 6568] <... futex resumed>) = 1 [pid 6568] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6587] open(".", O_RDONLY) = 5 [ 120.086012][ T6569] BTRFS info (device loop0): balance: start -d -m [ 120.095008][ T6569] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 120.117191][ T6569] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6587] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6568] <... futex resumed>) = 0 [pid 6587] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6568] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6568] <... futex resumed>) = 0 [pid 6587] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6568] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6587] <... ioctl resumed>) = 0 [pid 6587] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6568] <... futex resumed>) = 0 [ 120.184435][ T6569] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 120.217745][ T6569] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6587] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6569] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6569] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6568] exit_group(0 [pid 6587] <... futex resumed>) = ? [pid 6587] +++ exited with 0 +++ [pid 6569] <... futex resumed>) = ? [pid 6568] <... exit_group resumed>) = ? [pid 6569] +++ exited with 0 +++ [pid 6568] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6568, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 120.238388][ T6569] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6588 attached , child_tidptr=0x5555570ad690) = 6588 [pid 6588] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6588] chdir("./76") = 0 [pid 6588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6588] setpgid(0, 0) = 0 [pid 6588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6588] write(3, "1000", 4) = 4 [pid 6588] close(3) = 0 [pid 6588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6588] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6588] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6589 attached [pid 6589] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6588] <... clone3 resumed> => {parent_tid=[6589]}, 88) = 6589 [pid 6589] set_robust_list(0x7f0bd5e299a0, 24 [pid 6588] rt_sigprocmask(SIG_SETMASK, [], [pid 6589] <... set_robust_list resumed>) = 0 [pid 6588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6589] rt_sigprocmask(SIG_SETMASK, [], [pid 6588] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6589] memfd_create("syzkaller", 0 [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6589] <... memfd_create resumed>) = 3 [pid 6589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6589] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6589] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6589] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6589] close(3) = 0 [pid 6589] mkdir("./file0", 0777) = 0 [ 120.810212][ T6589] loop0: detected capacity change from 0 to 32768 [ 120.825334][ T6589] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6589) [ 120.841109][ T6589] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 120.850416][ T6589] BTRFS info (device loop0): force clearing of disk cache [ 120.857563][ T6589] BTRFS info (device loop0): setting nodatasum [ 120.863707][ T6589] BTRFS info (device loop0): allowing degraded mounts [ 120.870547][ T6589] BTRFS info (device loop0): enabling disk space caching [ 120.877629][ T6589] BTRFS info (device loop0): disk space caching is enabled [ 120.897264][ T6589] BTRFS info (device loop0): enabling ssd optimizations [pid 6589] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6589] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6589] chdir("./file0") = 0 [pid 6589] ioctl(4, LOOP_CLR_FD) = 0 [pid 6589] close(4) = 0 [pid 6589] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6588] <... futex resumed>) = 0 [pid 6589] <... futex resumed>) = 1 [pid 6588] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] open("./file0", O_RDONLY [pid 6588] <... futex resumed>) = 0 [pid 6589] <... open resumed>) = 4 [pid 6588] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6588] <... futex resumed>) = 0 [pid 6589] <... ioctl resumed>) = 0 [pid 6588] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 120.904306][ T6589] BTRFS info (device loop0): auto enabling async discard [ 120.912370][ T6589] BTRFS info (device loop0): rebuilding free space tree [ 120.923039][ T6589] BTRFS info (device loop0): disabling free space tree [ 120.930094][ T6589] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 120.939898][ T6589] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 120.952540][ T6589] BTRFS info (device loop0): checking UUID tree [pid 6589] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6589] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6588] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6588] <... futex resumed>) = 0 [pid 6588] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6588] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6588] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6607]}, 88) = 6607 [pid 6588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6588] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6607 attached [pid 6607] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6607] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6607] open(".", O_RDONLY) = 5 [pid 6607] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6607] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6588] <... futex resumed>) = 0 [pid 6607] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 121.009678][ T6589] BTRFS info (device loop0): balance: start -d -m [ 121.019937][ T6589] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 121.046060][ T6589] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6588] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] <... ioctl resumed>) = 0 [pid 6607] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] <... futex resumed>) = 0 [pid 6607] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6589] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6589] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6589] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] exit_group(0 [pid 6607] <... futex resumed>) = ? [pid 6607] +++ exited with 0 +++ [pid 6589] <... futex resumed>) = ? [pid 6588] <... exit_group resumed>) = ? [pid 6589] +++ exited with 0 +++ [pid 6588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6588, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=33 /* 0.33 s */} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 121.116324][ T6589] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 121.137590][ T6589] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 121.155490][ T6589] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6608 attached , child_tidptr=0x5555570ad690) = 6608 [pid 6608] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6608] chdir("./77") = 0 [pid 6608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6608] setpgid(0, 0) = 0 [pid 6608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6608] write(3, "1000", 4) = 4 [pid 6608] close(3) = 0 [pid 6608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6608] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6608] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6608] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6608] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6609 attached [pid 6609] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6608] <... clone3 resumed> => {parent_tid=[6609]}, 88) = 6609 [pid 6609] set_robust_list(0x7f0bd5e299a0, 24 [pid 6608] rt_sigprocmask(SIG_SETMASK, [], [pid 6609] <... set_robust_list resumed>) = 0 [pid 6609] rt_sigprocmask(SIG_SETMASK, [], [pid 6608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6608] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] memfd_create("syzkaller", 0 [pid 6608] <... futex resumed>) = 0 [pid 6608] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6609] <... memfd_create resumed>) = 3 [pid 6609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6609] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6609] close(3) = 0 [pid 6609] mkdir("./file0", 0777) = 0 [ 121.654825][ T6609] loop0: detected capacity change from 0 to 32768 [ 121.666115][ T6609] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6609) [ 121.682365][ T6609] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 121.691730][ T6609] BTRFS info (device loop0): force clearing of disk cache [ 121.698905][ T6609] BTRFS info (device loop0): setting nodatasum [pid 6609] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 121.705140][ T6609] BTRFS info (device loop0): allowing degraded mounts [ 121.711933][ T6609] BTRFS info (device loop0): enabling disk space caching [pid 6609] chdir("./file0") = 0 [pid 6609] ioctl(4, LOOP_CLR_FD) = 0 [pid 6609] close(4) = 0 [pid 6609] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6608] <... futex resumed>) = 0 [pid 6609] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6608] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6609] open("./file0", O_RDONLY) = 4 [pid 6609] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6608] <... futex resumed>) = 1 [pid 6608] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6608] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... futex resumed>) = 0 [pid 6609] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6608] <... futex resumed>) = 1 [pid 6608] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6609] <... ioctl resumed>) = 0 [pid 6609] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6608] <... futex resumed>) = 0 [pid 6608] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6608] <... futex resumed>) = 0 [pid 6608] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6608] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6608] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6627]}, 88) = 6627 [pid 6608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6608] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6608] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6627 attached [pid 6627] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6627] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6627] open(".", O_RDONLY) = 5 [pid 6627] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6608] <... futex resumed>) = 0 [pid 6627] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6608] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6608] <... futex resumed>) = 0 [pid 6627] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6608] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6627] <... ioctl resumed>) = 0 [pid 6627] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6608] <... futex resumed>) = 0 [pid 6627] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6609] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6608] exit_group(0 [pid 6627] <... futex resumed>) = ? [pid 6609] <... futex resumed>) = ? [pid 6608] <... exit_group resumed>) = ? [pid 6627] +++ exited with 0 +++ [pid 6609] +++ exited with 0 +++ [pid 6608] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6608, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6628 attached , child_tidptr=0x5555570ad690) = 6628 [pid 6628] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6628] chdir("./78") = 0 [pid 6628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6628] setpgid(0, 0) = 0 [pid 6628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6628] write(3, "1000", 4) = 4 [pid 6628] close(3) = 0 [pid 6628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6628] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6628] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6628] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6629 attached => {parent_tid=[6629]}, 88) = 6629 [pid 6628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6629] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6628] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] <... rseq resumed>) = 0 [pid 6628] <... futex resumed>) = 0 [pid 6629] set_robust_list(0x7f0bd5e299a0, 24 [pid 6628] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6629] <... set_robust_list resumed>) = 0 [pid 6629] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6629] memfd_create("syzkaller", 0) = 3 [pid 6629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6629] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6629] close(3) = 0 [pid 6629] mkdir("./file0", 0777) = 0 [ 122.319787][ T6629] loop0: detected capacity change from 0 to 32768 [ 122.334479][ T6629] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6629) [ 122.349561][ T6629] _btrfs_printk: 14 callbacks suppressed [ 122.349575][ T6629] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 122.364546][ T6629] BTRFS info (device loop0): force clearing of disk cache [ 122.371647][ T6629] BTRFS info (device loop0): setting nodatasum [ 122.377842][ T6629] BTRFS info (device loop0): allowing degraded mounts [ 122.384661][ T6629] BTRFS info (device loop0): enabling disk space caching [ 122.391712][ T6629] BTRFS info (device loop0): disk space caching is enabled [ 122.410912][ T6629] BTRFS info (device loop0): enabling ssd optimizations [ 122.418041][ T6629] BTRFS info (device loop0): auto enabling async discard [ 122.426653][ T6629] BTRFS info (device loop0): rebuilding free space tree [ 122.437965][ T6629] BTRFS info (device loop0): disabling free space tree [ 122.444977][ T6629] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 122.454740][ T6629] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6629] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6629] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6629] chdir("./file0") = 0 [pid 6629] ioctl(4, LOOP_CLR_FD) = 0 [pid 6629] close(4) = 0 [pid 6629] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6628] <... futex resumed>) = 0 [ 122.467201][ T6629] BTRFS info (device loop0): checking UUID tree [pid 6629] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6628] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] <... futex resumed>) = 0 [pid 6629] open("./file0", O_RDONLY [pid 6628] <... futex resumed>) = 1 [pid 6629] <... open resumed>) = 4 [pid 6628] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6629] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6628] <... futex resumed>) = 0 [pid 6629] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6628] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6628] <... futex resumed>) = 0 [pid 6629] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6628] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6629] <... ioctl resumed>) = 0 [pid 6629] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6628] <... futex resumed>) = 0 [pid 6629] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6628] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6628] <... futex resumed>) = 0 [pid 6628] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6628] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6628] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6647]}, 88) = 6647 [pid 6628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6628] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6628] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6647 attached [pid 6647] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6647] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6647] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6647] open(".", O_RDONLY) = 5 [pid 6647] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6628] <... futex resumed>) = 0 [pid 6647] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6628] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6628] <... futex resumed>) = 0 [pid 6628] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 122.546582][ T6629] BTRFS info (device loop0): balance: start -d -m [ 122.555477][ T6629] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 122.581758][ T6629] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6647] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 6647] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6628] <... futex resumed>) = 0 [ 122.629996][ T6629] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 122.656147][ T6629] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6647] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6629] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6629] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] exit_group(0 [pid 6629] <... futex resumed>) = ? [pid 6628] <... exit_group resumed>) = ? [pid 6647] <... futex resumed>) = ? [pid 6629] +++ exited with 0 +++ [pid 6647] +++ exited with 0 +++ [pid 6628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6628, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 122.674253][ T6629] BTRFS info (device loop0): balance: ended with status: 0 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6648 attached [pid 6648] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6648] chdir("./79") = 0 [pid 6648] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6648 [pid 6648] <... prctl resumed>) = 0 [pid 6648] setpgid(0, 0) = 0 [pid 6648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6648] write(3, "1000", 4) = 4 [pid 6648] close(3) = 0 [pid 6648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6648] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6648] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6649 attached => {parent_tid=[6649]}, 88) = 6649 [pid 6649] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6649] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6648] rt_sigprocmask(SIG_SETMASK, [], [pid 6649] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6648] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = 0 [pid 6648] <... futex resumed>) = 1 [pid 6649] memfd_create("syzkaller", 0 [pid 6648] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6649] <... memfd_create resumed>) = 3 [pid 6649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6649] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6649] close(3) = 0 [pid 6649] mkdir("./file0", 0777) = 0 [ 123.230906][ T6649] loop0: detected capacity change from 0 to 32768 [ 123.241447][ T6649] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6649) [ 123.256083][ T6649] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 123.265407][ T6649] BTRFS info (device loop0): force clearing of disk cache [ 123.272532][ T6649] BTRFS info (device loop0): setting nodatasum [ 123.278775][ T6649] BTRFS info (device loop0): allowing degraded mounts [ 123.285585][ T6649] BTRFS info (device loop0): enabling disk space caching [ 123.292609][ T6649] BTRFS info (device loop0): disk space caching is enabled [ 123.322645][ T6649] BTRFS info (device loop0): enabling ssd optimizations [ 123.329693][ T6649] BTRFS info (device loop0): auto enabling async discard [ 123.337936][ T6649] BTRFS info (device loop0): rebuilding free space tree [ 123.348762][ T6649] BTRFS info (device loop0): disabling free space tree [ 123.355851][ T6649] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6649] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6649] chdir("./file0") = 0 [pid 6649] ioctl(4, LOOP_CLR_FD) = 0 [pid 6649] close(4) = 0 [pid 6649] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6649] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = 0 [pid 6648] <... futex resumed>) = 1 [pid 6649] open("./file0", O_RDONLY [pid 6648] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] <... open resumed>) = 4 [pid 6649] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6649] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6649] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6648] <... futex resumed>) = 0 [ 123.365549][ T6649] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 123.379052][ T6649] BTRFS info (device loop0): checking UUID tree [pid 6649] <... ioctl resumed>) = 0 [pid 6648] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6649] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = 0 [pid 6648] <... futex resumed>) = 1 [pid 6648] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6648] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6648] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6648] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6667]}, 88) = 6667 ./strace-static-x86_64: Process 6667 attached [pid 6648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6667] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6648] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6648] <... futex resumed>) = 0 [pid 6667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6648] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] open(".", O_RDONLY) = 5 [pid 6667] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6667] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6648] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6648] <... futex resumed>) = 0 [ 123.461276][ T6649] BTRFS info (device loop0): balance: start -d -m [ 123.470735][ T6649] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 123.501042][ T6649] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6648] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... ioctl resumed>) = 0 [pid 6667] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6667] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6649] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6649] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] exit_group(0 [pid 6667] <... futex resumed>) = ? [pid 6648] <... exit_group resumed>) = ? [pid 6667] +++ exited with 0 +++ [pid 6649] <... futex resumed>) = ? [pid 6649] +++ exited with 0 +++ [pid 6648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6648, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 123.558134][ T6649] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 123.578788][ T6649] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 123.596213][ T6649] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6668 attached [pid 6668] set_robust_list(0x5555570ad6a0, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6668 [pid 6668] <... set_robust_list resumed>) = 0 [pid 6668] chdir("./80") = 0 [pid 6668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6668] setpgid(0, 0) = 0 [pid 6668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6668] write(3, "1000", 4) = 4 [pid 6668] close(3) = 0 [pid 6668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6668] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6668] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6668] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6669 attached [pid 6669] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6668] <... clone3 resumed> => {parent_tid=[6669]}, 88) = 6669 [pid 6669] <... rseq resumed>) = 0 [pid 6668] rt_sigprocmask(SIG_SETMASK, [], [pid 6669] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6669] rt_sigprocmask(SIG_SETMASK, [], [pid 6668] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6669] memfd_create("syzkaller", 0 [pid 6668] <... futex resumed>) = 0 [pid 6668] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6669] <... memfd_create resumed>) = 3 [pid 6669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6669] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6669] close(3) = 0 [pid 6669] mkdir("./file0", 0777) = 0 [ 124.151116][ T6669] loop0: detected capacity change from 0 to 32768 [ 124.175969][ T6669] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6669) [ 124.191436][ T6669] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 124.201043][ T6669] BTRFS info (device loop0): force clearing of disk cache [ 124.208312][ T6669] BTRFS info (device loop0): setting nodatasum [ 124.214554][ T6669] BTRFS info (device loop0): allowing degraded mounts [ 124.221318][ T6669] BTRFS info (device loop0): enabling disk space caching [ 124.228465][ T6669] BTRFS info (device loop0): disk space caching is enabled [ 124.250914][ T6669] BTRFS info (device loop0): enabling ssd optimizations [ 124.258056][ T6669] BTRFS info (device loop0): auto enabling async discard [ 124.266090][ T6669] BTRFS info (device loop0): rebuilding free space tree [ 124.277505][ T6669] BTRFS info (device loop0): disabling free space tree [ 124.284479][ T6669] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6669] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6669] chdir("./file0") = 0 [pid 6669] ioctl(4, LOOP_CLR_FD) = 0 [pid 6669] close(4) = 0 [pid 6669] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6668] <... futex resumed>) = 0 [pid 6669] <... futex resumed>) = 1 [pid 6668] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] open("./file0", O_RDONLY [pid 6668] <... futex resumed>) = 0 [pid 6669] <... open resumed>) = 4 [pid 6668] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6669] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6668] <... futex resumed>) = 0 [pid 6669] <... futex resumed>) = 1 [pid 6668] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6668] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6669] <... ioctl resumed>) = 0 [pid 6669] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6668] <... futex resumed>) = 0 [pid 6669] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6668] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6669] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6668] <... futex resumed>) = 0 [ 124.294210][ T6669] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 124.307230][ T6669] BTRFS info (device loop0): checking UUID tree [pid 6668] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6668] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6668] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6687 attached => {parent_tid=[6687]}, 88) = 6687 [pid 6687] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6668] rt_sigprocmask(SIG_SETMASK, [], [pid 6687] <... rseq resumed>) = 0 [pid 6668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6687] set_robust_list(0x7f0bd5e089a0, 24 [pid 6668] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6687] <... set_robust_list resumed>) = 0 [pid 6668] <... futex resumed>) = 0 [pid 6687] rt_sigprocmask(SIG_SETMASK, [], [pid 6668] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6687] open(".", O_RDONLY) = 5 [pid 6687] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6668] <... futex resumed>) = 0 [pid 6687] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6668] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6668] <... futex resumed>) = 0 [pid 6687] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 124.343738][ T6669] BTRFS info (device loop0): balance: start -d -m [ 124.353594][ T6669] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 124.375190][ T6669] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6668] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] <... ioctl resumed>) = 0 [pid 6687] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6668] <... futex resumed>) = 0 [ 124.450545][ T6669] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 124.486443][ T6669] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6669] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6669] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6668] exit_group(0 [pid 6687] <... futex resumed>) = ? [pid 6669] <... futex resumed>) = ? [pid 6668] <... exit_group resumed>) = ? [pid 6687] +++ exited with 0 +++ [pid 6669] +++ exited with 0 +++ [pid 6668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6668, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 124.505028][ T6669] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6688 attached [pid 6688] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6688] chdir("./81") = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6688 [pid 6688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6688] setpgid(0, 0) = 0 [pid 6688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6688] write(3, "1000", 4) = 4 [pid 6688] close(3) = 0 [pid 6688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6688] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6688] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6688] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6689 attached [pid 6689] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6688] <... clone3 resumed> => {parent_tid=[6689]}, 88) = 6689 [pid 6689] <... rseq resumed>) = 0 [pid 6689] set_robust_list(0x7f0bd5e299a0, 24 [pid 6688] rt_sigprocmask(SIG_SETMASK, [], [pid 6689] <... set_robust_list resumed>) = 0 [pid 6688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6689] rt_sigprocmask(SIG_SETMASK, [], [pid 6688] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6688] <... futex resumed>) = 0 [pid 6689] memfd_create("syzkaller", 0 [pid 6688] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6689] <... memfd_create resumed>) = 3 [pid 6689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6689] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6689] close(3) = 0 [pid 6689] mkdir("./file0", 0777) = 0 [ 125.000911][ T6689] loop0: detected capacity change from 0 to 32768 [ 125.027511][ T6689] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6689) [ 125.043754][ T6689] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 125.053077][ T6689] BTRFS info (device loop0): force clearing of disk cache [ 125.060374][ T6689] BTRFS info (device loop0): setting nodatasum [ 125.066690][ T6689] BTRFS info (device loop0): allowing degraded mounts [ 125.073475][ T6689] BTRFS info (device loop0): enabling disk space caching [ 125.080695][ T6689] BTRFS info (device loop0): disk space caching is enabled [ 125.101719][ T6689] BTRFS info (device loop0): enabling ssd optimizations [ 125.108828][ T6689] BTRFS info (device loop0): auto enabling async discard [ 125.116983][ T6689] BTRFS info (device loop0): rebuilding free space tree [ 125.127939][ T6689] BTRFS info (device loop0): disabling free space tree [ 125.134935][ T6689] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6689] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6689] chdir("./file0") = 0 [pid 6689] ioctl(4, LOOP_CLR_FD) = 0 [pid 6689] close(4) = 0 [pid 6689] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] <... futex resumed>) = 0 [pid 6688] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... futex resumed>) = 0 [pid 6689] open("./file0", O_RDONLY) = 4 [pid 6689] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 125.144784][ T6689] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 125.157361][ T6689] BTRFS info (device loop0): checking UUID tree [pid 6689] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] <... futex resumed>) = 1 [pid 6688] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6688] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... futex resumed>) = 0 [pid 6688] <... futex resumed>) = 1 [pid 6689] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6689] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6688] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... futex resumed>) = 0 [pid 6688] <... futex resumed>) = 1 [pid 6689] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6688] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6688] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6688] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 125.246335][ T6689] BTRFS info (device loop0): balance: start -d -m [ 125.255605][ T6689] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 125.278104][ T6689] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6707 attached [pid 6707] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6688] <... clone3 resumed> => {parent_tid=[6707]}, 88) = 6707 [pid 6707] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6688] rt_sigprocmask(SIG_SETMASK, [], [pid 6707] rt_sigprocmask(SIG_SETMASK, [], [pid 6688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6688] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] open(".", O_RDONLY) = 5 [pid 6688] <... futex resumed>) = 0 [pid 6688] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6707] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] <... futex resumed>) = 0 [pid 6707] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6707] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6688] <... futex resumed>) = 0 [pid 6688] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6707] <... ioctl resumed>) = 0 [pid 6707] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] <... futex resumed>) = 0 [ 125.315370][ T6689] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 125.345840][ T6689] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6707] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6689] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6689] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] exit_group(0 [pid 6707] <... futex resumed>) = ? [pid 6688] <... exit_group resumed>) = ? [pid 6707] +++ exited with 0 +++ [pid 6689] <... futex resumed>) = ? [pid 6689] +++ exited with 0 +++ [pid 6688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6688, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- [ 125.362828][ T6689] BTRFS info (device loop0): balance: ended with status: 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6708 attached [pid 6708] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6708] chdir("./82") = 0 [pid 6708] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6708 [pid 6708] <... prctl resumed>) = 0 [pid 6708] setpgid(0, 0) = 0 [pid 6708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6708] write(3, "1000", 4) = 4 [pid 6708] close(3) = 0 [pid 6708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6708] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6708] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6709 attached => {parent_tid=[6709]}, 88) = 6709 [pid 6709] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6709] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6709] rt_sigprocmask(SIG_SETMASK, [], [pid 6708] rt_sigprocmask(SIG_SETMASK, [], [pid 6709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6709] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6708] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] <... futex resumed>) = 0 [pid 6708] <... futex resumed>) = 1 [pid 6708] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6709] memfd_create("syzkaller", 0) = 3 [pid 6709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6709] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6709] close(3) = 0 [pid 6709] mkdir("./file0", 0777) = 0 [ 125.869972][ T6709] loop0: detected capacity change from 0 to 32768 [ 125.879572][ T6709] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6709) [ 125.895529][ T6709] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 125.904852][ T6709] BTRFS info (device loop0): force clearing of disk cache [ 125.911964][ T6709] BTRFS info (device loop0): setting nodatasum [ 125.918166][ T6709] BTRFS info (device loop0): allowing degraded mounts [ 125.925018][ T6709] BTRFS info (device loop0): enabling disk space caching [ 125.932051][ T6709] BTRFS info (device loop0): disk space caching is enabled [ 125.951871][ T6709] BTRFS info (device loop0): enabling ssd optimizations [ 125.959144][ T6709] BTRFS info (device loop0): auto enabling async discard [pid 6709] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6709] chdir("./file0") = 0 [pid 6709] ioctl(4, LOOP_CLR_FD) = 0 [pid 6709] close(4) = 0 [pid 6709] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6709] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6708] <... futex resumed>) = 0 [pid 6709] open("./file0", O_RDONLY [pid 6708] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] <... open resumed>) = 4 [ 125.967294][ T6709] BTRFS info (device loop0): rebuilding free space tree [ 125.978228][ T6709] BTRFS info (device loop0): disabling free space tree [ 125.985206][ T6709] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 125.995009][ T6709] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 126.007773][ T6709] BTRFS info (device loop0): checking UUID tree [pid 6709] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6709] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] <... futex resumed>) = 0 [pid 6708] <... futex resumed>) = 1 [pid 6709] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6708] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] <... ioctl resumed>) = 0 [pid 6709] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6709] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6708] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6708] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6708] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6708] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6708] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6727 attached [pid 6727] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6708] <... clone3 resumed> => {parent_tid=[6727]}, 88) = 6727 [pid 6727] <... rseq resumed>) = 0 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], [pid 6727] set_robust_list(0x7f0bd5e089a0, 24 [pid 6708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6727] <... set_robust_list resumed>) = 0 [pid 6708] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] rt_sigprocmask(SIG_SETMASK, [], [pid 6708] <... futex resumed>) = 0 [pid 6727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6708] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] open(".", O_RDONLY) = 5 [pid 6727] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [pid 6727] <... futex resumed>) = 1 [pid 6708] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6708] <... futex resumed>) = 0 [ 126.067276][ T6709] BTRFS info (device loop0): balance: start -d -m [ 126.075940][ T6709] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 126.100614][ T6709] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6708] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... ioctl resumed>) = 0 [pid 6727] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [ 126.177846][ T6709] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 126.210591][ T6709] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6727] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6709] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6709] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] exit_group(0 [pid 6727] <... futex resumed>) = ? [pid 6709] <... futex resumed>) = ? [pid 6708] <... exit_group resumed>) = ? [pid 6727] +++ exited with 0 +++ [pid 6709] +++ exited with 0 +++ [pid 6708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6708, si_uid=0, si_status=0, si_utime=0, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 [ 126.236283][ T6709] BTRFS info (device loop0): balance: ended with status: 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6728 attached , child_tidptr=0x5555570ad690) = 6728 [pid 6728] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6728] chdir("./83") = 0 [pid 6728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6728] setpgid(0, 0) = 0 [pid 6728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6728] write(3, "1000", 4) = 4 [pid 6728] close(3) = 0 [pid 6728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6728] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6728] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6728] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6729 attached [pid 6729] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6728] <... clone3 resumed> => {parent_tid=[6729]}, 88) = 6729 [pid 6729] <... rseq resumed>) = 0 [pid 6728] rt_sigprocmask(SIG_SETMASK, [], [pid 6729] set_robust_list(0x7f0bd5e299a0, 24 [pid 6728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6729] <... set_robust_list resumed>) = 0 [pid 6728] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] rt_sigprocmask(SIG_SETMASK, [], [pid 6728] <... futex resumed>) = 0 [pid 6729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6728] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6729] memfd_create("syzkaller", 0) = 3 [pid 6729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6729] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6729] close(3) = 0 [pid 6729] mkdir("./file0", 0777) = 0 [ 126.751565][ T6729] loop0: detected capacity change from 0 to 32768 [ 126.766786][ T6729] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6729) [ 126.782491][ T6729] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 126.791818][ T6729] BTRFS info (device loop0): force clearing of disk cache [pid 6729] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6729] chdir("./file0") = 0 [pid 6729] ioctl(4, LOOP_CLR_FD) = 0 [pid 6729] close(4) = 0 [pid 6729] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6728] <... futex resumed>) = 0 [pid 6729] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6728] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] open("./file0", O_RDONLY [pid 6728] <... futex resumed>) = 0 [pid 6729] <... open resumed>) = 4 [ 126.798971][ T6729] BTRFS info (device loop0): setting nodatasum [ 126.805162][ T6729] BTRFS info (device loop0): allowing degraded mounts [ 126.811943][ T6729] BTRFS info (device loop0): enabling disk space caching [pid 6728] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6729] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6728] <... futex resumed>) = 0 [pid 6729] <... ioctl resumed>) = 0 [pid 6728] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6729] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6729] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6728] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6728] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6747 attached [pid 6747] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6728] <... clone3 resumed> => {parent_tid=[6747]}, 88) = 6747 [pid 6747] <... rseq resumed>) = 0 [pid 6747] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6728] rt_sigprocmask(SIG_SETMASK, [], [pid 6747] rt_sigprocmask(SIG_SETMASK, [], [pid 6728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6747] open(".", O_RDONLY [pid 6728] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... open resumed>) = 5 [pid 6747] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6747] <... futex resumed>) = 0 [pid 6747] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6728] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6728] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = 0 [pid 6728] <... futex resumed>) = 1 [pid 6747] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6728] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] <... ioctl resumed>) = 0 [pid 6729] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6747] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = 1 [pid 6728] <... futex resumed>) = 0 [pid 6747] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6728] exit_group(0 [pid 6747] <... futex resumed>) = ? [pid 6728] <... exit_group resumed>) = ? [pid 6747] +++ exited with 0 +++ [pid 6729] <... futex resumed>) = ? [pid 6729] +++ exited with 0 +++ [pid 6728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6728, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6748 attached [pid 6748] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6748] chdir("./84") = 0 [pid 6748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6748 [pid 6748] setpgid(0, 0) = 0 [pid 6748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6748] write(3, "1000", 4) = 4 [pid 6748] close(3) = 0 [pid 6748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6748] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6748] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6748] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6749 attached => {parent_tid=[6749]}, 88) = 6749 [pid 6748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6748] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6749] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6749] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6749] memfd_create("syzkaller", 0) = 3 [pid 6749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6749] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6749] close(3) = 0 [pid 6749] mkdir("./file0", 0777) = 0 [ 127.468319][ T6749] loop0: detected capacity change from 0 to 32768 [ 127.484751][ T6749] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6749) [ 127.499826][ T6749] _btrfs_printk: 14 callbacks suppressed [ 127.499840][ T6749] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 127.514874][ T6749] BTRFS info (device loop0): force clearing of disk cache [ 127.521996][ T6749] BTRFS info (device loop0): setting nodatasum [ 127.528204][ T6749] BTRFS info (device loop0): allowing degraded mounts [ 127.535023][ T6749] BTRFS info (device loop0): enabling disk space caching [ 127.542074][ T6749] BTRFS info (device loop0): disk space caching is enabled [ 127.560248][ T6749] BTRFS info (device loop0): enabling ssd optimizations [ 127.567414][ T6749] BTRFS info (device loop0): auto enabling async discard [ 127.575615][ T6749] BTRFS info (device loop0): rebuilding free space tree [ 127.587275][ T6749] BTRFS info (device loop0): disabling free space tree [ 127.594401][ T6749] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 127.604283][ T6749] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6749] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6749] chdir("./file0") = 0 [pid 6749] ioctl(4, LOOP_CLR_FD) = 0 [pid 6749] close(4) = 0 [pid 6749] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6748] <... futex resumed>) = 0 [pid 6749] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6748] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6749] open("./file0", O_RDONLY [pid 6748] <... futex resumed>) = 0 [pid 6748] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6749] <... open resumed>) = 4 [ 127.617241][ T6749] BTRFS info (device loop0): checking UUID tree [pid 6749] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6748] <... futex resumed>) = 0 [pid 6749] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6748] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6749] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6748] <... futex resumed>) = 0 [pid 6749] <... ioctl resumed>) = 0 [pid 6748] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6749] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6749] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6748] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6748] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6748] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6767 attached => {parent_tid=[6767]}, 88) = 6767 [pid 6767] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6748] rt_sigprocmask(SIG_SETMASK, [], [pid 6767] <... rseq resumed>) = 0 [pid 6767] set_robust_list(0x7f0bd5e089a0, 24 [pid 6748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6767] <... set_robust_list resumed>) = 0 [pid 6767] rt_sigprocmask(SIG_SETMASK, [], [pid 6748] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6767] open(".", O_RDONLY [pid 6748] <... futex resumed>) = 0 [pid 6748] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6767] <... open resumed>) = 5 [pid 6767] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6748] <... futex resumed>) = 0 [pid 6767] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6748] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6748] <... futex resumed>) = 0 [pid 6767] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 127.678629][ T6749] BTRFS info (device loop0): balance: start -d -m [ 127.687403][ T6749] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 127.711999][ T6749] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6748] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6767] <... ioctl resumed>) = 0 [pid 6767] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] <... futex resumed>) = 0 [pid 6767] <... futex resumed>) = 1 [ 127.780910][ T6749] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 127.820004][ T6749] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6767] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6749] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6749] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6748] exit_group(0 [pid 6767] <... futex resumed>) = ? [pid 6749] <... futex resumed>) = ? [pid 6748] <... exit_group resumed>) = ? [pid 6767] +++ exited with 0 +++ [pid 6749] +++ exited with 0 +++ [pid 6748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6748, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 127.837847][ T6749] BTRFS info (device loop0): balance: ended with status: 0 unlink("./84/binderfs") = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6768 attached [pid 6768] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6768] chdir("./85" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6768 [pid 6768] <... chdir resumed>) = 0 [pid 6768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6768] setpgid(0, 0) = 0 [pid 6768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6768] write(3, "1000", 4) = 4 [pid 6768] close(3) = 0 [pid 6768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6768] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6768] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6768] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6769 attached => {parent_tid=[6769]}, 88) = 6769 [pid 6769] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6768] rt_sigprocmask(SIG_SETMASK, [], [pid 6769] <... rseq resumed>) = 0 [pid 6768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6769] set_robust_list(0x7f0bd5e299a0, 24 [pid 6768] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... set_robust_list resumed>) = 0 [pid 6768] <... futex resumed>) = 0 [pid 6769] rt_sigprocmask(SIG_SETMASK, [], [pid 6768] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6769] memfd_create("syzkaller", 0) = 3 [pid 6769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6769] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6769] close(3) = 0 [pid 6769] mkdir("./file0", 0777) = 0 [ 128.280454][ T6769] loop0: detected capacity change from 0 to 32768 [ 128.295864][ T6769] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6769) [ 128.310999][ T6769] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 128.320365][ T6769] BTRFS info (device loop0): force clearing of disk cache [ 128.327558][ T6769] BTRFS info (device loop0): setting nodatasum [ 128.333701][ T6769] BTRFS info (device loop0): allowing degraded mounts [ 128.340541][ T6769] BTRFS info (device loop0): enabling disk space caching [ 128.347632][ T6769] BTRFS info (device loop0): disk space caching is enabled [ 128.367951][ T6769] BTRFS info (device loop0): enabling ssd optimizations [pid 6769] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6769] chdir("./file0") = 0 [pid 6769] ioctl(4, LOOP_CLR_FD) = 0 [pid 6769] close(4) = 0 [pid 6769] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6768] <... futex resumed>) = 0 [pid 6769] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6768] <... futex resumed>) = 0 [pid 6769] open("./file0", O_RDONLY [ 128.375099][ T6769] BTRFS info (device loop0): auto enabling async discard [ 128.383045][ T6769] BTRFS info (device loop0): rebuilding free space tree [ 128.394880][ T6769] BTRFS info (device loop0): disabling free space tree [ 128.401804][ T6769] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 128.411609][ T6769] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 128.424869][ T6769] BTRFS info (device loop0): checking UUID tree [pid 6768] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] <... open resumed>) = 4 [pid 6769] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6768] <... futex resumed>) = 0 [pid 6769] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6768] <... futex resumed>) = 0 [pid 6769] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6768] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] <... ioctl resumed>) = 0 [pid 6769] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = 0 [pid 6769] <... futex resumed>) = 1 [pid 6768] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6768] <... futex resumed>) = 0 [pid 6768] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6768] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6768] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6787]}, 88) = 6787 ./strace-static-x86_64: Process 6787 attached [pid 6768] rt_sigprocmask(SIG_SETMASK, [], [pid 6787] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6768] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] <... rseq resumed>) = 0 [pid 6787] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6787] open(".", O_RDONLY) = 5 [pid 6787] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6768] <... futex resumed>) = 0 [pid 6787] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6768] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 128.479916][ T6769] BTRFS info (device loop0): balance: start -d -m [ 128.490249][ T6769] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 128.516941][ T6769] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6787] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 6787] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6768] <... futex resumed>) = 0 [ 128.589256][ T6769] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 128.623765][ T6769] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6787] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6769] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6769] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6769] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] exit_group(0 [pid 6787] <... futex resumed>) = ? [pid 6787] +++ exited with 0 +++ [pid 6769] <... futex resumed>) = ? [pid 6768] <... exit_group resumed>) = ? [pid 6769] +++ exited with 0 +++ [pid 6768] +++ exited with 0 +++ [ 128.640807][ T6769] BTRFS info (device loop0): balance: ended with status: 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6768, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6788 attached , child_tidptr=0x5555570ad690) = 6788 [pid 6788] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6788] chdir("./86") = 0 [pid 6788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6788] setpgid(0, 0) = 0 [pid 6788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6788] write(3, "1000", 4) = 4 [pid 6788] close(3) = 0 [pid 6788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6788] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6788] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6788] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6789 attached => {parent_tid=[6789]}, 88) = 6789 [pid 6789] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6789] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6789] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6788] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... futex resumed>) = 0 [pid 6788] <... futex resumed>) = 1 [pid 6789] memfd_create("syzkaller", 0 [pid 6788] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6789] <... memfd_create resumed>) = 3 [pid 6789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6789] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6789] close(3) = 0 [pid 6789] mkdir("./file0", 0777) = 0 [ 129.180162][ T6789] loop0: detected capacity change from 0 to 32768 [ 129.194662][ T6789] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6789) [ 129.210680][ T6789] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 129.220017][ T6789] BTRFS info (device loop0): force clearing of disk cache [ 129.227226][ T6789] BTRFS info (device loop0): setting nodatasum [ 129.233401][ T6789] BTRFS info (device loop0): allowing degraded mounts [ 129.240237][ T6789] BTRFS info (device loop0): enabling disk space caching [ 129.247306][ T6789] BTRFS info (device loop0): disk space caching is enabled [ 129.266923][ T6789] BTRFS info (device loop0): enabling ssd optimizations [pid 6789] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6789] chdir("./file0") = 0 [pid 6789] ioctl(4, LOOP_CLR_FD) = 0 [pid 6789] close(4) = 0 [ 129.273994][ T6789] BTRFS info (device loop0): auto enabling async discard [ 129.281831][ T6789] BTRFS info (device loop0): rebuilding free space tree [ 129.293302][ T6789] BTRFS info (device loop0): disabling free space tree [ 129.300330][ T6789] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 129.310039][ T6789] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 129.322698][ T6789] BTRFS info (device loop0): checking UUID tree [pid 6789] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] <... futex resumed>) = 0 [pid 6788] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... futex resumed>) = 1 [pid 6788] <... futex resumed>) = 0 [pid 6789] open("./file0", O_RDONLY [pid 6788] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] <... open resumed>) = 4 [pid 6789] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6788] <... futex resumed>) = 0 [pid 6789] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6788] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... ioctl resumed>) = 0 [pid 6788] <... futex resumed>) = 0 [pid 6788] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6788] <... futex resumed>) = 0 [pid 6789] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6788] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6789] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6788] <... futex resumed>) = 0 [pid 6788] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6788] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6788] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6807 attached [pid 6807] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6807] set_robust_list(0x7f0bd5e089a0, 24 [pid 6788] <... clone3 resumed> => {parent_tid=[6807]}, 88) = 6807 [pid 6788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6807] <... set_robust_list resumed>) = 0 [pid 6788] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] rt_sigprocmask(SIG_SETMASK, [], [pid 6788] <... futex resumed>) = 0 [pid 6807] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6788] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] open(".", O_RDONLY) = 5 [pid 6807] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6788] <... futex resumed>) = 0 [pid 6807] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6788] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.379541][ T6789] BTRFS info (device loop0): balance: start -d -m [ 129.389669][ T6789] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 129.411065][ T6789] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6788] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] <... ioctl resumed>) = 0 [pid 6807] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6788] <... futex resumed>) = 0 [ 129.482062][ T6789] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6807] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6789] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6789] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6789] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6788] exit_group(0 [pid 6807] <... futex resumed>) = ? [pid 6789] <... futex resumed>) = ? [pid 6788] <... exit_group resumed>) = ? [pid 6807] +++ exited with 0 +++ [pid 6789] +++ exited with 0 +++ [pid 6788] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6788, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 129.525888][ T6789] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 129.545162][ T6789] BTRFS info (device loop0): balance: ended with status: 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6808 attached , child_tidptr=0x5555570ad690) = 6808 [pid 6808] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6808] chdir("./87") = 0 [pid 6808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6808] setpgid(0, 0) = 0 [pid 6808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6808] write(3, "1000", 4) = 4 [pid 6808] close(3) = 0 [pid 6808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6808] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6808] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6808] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6808] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6808] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6809 attached [pid 6809] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6808] <... clone3 resumed> => {parent_tid=[6809]}, 88) = 6809 [pid 6809] set_robust_list(0x7f0bd5e299a0, 24 [pid 6808] rt_sigprocmask(SIG_SETMASK, [], [pid 6809] <... set_robust_list resumed>) = 0 [pid 6808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6809] rt_sigprocmask(SIG_SETMASK, [], [pid 6808] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6808] <... futex resumed>) = 0 [pid 6809] memfd_create("syzkaller", 0 [pid 6808] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6809] <... memfd_create resumed>) = 3 [pid 6809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6809] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6809] close(3) = 0 [pid 6809] mkdir("./file0", 0777) = 0 [ 130.057114][ T6809] loop0: detected capacity change from 0 to 32768 [ 130.080924][ T6809] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6809) [ 130.096527][ T6809] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 130.105849][ T6809] BTRFS info (device loop0): force clearing of disk cache [ 130.112953][ T6809] BTRFS info (device loop0): setting nodatasum [ 130.119334][ T6809] BTRFS info (device loop0): allowing degraded mounts [ 130.126183][ T6809] BTRFS info (device loop0): enabling disk space caching [ 130.133231][ T6809] BTRFS info (device loop0): disk space caching is enabled [ 130.151853][ T6809] BTRFS info (device loop0): enabling ssd optimizations [ 130.158883][ T6809] BTRFS info (device loop0): auto enabling async discard [ 130.166898][ T6809] BTRFS info (device loop0): rebuilding free space tree [ 130.178060][ T6809] BTRFS info (device loop0): disabling free space tree [ 130.185433][ T6809] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 130.195120][ T6809] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6809] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6809] chdir("./file0") = 0 [pid 6809] ioctl(4, LOOP_CLR_FD) = 0 [pid 6809] close(4) = 0 [pid 6809] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6808] <... futex resumed>) = 0 [pid 6808] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] open("./file0", O_RDONLY [pid 6808] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6809] <... open resumed>) = 4 [pid 6809] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6809] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6808] <... futex resumed>) = 0 [pid 6808] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6808] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6809] <... futex resumed>) = 0 [pid 6809] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6809] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6808] <... futex resumed>) = 0 [pid 6809] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6808] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6808] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 130.207990][ T6809] BTRFS info (device loop0): checking UUID tree [pid 6809] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6808] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6808] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6808] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6808] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6827]}, 88) = 6827 ./strace-static-x86_64: Process 6827 attached [pid 6808] rt_sigprocmask(SIG_SETMASK, [], [pid 6827] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6827] <... rseq resumed>) = 0 [pid 6808] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] set_robust_list(0x7f0bd5e089a0, 24 [pid 6808] <... futex resumed>) = 0 [pid 6827] <... set_robust_list resumed>) = 0 [pid 6808] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6827] open(".", O_RDONLY) = 5 [pid 6827] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6827] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6808] <... futex resumed>) = 0 [pid 6808] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6827] <... futex resumed>) = 0 [pid 6808] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 130.259513][ T6809] BTRFS info (device loop0): balance: start -d -m [ 130.268230][ T6809] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 130.289823][ T6809] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6827] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 6827] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6827] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6808] <... futex resumed>) = 0 [ 130.354275][ T6809] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 130.384531][ T6809] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6809] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6809] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6808] exit_group(0 [pid 6827] <... futex resumed>) = ? [pid 6827] +++ exited with 0 +++ [pid 6808] <... exit_group resumed>) = ? [pid 6809] <... futex resumed>) = ? [pid 6809] +++ exited with 0 +++ [pid 6808] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6808, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 130.401910][ T6809] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6828 attached [pid 6828] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6828] chdir("./88") = 0 [pid 6828] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6828 [pid 6828] <... prctl resumed>) = 0 [pid 6828] setpgid(0, 0) = 0 [pid 6828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6828] write(3, "1000", 4) = 4 [pid 6828] close(3) = 0 [pid 6828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6828] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6828] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6828] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6829 attached => {parent_tid=[6829]}, 88) = 6829 [pid 6829] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6828] rt_sigprocmask(SIG_SETMASK, [], [pid 6829] set_robust_list(0x7f0bd5e299a0, 24 [pid 6828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6829] <... set_robust_list resumed>) = 0 [pid 6828] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] rt_sigprocmask(SIG_SETMASK, [], [pid 6828] <... futex resumed>) = 0 [pid 6829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6828] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6829] memfd_create("syzkaller", 0) = 3 [pid 6829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6829] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6829] close(3) = 0 [pid 6829] mkdir("./file0", 0777) = 0 [ 130.931585][ T6829] loop0: detected capacity change from 0 to 32768 [ 130.941534][ T6829] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6829) [ 130.956975][ T6829] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 130.966346][ T6829] BTRFS info (device loop0): force clearing of disk cache [ 130.973512][ T6829] BTRFS info (device loop0): setting nodatasum [ 130.979821][ T6829] BTRFS info (device loop0): allowing degraded mounts [ 130.986756][ T6829] BTRFS info (device loop0): enabling disk space caching [ 130.993799][ T6829] BTRFS info (device loop0): disk space caching is enabled [ 131.013168][ T6829] BTRFS info (device loop0): enabling ssd optimizations [ 131.020551][ T6829] BTRFS info (device loop0): auto enabling async discard [pid 6829] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6829] chdir("./file0") = 0 [pid 6829] ioctl(4, LOOP_CLR_FD) = 0 [pid 6829] close(4) = 0 [ 131.028432][ T6829] BTRFS info (device loop0): rebuilding free space tree [ 131.040588][ T6829] BTRFS info (device loop0): disabling free space tree [ 131.047605][ T6829] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 131.057349][ T6829] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 131.070098][ T6829] BTRFS info (device loop0): checking UUID tree [pid 6829] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6829] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6828] <... futex resumed>) = 0 [pid 6828] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] <... futex resumed>) = 0 [pid 6828] <... futex resumed>) = 1 [pid 6829] open("./file0", O_RDONLY [pid 6828] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6829] <... open resumed>) = 4 [pid 6829] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... futex resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 6828] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6828] <... futex resumed>) = 0 [pid 6829] <... ioctl resumed>) = 0 [pid 6828] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6829] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... futex resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 6828] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6828] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6828] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6828] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6847 attached [pid 6847] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6828] <... clone3 resumed> => {parent_tid=[6847]}, 88) = 6847 [pid 6847] <... rseq resumed>) = 0 [pid 6847] set_robust_list(0x7f0bd5e089a0, 24 [pid 6828] rt_sigprocmask(SIG_SETMASK, [], [pid 6847] <... set_robust_list resumed>) = 0 [pid 6828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6847] rt_sigprocmask(SIG_SETMASK, [], [pid 6828] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6828] <... futex resumed>) = 0 [pid 6847] open(".", O_RDONLY [pid 6828] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6847] <... open resumed>) = 5 [ 131.163572][ T6829] BTRFS info (device loop0): balance: start -d -m [ 131.174819][ T6829] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 131.201911][ T6829] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6847] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6828] <... futex resumed>) = 0 [pid 6847] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6828] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6847] <... ioctl resumed>) = 0 [pid 6847] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6847] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6828] <... futex resumed>) = 0 [ 131.234886][ T6829] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 131.274327][ T6829] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6829] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6829] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] exit_group(0 [pid 6847] <... futex resumed>) = ? [pid 6847] +++ exited with 0 +++ [pid 6828] <... exit_group resumed>) = ? [pid 6829] <... futex resumed>) = ? [pid 6829] +++ exited with 0 +++ [pid 6828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6828, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 [ 131.292068][ T6829] BTRFS info (device loop0): balance: ended with status: 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6848 attached , child_tidptr=0x5555570ad690) = 6848 [pid 6848] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6848] chdir("./89") = 0 [pid 6848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6848] setpgid(0, 0) = 0 [pid 6848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6848] write(3, "1000", 4) = 4 [pid 6848] close(3) = 0 [pid 6848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6848] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6848] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6848] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6849 attached => {parent_tid=[6849]}, 88) = 6849 [pid 6849] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6849] set_robust_list(0x7f0bd5e299a0, 24 [pid 6848] rt_sigprocmask(SIG_SETMASK, [], [pid 6849] <... set_robust_list resumed>) = 0 [pid 6848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6849] rt_sigprocmask(SIG_SETMASK, [], [pid 6848] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6848] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6849] memfd_create("syzkaller", 0) = 3 [pid 6849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6849] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6849] close(3) = 0 [pid 6849] mkdir("./file0", 0777) = 0 [ 131.756999][ T6849] loop0: detected capacity change from 0 to 32768 [ 131.785266][ T6849] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6849) [pid 6849] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6849] chdir("./file0") = 0 [pid 6849] ioctl(4, LOOP_CLR_FD) = 0 [pid 6849] close(4) = 0 [pid 6849] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6848] <... futex resumed>) = 0 [pid 6849] <... futex resumed>) = 1 [pid 6848] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6849] open("./file0", O_RDONLY [pid 6848] <... futex resumed>) = 0 [pid 6849] <... open resumed>) = 4 [ 131.801522][ T6849] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 131.810955][ T6849] BTRFS info (device loop0): force clearing of disk cache [ 131.818124][ T6849] BTRFS info (device loop0): setting nodatasum [ 131.824365][ T6849] BTRFS info (device loop0): allowing degraded mounts [ 131.831142][ T6849] BTRFS info (device loop0): enabling disk space caching [pid 6848] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6849] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] <... futex resumed>) = 0 [pid 6848] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6848] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6849] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6849] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] <... futex resumed>) = 0 [pid 6849] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6848] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6848] <... futex resumed>) = 0 [pid 6849] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6848] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6848] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6848] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6867 attached [pid 6867] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6848] <... clone3 resumed> => {parent_tid=[6867]}, 88) = 6867 [pid 6867] <... rseq resumed>) = 0 [pid 6867] set_robust_list(0x7f0bd5e089a0, 24 [pid 6848] rt_sigprocmask(SIG_SETMASK, [], [pid 6867] <... set_robust_list resumed>) = 0 [pid 6848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6867] rt_sigprocmask(SIG_SETMASK, [], [pid 6848] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6848] <... futex resumed>) = 0 [pid 6867] open(".", O_RDONLY [pid 6848] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... open resumed>) = 5 [pid 6867] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] <... futex resumed>) = 0 [pid 6848] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6848] <... futex resumed>) = 0 [pid 6848] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... ioctl resumed>) = 0 [pid 6867] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] <... futex resumed>) = 0 [pid 6867] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6849] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6849] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6849] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6848] exit_group(0) = ? [pid 6867] <... futex resumed>) = ? [pid 6849] <... futex resumed>) = ? [pid 6849] +++ exited with 0 +++ [pid 6867] +++ exited with 0 +++ [pid 6848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6848, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6868 attached , child_tidptr=0x5555570ad690) = 6868 [pid 6868] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6868] chdir("./90") = 0 [pid 6868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6868] setpgid(0, 0) = 0 [pid 6868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6868] write(3, "1000", 4) = 4 [pid 6868] close(3) = 0 [pid 6868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6868] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6868] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6868] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6869 attached [pid 6869] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6868] <... clone3 resumed> => {parent_tid=[6869]}, 88) = 6869 [pid 6869] set_robust_list(0x7f0bd5e299a0, 24 [pid 6868] rt_sigprocmask(SIG_SETMASK, [], [pid 6869] <... set_robust_list resumed>) = 0 [pid 6868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6869] rt_sigprocmask(SIG_SETMASK, [], [pid 6868] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6868] <... futex resumed>) = 0 [pid 6869] memfd_create("syzkaller", 0 [pid 6868] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6869] <... memfd_create resumed>) = 3 [pid 6869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6869] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6869] close(3) = 0 [pid 6869] mkdir("./file0", 0777) = 0 [ 132.571782][ T6869] loop0: detected capacity change from 0 to 32768 [ 132.596831][ T6869] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6869) [ 132.613013][ T6869] _btrfs_printk: 14 callbacks suppressed [ 132.613027][ T6869] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 132.628014][ T6869] BTRFS info (device loop0): force clearing of disk cache [ 132.635246][ T6869] BTRFS info (device loop0): setting nodatasum [ 132.641414][ T6869] BTRFS info (device loop0): allowing degraded mounts [ 132.648230][ T6869] BTRFS info (device loop0): enabling disk space caching [ 132.655308][ T6869] BTRFS info (device loop0): disk space caching is enabled [ 132.674737][ T6869] BTRFS info (device loop0): enabling ssd optimizations [ 132.681855][ T6869] BTRFS info (device loop0): auto enabling async discard [ 132.689986][ T6869] BTRFS info (device loop0): rebuilding free space tree [ 132.701270][ T6869] BTRFS info (device loop0): disabling free space tree [ 132.708272][ T6869] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6869] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6869] chdir("./file0") = 0 [pid 6869] ioctl(4, LOOP_CLR_FD) = 0 [pid 6869] close(4) = 0 [pid 6869] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6868] <... futex resumed>) = 0 [pid 6868] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6869] open("./file0", O_RDONLY [pid 6868] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6869] <... open resumed>) = 4 [pid 6869] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6868] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6868] <... futex resumed>) = 0 [pid 6868] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6869] <... ioctl resumed>) = 0 [pid 6869] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6869] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6868] <... futex resumed>) = 0 [pid 6868] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = 0 [pid 6868] <... futex resumed>) = 1 [pid 6869] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 132.717956][ T6869] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 132.730464][ T6869] BTRFS info (device loop0): checking UUID tree [pid 6868] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6868] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6868] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6887]}, 88) = 6887 [pid 6868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6868] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6868] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6887 attached [pid 6887] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6887] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6887] open(".", O_RDONLY) = 5 [pid 6887] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6887] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6868] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6887] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6868] <... futex resumed>) = 0 [ 132.786132][ T6869] BTRFS info (device loop0): balance: start -d -m [ 132.794142][ T6869] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 132.817791][ T6869] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6868] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6887] <... ioctl resumed>) = 0 [pid 6887] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6887] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6869] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6869] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6868] exit_group(0 [pid 6869] <... futex resumed>) = 0 [pid 6869] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6887] <... futex resumed>) = ? [pid 6868] <... exit_group resumed>) = ? [pid 6887] +++ exited with 0 +++ [pid 6869] +++ exited with 0 +++ [pid 6868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6868, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- [ 132.903123][ T6869] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 132.923963][ T6869] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 132.941667][ T6869] BTRFS info (device loop0): balance: ended with status: 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6889 attached , child_tidptr=0x5555570ad690) = 6889 [pid 6889] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6889] chdir("./91") = 0 [pid 6889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6889] setpgid(0, 0) = 0 [pid 6889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6889] write(3, "1000", 4) = 4 [pid 6889] close(3) = 0 [pid 6889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6889] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6889] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6890 attached => {parent_tid=[6890]}, 88) = 6890 [pid 6890] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6889] rt_sigprocmask(SIG_SETMASK, [], [pid 6890] <... rseq resumed>) = 0 [pid 6889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6890] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 6890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6890] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6889] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] <... futex resumed>) = 0 [pid 6889] <... futex resumed>) = 1 [pid 6889] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6890] memfd_create("syzkaller", 0) = 3 [pid 6890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6890] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6890] close(3) = 0 [pid 6890] mkdir("./file0", 0777) = 0 [ 133.601471][ T6890] loop0: detected capacity change from 0 to 32768 [ 133.616407][ T6890] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6890) [ 133.631503][ T6890] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 133.640864][ T6890] BTRFS info (device loop0): force clearing of disk cache [ 133.648115][ T6890] BTRFS info (device loop0): setting nodatasum [ 133.654305][ T6890] BTRFS info (device loop0): allowing degraded mounts [ 133.661076][ T6890] BTRFS info (device loop0): enabling disk space caching [ 133.668151][ T6890] BTRFS info (device loop0): disk space caching is enabled [ 133.687664][ T6890] BTRFS info (device loop0): enabling ssd optimizations [ 133.694717][ T6890] BTRFS info (device loop0): auto enabling async discard [pid 6890] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6890] chdir("./file0") = 0 [pid 6890] ioctl(4, LOOP_CLR_FD) = 0 [pid 6890] close(4) = 0 [pid 6890] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6889] <... futex resumed>) = 0 [pid 6890] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6889] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6889] <... futex resumed>) = 0 [pid 6890] open("./file0", O_RDONLY [pid 6889] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6890] <... open resumed>) = 4 [pid 6890] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6889] <... futex resumed>) = 0 [ 133.702786][ T6890] BTRFS info (device loop0): rebuilding free space tree [ 133.714016][ T6890] BTRFS info (device loop0): disabling free space tree [ 133.720978][ T6890] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 133.730845][ T6890] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 133.743336][ T6890] BTRFS info (device loop0): checking UUID tree [pid 6889] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6890] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] <... futex resumed>) = 0 [pid 6889] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6890] <... futex resumed>) = 0 [pid 6889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6890] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6889] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6889] <... futex resumed>) = 0 [pid 6889] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6889] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6889] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6908]}, 88) = 6908 [pid 6889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6889] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6908 attached [pid 6908] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6908] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6908] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6908] open(".", O_RDONLY) = 5 [pid 6908] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6889] <... futex resumed>) = 0 [pid 6908] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6889] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6889] <... futex resumed>) = 0 [pid 6908] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 133.806225][ T6890] BTRFS info (device loop0): balance: start -d -m [ 133.815057][ T6890] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 133.838120][ T6890] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6889] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6908] <... ioctl resumed>) = 0 [pid 6908] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] <... futex resumed>) = 0 [ 133.883075][ T6890] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 133.916651][ T6890] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6908] <... futex resumed>) = 1 [pid 6908] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6890] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6890] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] exit_group(0 [pid 6908] <... futex resumed>) = ? [pid 6890] <... futex resumed>) = ? [pid 6889] <... exit_group resumed>) = ? [pid 6908] +++ exited with 0 +++ [pid 6890] +++ exited with 0 +++ [pid 6889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6889, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 133.934488][ T6890] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6909 attached [pid 6909] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6909] chdir("./92") = 0 [pid 6909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6909 [pid 6909] setpgid(0, 0) = 0 [pid 6909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6909] write(3, "1000", 4) = 4 [pid 6909] close(3) = 0 [pid 6909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6909] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6909] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6909] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6910 attached [pid 6910] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 6909] <... clone3 resumed> => {parent_tid=[6910]}, 88) = 6910 [pid 6910] <... rseq resumed>) = 0 [pid 6910] set_robust_list(0x7f0bd5e299a0, 24 [pid 6909] rt_sigprocmask(SIG_SETMASK, [], [pid 6910] <... set_robust_list resumed>) = 0 [pid 6909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6909] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6910] memfd_create("syzkaller", 0 [pid 6909] <... futex resumed>) = 0 [pid 6910] <... memfd_create resumed>) = 3 [pid 6909] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6910] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6910] close(3) = 0 [pid 6910] mkdir("./file0", 0777) = 0 [ 134.519024][ T6910] loop0: detected capacity change from 0 to 32768 [ 134.544681][ T6910] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6910) [ 134.559524][ T6910] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 134.568840][ T6910] BTRFS info (device loop0): force clearing of disk cache [ 134.575992][ T6910] BTRFS info (device loop0): setting nodatasum [ 134.582141][ T6910] BTRFS info (device loop0): allowing degraded mounts [ 134.588971][ T6910] BTRFS info (device loop0): enabling disk space caching [ 134.596077][ T6910] BTRFS info (device loop0): disk space caching is enabled [ 134.616332][ T6910] BTRFS info (device loop0): enabling ssd optimizations [ 134.623310][ T6910] BTRFS info (device loop0): auto enabling async discard [ 134.631272][ T6910] BTRFS info (device loop0): rebuilding free space tree [ 134.642676][ T6910] BTRFS info (device loop0): disabling free space tree [ 134.649719][ T6910] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.659647][ T6910] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6910] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6910] chdir("./file0") = 0 [pid 6910] ioctl(4, LOOP_CLR_FD) = 0 [pid 6910] close(4) = 0 [pid 6910] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6910] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6909] <... futex resumed>) = 0 [pid 6909] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6910] <... futex resumed>) = 0 [pid 6909] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] open("./file0", O_RDONLY) = 4 [ 134.672407][ T6910] BTRFS info (device loop0): checking UUID tree [pid 6910] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6909] <... futex resumed>) = 0 [pid 6910] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6909] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6909] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6910] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6910] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6909] <... futex resumed>) = 0 [pid 6910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6909] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6910] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6909] <... futex resumed>) = 0 [pid 6909] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6909] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6909] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 134.765427][ T6910] BTRFS info (device loop0): balance: start -d -m [ 134.776791][ T6910] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 134.801615][ T6910] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6928 attached [pid 6928] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6909] <... clone3 resumed> => {parent_tid=[6928]}, 88) = 6928 [pid 6928] <... rseq resumed>) = 0 [pid 6928] set_robust_list(0x7f0bd5e089a0, 24 [pid 6909] rt_sigprocmask(SIG_SETMASK, [], [pid 6928] <... set_robust_list resumed>) = 0 [pid 6909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6928] rt_sigprocmask(SIG_SETMASK, [], [pid 6909] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6909] <... futex resumed>) = 0 [pid 6928] open(".", O_RDONLY [pid 6909] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6928] <... open resumed>) = 5 [pid 6928] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6909] <... futex resumed>) = 0 [pid 6928] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6909] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 134.831842][ T6910] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 134.854589][ T6910] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6909] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6928] <... ioctl resumed>) = 0 [pid 6928] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6928] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6910] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6909] <... futex resumed>) = 0 [pid 6910] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6910] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6909] exit_group(0 [pid 6928] <... futex resumed>) = ? [pid 6910] <... futex resumed>) = ? [pid 6909] <... exit_group resumed>) = ? [pid 6928] +++ exited with 0 +++ [pid 6910] +++ exited with 0 +++ [pid 6909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6909, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 134.883148][ T6910] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6929 attached [pid 6929] set_robust_list(0x5555570ad6a0, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6929 [pid 6929] <... set_robust_list resumed>) = 0 [pid 6929] chdir("./93") = 0 [pid 6929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6929] setpgid(0, 0) = 0 [pid 6929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6929] write(3, "1000", 4) = 4 [pid 6929] close(3) = 0 [pid 6929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6929] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6929] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6930 attached [pid 6930] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6930] set_robust_list(0x7f0bd5e299a0, 24 [pid 6929] <... clone3 resumed> => {parent_tid=[6930]}, 88) = 6930 [pid 6930] <... set_robust_list resumed>) = 0 [pid 6929] rt_sigprocmask(SIG_SETMASK, [], [pid 6930] rt_sigprocmask(SIG_SETMASK, [], [pid 6929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6929] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6930] memfd_create("syzkaller", 0 [pid 6929] <... futex resumed>) = 0 [pid 6929] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6930] <... memfd_create resumed>) = 3 [pid 6930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6930] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6930] close(3) = 0 [pid 6930] mkdir("./file0", 0777) = 0 [ 135.381575][ T6930] loop0: detected capacity change from 0 to 32768 [ 135.397664][ T6930] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6930) [ 135.412578][ T6930] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 135.421929][ T6930] BTRFS info (device loop0): force clearing of disk cache [ 135.429139][ T6930] BTRFS info (device loop0): setting nodatasum [ 135.435353][ T6930] BTRFS info (device loop0): allowing degraded mounts [ 135.442119][ T6930] BTRFS info (device loop0): enabling disk space caching [ 135.449252][ T6930] BTRFS info (device loop0): disk space caching is enabled [ 135.468166][ T6930] BTRFS info (device loop0): enabling ssd optimizations [pid 6930] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6930] chdir("./file0") = 0 [pid 6930] ioctl(4, LOOP_CLR_FD) = 0 [pid 6930] close(4) = 0 [pid 6930] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = 0 [pid 6930] <... futex resumed>) = 1 [pid 6929] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6930] open("./file0", O_RDONLY [pid 6929] <... futex resumed>) = 0 [pid 6930] <... open resumed>) = 4 [ 135.475282][ T6930] BTRFS info (device loop0): auto enabling async discard [ 135.482990][ T6930] BTRFS info (device loop0): rebuilding free space tree [ 135.494690][ T6930] BTRFS info (device loop0): disabling free space tree [ 135.501622][ T6930] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 135.511322][ T6930] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 135.524203][ T6930] BTRFS info (device loop0): checking UUID tree [pid 6929] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6930] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = 0 [pid 6930] <... futex resumed>) = 1 [pid 6929] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6930] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6929] <... futex resumed>) = 0 [pid 6930] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6930] <... futex resumed>) = 0 [pid 6929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6930] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6930] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6930] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6929] <... futex resumed>) = 0 [pid 6929] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6929] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6929] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 6948 attached => {parent_tid=[6948]}, 88) = 6948 [pid 6929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6948] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6929] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6948] <... rseq resumed>) = 0 [pid 6929] <... futex resumed>) = 0 [pid 6948] set_robust_list(0x7f0bd5e089a0, 24 [pid 6929] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] <... set_robust_list resumed>) = 0 [pid 6948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6948] open(".", O_RDONLY) = 5 [ 135.576695][ T6930] BTRFS info (device loop0): balance: start -d -m [ 135.585418][ T6930] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 135.609759][ T6930] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6948] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6929] <... futex resumed>) = 0 [pid 6948] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6948] <... futex resumed>) = 0 [pid 6929] <... futex resumed>) = 1 [pid 6948] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6929] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] <... ioctl resumed>) = 0 [pid 6948] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6929] <... futex resumed>) = 0 [ 135.658718][ T6930] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6948] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6930] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6930] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] exit_group(0 [pid 6948] <... futex resumed>) = ? [pid 6930] <... futex resumed>) = ? [pid 6929] <... exit_group resumed>) = ? [pid 6948] +++ exited with 0 +++ [pid 6930] +++ exited with 0 +++ [pid 6929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6929, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 [ 135.709054][ T6930] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 135.731901][ T6930] BTRFS info (device loop0): balance: ended with status: 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6949 attached [pid 6949] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6949] chdir("./94") = 0 [pid 6949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6949 [pid 6949] setpgid(0, 0) = 0 [pid 6949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6949] write(3, "1000", 4) = 4 [pid 6949] close(3) = 0 [pid 6949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6949] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6949] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6949] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6949] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6950 attached [pid 6950] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6950] set_robust_list(0x7f0bd5e299a0, 24 [pid 6949] <... clone3 resumed> => {parent_tid=[6950]}, 88) = 6950 [pid 6950] <... set_robust_list resumed>) = 0 [pid 6950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6950] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6950] <... futex resumed>) = 0 [pid 6949] <... futex resumed>) = 1 [pid 6950] memfd_create("syzkaller", 0 [pid 6949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6950] <... memfd_create resumed>) = 3 [pid 6950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6950] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6950] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6950] close(3) = 0 [pid 6950] mkdir("./file0", 0777) = 0 [ 136.223096][ T6950] loop0: detected capacity change from 0 to 32768 [ 136.243266][ T6950] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6950) [ 136.259257][ T6950] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 136.268565][ T6950] BTRFS info (device loop0): force clearing of disk cache [ 136.275778][ T6950] BTRFS info (device loop0): setting nodatasum [ 136.281932][ T6950] BTRFS info (device loop0): allowing degraded mounts [ 136.288805][ T6950] BTRFS info (device loop0): enabling disk space caching [ 136.295872][ T6950] BTRFS info (device loop0): disk space caching is enabled [ 136.314543][ T6950] BTRFS info (device loop0): enabling ssd optimizations [ 136.321518][ T6950] BTRFS info (device loop0): auto enabling async discard [ 136.329585][ T6950] BTRFS info (device loop0): rebuilding free space tree [ 136.340597][ T6950] BTRFS info (device loop0): disabling free space tree [ 136.347588][ T6950] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 136.357267][ T6950] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 6950] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6950] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6950] chdir("./file0") = 0 [pid 6950] ioctl(4, LOOP_CLR_FD) = 0 [pid 6950] close(4) = 0 [pid 6950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6950] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6949] <... futex resumed>) = 0 [pid 6949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6950] <... futex resumed>) = 0 [pid 6949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6950] open("./file0", O_RDONLY) = 4 [ 136.370007][ T6950] BTRFS info (device loop0): checking UUID tree [pid 6950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6949] <... futex resumed>) = 0 [pid 6949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6950] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6949] <... futex resumed>) = 0 [pid 6950] <... ioctl resumed>) = 0 [pid 6950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6950] <... futex resumed>) = 0 [pid 6949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6950] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6949] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6949] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6968]}, 88) = 6968 [pid 6949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6949] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6949] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6968 attached [pid 6968] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6968] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6968] open(".", O_RDONLY) = 5 [pid 6968] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6949] <... futex resumed>) = 0 [pid 6968] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6949] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6949] <... futex resumed>) = 0 [pid 6968] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 136.446809][ T6950] BTRFS info (device loop0): balance: start -d -m [ 136.455296][ T6950] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 136.479965][ T6950] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6949] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6968] <... ioctl resumed>) = 0 [pid 6968] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6949] <... futex resumed>) = 0 [pid 6968] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6950] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6949] exit_group(0 [pid 6968] <... futex resumed>) = ? [pid 6949] <... exit_group resumed>) = ? [pid 6968] +++ exited with 0 +++ [pid 6950] +++ exited with 0 +++ [pid 6949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6949, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 136.548292][ T6950] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 136.570052][ T6950] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 136.588474][ T6950] BTRFS info (device loop0): balance: ended with status: 0 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6969 attached [pid 6969] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6969] chdir("./95" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6969 [pid 6969] <... chdir resumed>) = 0 [pid 6969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6969] setpgid(0, 0) = 0 [pid 6969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6969] write(3, "1000", 4) = 4 [pid 6969] close(3) = 0 [pid 6969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6969] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6969] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6969] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6969] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6970 attached [pid 6970] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6969] <... clone3 resumed> => {parent_tid=[6970]}, 88) = 6970 [pid 6970] set_robust_list(0x7f0bd5e299a0, 24 [pid 6969] rt_sigprocmask(SIG_SETMASK, [], [pid 6970] <... set_robust_list resumed>) = 0 [pid 6969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6969] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] memfd_create("syzkaller", 0 [pid 6969] <... futex resumed>) = 0 [pid 6969] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6970] <... memfd_create resumed>) = 3 [pid 6970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6970] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6970] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6970] close(3) = 0 [pid 6970] mkdir("./file0", 0777) = 0 [ 137.049111][ T6970] loop0: detected capacity change from 0 to 32768 [ 137.066737][ T6970] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6970) [ 137.081740][ T6970] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 137.091035][ T6970] BTRFS info (device loop0): force clearing of disk cache [pid 6970] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6970] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6970] chdir("./file0") = 0 [ 137.098203][ T6970] BTRFS info (device loop0): setting nodatasum [ 137.104447][ T6970] BTRFS info (device loop0): allowing degraded mounts [ 137.111229][ T6970] BTRFS info (device loop0): enabling disk space caching [pid 6970] ioctl(4, LOOP_CLR_FD) = 0 [pid 6970] close(4) = 0 [pid 6970] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... futex resumed>) = 0 [pid 6970] <... futex resumed>) = 1 [pid 6969] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] open("./file0", O_RDONLY [pid 6969] <... futex resumed>) = 0 [pid 6969] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] <... open resumed>) = 4 [pid 6970] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6969] <... futex resumed>) = 0 [pid 6970] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6969] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] <... ioctl resumed>) = 0 [pid 6969] <... futex resumed>) = 0 [pid 6970] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] <... futex resumed>) = 0 [pid 6969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6970] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6969] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6969] <... futex resumed>) = 0 [pid 6970] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6969] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6969] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6969] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6969] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[6988]}, 88) = 6988 [pid 6969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6969] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6969] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6988 attached [pid 6988] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 6988] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 6988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6988] open(".", O_RDONLY) = 5 [pid 6988] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6969] <... futex resumed>) = 0 [pid 6988] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6969] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6969] <... futex resumed>) = 0 [pid 6988] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 6969] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... ioctl resumed>) = 0 [pid 6988] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6988] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6969] <... futex resumed>) = 0 [pid 6970] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6970] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] exit_group(0 [pid 6988] <... futex resumed>) = ? [pid 6969] <... exit_group resumed>) = ? [pid 6988] +++ exited with 0 +++ [pid 6970] <... futex resumed>) = ? [pid 6970] +++ exited with 0 +++ [pid 6969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6969, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6989 attached [pid 6989] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 6989] chdir("./96") = 0 [pid 6989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 6989 [pid 6989] setpgid(0, 0) = 0 [pid 6989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6989] write(3, "1000", 4) = 4 [pid 6989] close(3) = 0 [pid 6989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6989] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6989] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 6989] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 6989] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 6990 attached [pid 6990] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 6989] <... clone3 resumed> => {parent_tid=[6990]}, 88) = 6990 [pid 6990] set_robust_list(0x7f0bd5e299a0, 24 [pid 6989] rt_sigprocmask(SIG_SETMASK, [], [pid 6990] <... set_robust_list resumed>) = 0 [pid 6990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6990] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6989] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = 0 [pid 6989] <... futex resumed>) = 1 [pid 6990] memfd_create("syzkaller", 0 [pid 6989] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6990] <... memfd_create resumed>) = 3 [pid 6990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 6990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6990] munmap(0x7f0bcda09000, 138412032) = 0 [pid 6990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6990] close(3) = 0 [pid 6990] mkdir("./file0", 0777) = 0 [ 137.820716][ T6990] loop0: detected capacity change from 0 to 32768 [ 137.831008][ T6990] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (6990) [ 137.846684][ T6990] _btrfs_printk: 14 callbacks suppressed [ 137.846699][ T6990] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 137.861916][ T6990] BTRFS info (device loop0): force clearing of disk cache [ 137.869172][ T6990] BTRFS info (device loop0): setting nodatasum [ 137.875396][ T6990] BTRFS info (device loop0): allowing degraded mounts [ 137.882170][ T6990] BTRFS info (device loop0): enabling disk space caching [ 137.889228][ T6990] BTRFS info (device loop0): disk space caching is enabled [ 137.907833][ T6990] BTRFS info (device loop0): enabling ssd optimizations [pid 6990] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6990] chdir("./file0") = 0 [pid 6990] ioctl(4, LOOP_CLR_FD) = 0 [pid 6990] close(4) = 0 [pid 6990] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 137.914905][ T6990] BTRFS info (device loop0): auto enabling async discard [ 137.922685][ T6990] BTRFS info (device loop0): rebuilding free space tree [ 137.933576][ T6990] BTRFS info (device loop0): disabling free space tree [ 137.940769][ T6990] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 137.950465][ T6990] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 137.963416][ T6990] BTRFS info (device loop0): checking UUID tree [pid 6990] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6989] <... futex resumed>) = 0 [pid 6989] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] <... futex resumed>) = 0 [pid 6989] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6990] open("./file0", O_RDONLY) = 4 [pid 6990] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6989] <... futex resumed>) = 0 [pid 6989] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6989] <... futex resumed>) = 0 [pid 6990] <... ioctl resumed>) = 0 [pid 6989] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6990] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6989] <... futex resumed>) = 0 [pid 6990] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6989] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6989] <... futex resumed>) = 0 [pid 6990] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6989] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6989] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 6989] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7008 attached => {parent_tid=[7008]}, 88) = 7008 [pid 7008] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 6989] rt_sigprocmask(SIG_SETMASK, [], [pid 7008] <... rseq resumed>) = 0 [pid 7008] set_robust_list(0x7f0bd5e089a0, 24 [pid 6989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6989] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7008] <... set_robust_list resumed>) = 0 [ 138.051206][ T6990] BTRFS info (device loop0): balance: start -d -m [ 138.059682][ T6990] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 138.086562][ T6990] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6989] <... futex resumed>) = 0 [pid 7008] rt_sigprocmask(SIG_SETMASK, [], [pid 6989] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7008] open(".", O_RDONLY) = 5 [pid 7008] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6989] <... futex resumed>) = 0 [pid 7008] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6989] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6989] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7008] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7008] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6989] <... futex resumed>) = 0 [pid 7008] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6990] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6989] exit_group(0 [pid 7008] <... futex resumed>) = ? [pid 6990] <... futex resumed>) = ? [pid 6989] <... exit_group resumed>) = ? [pid 7008] +++ exited with 0 +++ [pid 6990] +++ exited with 0 +++ [pid 6989] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6989, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 138.126561][ T6990] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 138.148394][ T6990] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 138.166756][ T6990] BTRFS info (device loop0): balance: ended with status: 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7009 attached [pid 7009] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7009 [pid 7009] chdir("./97") = 0 [pid 7009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7009] setpgid(0, 0) = 0 [pid 7009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7009] write(3, "1000", 4) = 4 [pid 7009] close(3) = 0 [pid 7009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7009] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7009] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7010 attached [pid 7010] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7009] <... clone3 resumed> => {parent_tid=[7010]}, 88) = 7010 [pid 7010] set_robust_list(0x7f0bd5e299a0, 24 [pid 7009] rt_sigprocmask(SIG_SETMASK, [], [pid 7010] <... set_robust_list resumed>) = 0 [pid 7009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7010] rt_sigprocmask(SIG_SETMASK, [], [pid 7009] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7010] memfd_create("syzkaller", 0 [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7010] <... memfd_create resumed>) = 3 [pid 7010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7010] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7010] close(3) = 0 [pid 7010] mkdir("./file0", 0777) = 0 [ 138.672101][ T7010] loop0: detected capacity change from 0 to 32768 [ 138.681592][ T7010] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7010) [ 138.697070][ T7010] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 138.706343][ T7010] BTRFS info (device loop0): force clearing of disk cache [ 138.713446][ T7010] BTRFS info (device loop0): setting nodatasum [ 138.719761][ T7010] BTRFS info (device loop0): allowing degraded mounts [ 138.726572][ T7010] BTRFS info (device loop0): enabling disk space caching [ 138.733608][ T7010] BTRFS info (device loop0): disk space caching is enabled [ 138.753285][ T7010] BTRFS info (device loop0): enabling ssd optimizations [ 138.760426][ T7010] BTRFS info (device loop0): auto enabling async discard [pid 7010] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7010] chdir("./file0") = 0 [pid 7010] ioctl(4, LOOP_CLR_FD) = 0 [pid 7010] close(4) = 0 [pid 7010] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7009] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] <... futex resumed>) = 0 [ 138.768427][ T7010] BTRFS info (device loop0): rebuilding free space tree [ 138.779111][ T7010] BTRFS info (device loop0): disabling free space tree [ 138.786096][ T7010] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 138.795806][ T7010] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 138.808662][ T7010] BTRFS info (device loop0): checking UUID tree [pid 7010] open("./file0", O_RDONLY) = 4 [pid 7010] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] <... futex resumed>) = 0 [pid 7010] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7010] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] <... futex resumed>) = 1 [pid 7009] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7009] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] <... futex resumed>) = 0 [pid 7009] <... futex resumed>) = 1 [pid 7010] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7009] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7009] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7009] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7028 attached [pid 7028] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7009] <... clone3 resumed> => {parent_tid=[7028]}, 88) = 7028 [pid 7028] <... rseq resumed>) = 0 [pid 7009] rt_sigprocmask(SIG_SETMASK, [], [pid 7028] set_robust_list(0x7f0bd5e089a0, 24 [pid 7009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7028] <... set_robust_list resumed>) = 0 [pid 7009] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] rt_sigprocmask(SIG_SETMASK, [], [pid 7009] <... futex resumed>) = 0 [pid 7028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7009] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7028] open(".", O_RDONLY) = 5 [pid 7028] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7009] <... futex resumed>) = 0 [pid 7028] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] <... futex resumed>) = 0 [pid 7009] <... futex resumed>) = 1 [pid 7028] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 138.872554][ T7010] BTRFS info (device loop0): balance: start -d -m [ 138.883515][ T7010] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 138.908432][ T7010] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7009] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7028] <... ioctl resumed>) = 0 [pid 7028] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7009] <... futex resumed>) = 0 [pid 7028] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7010] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7010] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] exit_group(0 [pid 7028] <... futex resumed>) = ? [pid 7010] <... futex resumed>) = ? [pid 7028] +++ exited with 0 +++ [pid 7009] <... exit_group resumed>) = ? [pid 7010] +++ exited with 0 +++ [pid 7009] +++ exited with 0 +++ [ 138.982580][ T7010] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 139.003174][ T7010] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 139.020772][ T7010] BTRFS info (device loop0): balance: ended with status: 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7009, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7029 attached [pid 7029] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7029] chdir("./98") = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7029 [pid 7029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7029] setpgid(0, 0) = 0 [pid 7029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7029] write(3, "1000", 4) = 4 [pid 7029] close(3) = 0 [pid 7029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7029] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7029] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7030 attached => {parent_tid=[7030]}, 88) = 7030 [pid 7030] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7029] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7030] <... rseq resumed>) = 0 [pid 7030] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7030] memfd_create("syzkaller", 0) = 3 [pid 7030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7030] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7030] close(3) = 0 [pid 7030] mkdir("./file0", 0777) = 0 [ 139.554425][ T7030] loop0: detected capacity change from 0 to 32768 [ 139.580163][ T7030] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7030) [ 139.596349][ T7030] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 139.605679][ T7030] BTRFS info (device loop0): force clearing of disk cache [ 139.612790][ T7030] BTRFS info (device loop0): setting nodatasum [ 139.619289][ T7030] BTRFS info (device loop0): allowing degraded mounts [ 139.626113][ T7030] BTRFS info (device loop0): enabling disk space caching [ 139.633129][ T7030] BTRFS info (device loop0): disk space caching is enabled [ 139.653628][ T7030] BTRFS info (device loop0): enabling ssd optimizations [ 139.660646][ T7030] BTRFS info (device loop0): auto enabling async discard [ 139.668555][ T7030] BTRFS info (device loop0): rebuilding free space tree [ 139.680241][ T7030] BTRFS info (device loop0): disabling free space tree [ 139.687297][ T7030] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7030] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7030] chdir("./file0") = 0 [pid 7030] ioctl(4, LOOP_CLR_FD) = 0 [pid 7030] close(4) = 0 [pid 7030] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7030] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] <... futex resumed>) = 0 [pid 7029] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = 0 [pid 7029] <... futex resumed>) = 1 [pid 7030] open("./file0", O_RDONLY [pid 7029] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] <... open resumed>) = 4 [ 139.697391][ T7030] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 139.710029][ T7030] BTRFS info (device loop0): checking UUID tree [pid 7030] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7030] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7029] <... futex resumed>) = 0 [pid 7030] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7029] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] <... ioctl resumed>) = 0 [pid 7030] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7029] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7029] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7029] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7029] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7048 attached => {parent_tid=[7048]}, 88) = 7048 [pid 7048] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7029] rt_sigprocmask(SIG_SETMASK, [], [pid 7048] <... rseq resumed>) = 0 [pid 7029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7048] set_robust_list(0x7f0bd5e089a0, 24 [pid 7029] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... set_robust_list resumed>) = 0 [pid 7029] <... futex resumed>) = 0 [pid 7048] rt_sigprocmask(SIG_SETMASK, [], [pid 7029] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7048] open(".", O_RDONLY) = 5 [pid 7048] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7029] <... futex resumed>) = 0 [pid 7048] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7029] <... futex resumed>) = 0 [pid 7048] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 139.778760][ T7030] BTRFS info (device loop0): balance: start -d -m [ 139.788397][ T7030] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 139.815077][ T7030] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7029] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7048] <... ioctl resumed>) = 0 [pid 7048] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7029] <... futex resumed>) = 0 [pid 7048] <... futex resumed>) = 1 [pid 7048] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7030] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7030] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] exit_group(0 [pid 7048] <... futex resumed>) = ? [pid 7048] +++ exited with 0 +++ [pid 7029] <... exit_group resumed>) = ? [pid 7030] <... futex resumed>) = ? [pid 7030] +++ exited with 0 +++ [pid 7029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7029, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- [ 139.892328][ T7030] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 139.913799][ T7030] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 139.931861][ T7030] BTRFS info (device loop0): balance: ended with status: 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7049 attached , child_tidptr=0x5555570ad690) = 7049 [pid 7049] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7049] chdir("./99") = 0 [pid 7049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7049] setpgid(0, 0) = 0 [pid 7049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7049] write(3, "1000", 4) = 4 [pid 7049] close(3) = 0 [pid 7049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7049] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7049] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7049] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7050 attached [pid 7050] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7049] <... clone3 resumed> => {parent_tid=[7050]}, 88) = 7050 [pid 7050] set_robust_list(0x7f0bd5e299a0, 24 [pid 7049] rt_sigprocmask(SIG_SETMASK, [], [pid 7050] <... set_robust_list resumed>) = 0 [pid 7049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7050] rt_sigprocmask(SIG_SETMASK, [], [pid 7049] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7049] <... futex resumed>) = 0 [pid 7050] memfd_create("syzkaller", 0 [pid 7049] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7050] <... memfd_create resumed>) = 3 [pid 7050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7050] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7050] close(3) = 0 [pid 7050] mkdir("./file0", 0777) = 0 [ 140.431710][ T7050] loop0: detected capacity change from 0 to 32768 [ 140.456102][ T7050] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7050) [ 140.472013][ T7050] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 140.481383][ T7050] BTRFS info (device loop0): force clearing of disk cache [ 140.488597][ T7050] BTRFS info (device loop0): setting nodatasum [ 140.494822][ T7050] BTRFS info (device loop0): allowing degraded mounts [ 140.501612][ T7050] BTRFS info (device loop0): enabling disk space caching [ 140.508679][ T7050] BTRFS info (device loop0): disk space caching is enabled [ 140.529760][ T7050] BTRFS info (device loop0): enabling ssd optimizations [ 140.536799][ T7050] BTRFS info (device loop0): auto enabling async discard [ 140.544905][ T7050] BTRFS info (device loop0): rebuilding free space tree [ 140.556178][ T7050] BTRFS info (device loop0): disabling free space tree [ 140.563334][ T7050] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7050] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7050] chdir("./file0") = 0 [pid 7050] ioctl(4, LOOP_CLR_FD) = 0 [pid 7050] close(4) = 0 [pid 7050] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] <... futex resumed>) = 0 [pid 7050] <... futex resumed>) = 1 [pid 7049] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] open("./file0", O_RDONLY [pid 7049] <... futex resumed>) = 0 [pid 7049] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7050] <... open resumed>) = 4 [pid 7050] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7050] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7049] <... futex resumed>) = 0 [pid 7049] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7050] <... futex resumed>) = 0 [ 140.573467][ T7050] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 140.586814][ T7050] BTRFS info (device loop0): checking UUID tree [pid 7050] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7050] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7050] <... futex resumed>) = 0 [pid 7049] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7049] <... futex resumed>) = 0 [pid 7049] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7049] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7049] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7068]}, 88) = 7068 [pid 7049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7049] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7049] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7068 attached [pid 7068] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7068] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7068] open(".", O_RDONLY) = 5 [pid 7068] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7049] <... futex resumed>) = 0 [pid 7068] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7049] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7049] <... futex resumed>) = 0 [pid 7068] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 140.660574][ T7050] BTRFS info (device loop0): balance: start -d -m [ 140.669315][ T7050] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 140.698095][ T7050] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7049] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7068] <... ioctl resumed>) = 0 [pid 7068] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7049] <... futex resumed>) = 0 [pid 7068] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7050] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7050] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] exit_group(0 [pid 7068] <... futex resumed>) = ? [pid 7050] <... futex resumed>) = ? [pid 7049] <... exit_group resumed>) = ? [pid 7068] +++ exited with 0 +++ [pid 7050] +++ exited with 0 +++ [pid 7049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7049, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 140.769377][ T7050] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 140.790910][ T7050] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 140.809684][ T7050] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7069 attached [pid 7069] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7069] chdir("./100") = 0 [pid 7069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7069] setpgid(0, 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7069 [pid 7069] <... setpgid resumed>) = 0 [pid 7069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7069] write(3, "1000", 4) = 4 [pid 7069] close(3) = 0 [pid 7069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7069] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7069] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7069] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7070 attached [pid 7070] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7070] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7070] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7069] <... clone3 resumed> => {parent_tid=[7070]}, 88) = 7070 [pid 7069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7069] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] <... futex resumed>) = 0 [pid 7069] <... futex resumed>) = 1 [pid 7070] memfd_create("syzkaller", 0 [pid 7069] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7070] <... memfd_create resumed>) = 3 [pid 7070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7070] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7070] close(3) = 0 [pid 7070] mkdir("./file0", 0777) = 0 [ 141.340316][ T7070] loop0: detected capacity change from 0 to 32768 [ 141.354309][ T7070] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7070) [ 141.370547][ T7070] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 141.379877][ T7070] BTRFS info (device loop0): force clearing of disk cache [ 141.387034][ T7070] BTRFS info (device loop0): setting nodatasum [ 141.393184][ T7070] BTRFS info (device loop0): allowing degraded mounts [ 141.400041][ T7070] BTRFS info (device loop0): enabling disk space caching [ 141.407125][ T7070] BTRFS info (device loop0): disk space caching is enabled [ 141.427149][ T7070] BTRFS info (device loop0): enabling ssd optimizations [pid 7070] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7070] chdir("./file0") = 0 [pid 7070] ioctl(4, LOOP_CLR_FD) = 0 [pid 7070] close(4) = 0 [pid 7070] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7069] <... futex resumed>) = 0 [pid 7070] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7069] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7069] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7070] open("./file0", O_RDONLY) = 4 [ 141.434180][ T7070] BTRFS info (device loop0): auto enabling async discard [ 141.442021][ T7070] BTRFS info (device loop0): rebuilding free space tree [ 141.452909][ T7070] BTRFS info (device loop0): disabling free space tree [ 141.459972][ T7070] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 141.469717][ T7070] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 141.482559][ T7070] BTRFS info (device loop0): checking UUID tree [pid 7070] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7069] <... futex resumed>) = 0 [pid 7070] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7069] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] <... futex resumed>) = 0 [pid 7069] <... futex resumed>) = 1 [pid 7070] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7069] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7070] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7070] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7069] <... futex resumed>) = 0 [pid 7069] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7069] <... futex resumed>) = 0 [pid 7070] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7069] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7069] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7069] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7088]}, 88) = 7088 [pid 7069] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7088 attached NULL, 8) = 0 [pid 7088] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7069] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] <... rseq resumed>) = 0 [pid 7069] <... futex resumed>) = 0 [pid 7088] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7069] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7088] open(".", O_RDONLY) = 5 [pid 7088] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7069] <... futex resumed>) = 0 [pid 7088] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7069] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 141.560706][ T7070] BTRFS info (device loop0): balance: start -d -m [ 141.569548][ T7070] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 141.590944][ T7070] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7069] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7088] <... ioctl resumed>) = 0 [pid 7088] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7069] <... futex resumed>) = 0 [ 141.645820][ T7070] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 7088] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7070] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7070] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7070] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7069] exit_group(0 [pid 7088] <... futex resumed>) = ? [pid 7070] <... futex resumed>) = ? [pid 7069] <... exit_group resumed>) = ? [pid 7088] +++ exited with 0 +++ [pid 7070] +++ exited with 0 +++ [pid 7069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7069, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 141.686300][ T7070] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 141.704233][ T7070] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7089 attached , child_tidptr=0x5555570ad690) = 7089 [pid 7089] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7089] chdir("./101") = 0 [pid 7089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7089] setpgid(0, 0) = 0 [pid 7089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7089] write(3, "1000", 4) = 4 [pid 7089] close(3) = 0 [pid 7089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7089] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7089] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7089] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7090 attached [pid 7090] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7089] <... clone3 resumed> => {parent_tid=[7090]}, 88) = 7090 [pid 7090] set_robust_list(0x7f0bd5e299a0, 24 [pid 7089] rt_sigprocmask(SIG_SETMASK, [], [pid 7090] <... set_robust_list resumed>) = 0 [pid 7089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7090] rt_sigprocmask(SIG_SETMASK, [], [pid 7089] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7089] <... futex resumed>) = 0 [pid 7090] memfd_create("syzkaller", 0 [pid 7089] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7090] <... memfd_create resumed>) = 3 [pid 7090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7090] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7090] close(3) = 0 [pid 7090] mkdir("./file0", 0777) = 0 [ 142.249912][ T7090] loop0: detected capacity change from 0 to 32768 [ 142.263638][ T7090] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7090) [ 142.279848][ T7090] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 142.289194][ T7090] BTRFS info (device loop0): force clearing of disk cache [pid 7090] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7090] chdir("./file0") = 0 [pid 7090] ioctl(4, LOOP_CLR_FD) = 0 [pid 7090] close(4) = 0 [pid 7090] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7090] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] <... futex resumed>) = 0 [pid 7089] <... futex resumed>) = 1 [pid 7090] open("./file0", O_RDONLY [pid 7089] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] <... open resumed>) = 4 [ 142.296470][ T7090] BTRFS info (device loop0): setting nodatasum [ 142.302633][ T7090] BTRFS info (device loop0): allowing degraded mounts [ 142.309471][ T7090] BTRFS info (device loop0): enabling disk space caching [pid 7090] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] <... futex resumed>) = 1 [pid 7089] <... futex resumed>) = 0 [pid 7090] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7089] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] <... ioctl resumed>) = 0 [pid 7090] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7089] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7089] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7108 attached => {parent_tid=[7108]}, 88) = 7108 [pid 7089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7089] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7089] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7108] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7108] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7108] open(".", O_RDONLY) = 5 [pid 7108] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7108] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7108] <... futex resumed>) = 0 [pid 7089] <... futex resumed>) = 1 [pid 7108] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7089] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7108] <... ioctl resumed>) = 0 [pid 7090] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7108] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7089] <... futex resumed>) = 0 [pid 7108] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7090] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7089] exit_group(0 [pid 7108] <... futex resumed>) = ? [pid 7090] <... futex resumed>) = ? [pid 7089] <... exit_group resumed>) = ? [pid 7108] +++ exited with 0 +++ [pid 7090] +++ exited with 0 +++ [pid 7089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7089, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7109 attached , child_tidptr=0x5555570ad690) = 7109 [pid 7109] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7109] chdir("./102") = 0 [pid 7109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7109] setpgid(0, 0) = 0 [pid 7109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7109] write(3, "1000", 4) = 4 [pid 7109] close(3) = 0 [pid 7109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7109] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7109] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7109] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7109] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7110 attached [pid 7110] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7110] set_robust_list(0x7f0bd5e299a0, 24 [pid 7109] <... clone3 resumed> => {parent_tid=[7110]}, 88) = 7110 [pid 7110] <... set_robust_list resumed>) = 0 [pid 7109] rt_sigprocmask(SIG_SETMASK, [], [pid 7110] rt_sigprocmask(SIG_SETMASK, [], [pid 7109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7109] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] memfd_create("syzkaller", 0 [pid 7109] <... futex resumed>) = 0 [pid 7109] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7110] <... memfd_create resumed>) = 3 [pid 7110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7110] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7110] close(3) = 0 [pid 7110] mkdir("./file0", 0777) = 0 [ 142.993922][ T7110] loop0: detected capacity change from 0 to 32768 [ 143.019146][ T7110] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7110) [ 143.034415][ T7110] _btrfs_printk: 14 callbacks suppressed [ 143.034433][ T7110] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 143.049699][ T7110] BTRFS info (device loop0): force clearing of disk cache [ 143.056967][ T7110] BTRFS info (device loop0): setting nodatasum [ 143.063160][ T7110] BTRFS info (device loop0): allowing degraded mounts [ 143.070067][ T7110] BTRFS info (device loop0): enabling disk space caching [ 143.077284][ T7110] BTRFS info (device loop0): disk space caching is enabled [ 143.096898][ T7110] BTRFS info (device loop0): enabling ssd optimizations [ 143.104175][ T7110] BTRFS info (device loop0): auto enabling async discard [ 143.111978][ T7110] BTRFS info (device loop0): rebuilding free space tree [ 143.122909][ T7110] BTRFS info (device loop0): disabling free space tree [ 143.129910][ T7110] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7110] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7110] chdir("./file0") = 0 [pid 7110] ioctl(4, LOOP_CLR_FD) = 0 [pid 7110] close(4) = 0 [pid 7110] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7110] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7109] <... futex resumed>) = 0 [pid 7109] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... futex resumed>) = 0 [pid 7109] <... futex resumed>) = 1 [pid 7110] open("./file0", O_RDONLY [pid 7109] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7110] <... open resumed>) = 4 [pid 7110] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7109] <... futex resumed>) = 0 [pid 7110] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7109] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7109] <... futex resumed>) = 0 [pid 7110] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7109] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7110] <... ioctl resumed>) = 0 [pid 7110] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] <... futex resumed>) = 0 [pid 7109] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 143.139589][ T7110] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 143.152596][ T7110] BTRFS info (device loop0): checking UUID tree [pid 7109] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7110] <... futex resumed>) = 1 [pid 7110] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7109] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7109] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7109] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7128]}, 88) = 7128 [pid 7109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7109] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7109] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7128 attached [pid 7128] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7128] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7128] open(".", O_RDONLY) = 5 [pid 7128] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7128] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7109] <... futex resumed>) = 0 [pid 7109] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7128] <... futex resumed>) = 0 [pid 7128] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 143.216237][ T7110] BTRFS info (device loop0): balance: start -d -m [ 143.226568][ T7110] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 143.251946][ T7110] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7109] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] <... ioctl resumed>) = 0 [pid 7128] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7109] <... futex resumed>) = 0 [pid 7128] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7110] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7110] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7109] exit_group(0 [pid 7110] ???( [pid 7128] <... futex resumed>) = ? [pid 7109] <... exit_group resumed>) = ? [pid 7128] +++ exited with 0 +++ [pid 7110] <... ??? resumed>) = ? [pid 7110] +++ exited with 0 +++ [pid 7109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7109, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 143.328816][ T7110] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 143.350520][ T7110] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 143.370097][ T7110] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7129 attached , child_tidptr=0x5555570ad690) = 7129 [pid 7129] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7129] chdir("./103") = 0 [pid 7129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7129] setpgid(0, 0) = 0 [pid 7129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7129] write(3, "1000", 4) = 4 [pid 7129] close(3) = 0 [pid 7129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7129] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7129] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7130 attached [pid 7130] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7129] <... clone3 resumed> => {parent_tid=[7130]}, 88) = 7130 [pid 7130] <... rseq resumed>) = 0 [pid 7129] rt_sigprocmask(SIG_SETMASK, [], [pid 7130] set_robust_list(0x7f0bd5e299a0, 24 [pid 7129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7130] <... set_robust_list resumed>) = 0 [pid 7129] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] rt_sigprocmask(SIG_SETMASK, [], [pid 7129] <... futex resumed>) = 0 [pid 7130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7129] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7130] memfd_create("syzkaller", 0) = 3 [pid 7130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7130] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7130] close(3) = 0 [pid 7130] mkdir("./file0", 0777) = 0 [ 143.890029][ T7130] loop0: detected capacity change from 0 to 32768 [ 143.899747][ T7130] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7130) [ 143.914919][ T7130] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 143.924202][ T7130] BTRFS info (device loop0): force clearing of disk cache [ 143.931312][ T7130] BTRFS info (device loop0): setting nodatasum [ 143.937532][ T7130] BTRFS info (device loop0): allowing degraded mounts [ 143.944358][ T7130] BTRFS info (device loop0): enabling disk space caching [ 143.951377][ T7130] BTRFS info (device loop0): disk space caching is enabled [ 143.970498][ T7130] BTRFS info (device loop0): enabling ssd optimizations [ 143.977522][ T7130] BTRFS info (device loop0): auto enabling async discard [pid 7130] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7130] chdir("./file0") = 0 [pid 7130] ioctl(4, LOOP_CLR_FD) = 0 [pid 7130] close(4) = 0 [pid 7130] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7130] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] <... futex resumed>) = 0 [pid 7129] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 143.985647][ T7130] BTRFS info (device loop0): rebuilding free space tree [ 143.996773][ T7130] BTRFS info (device loop0): disabling free space tree [ 144.003694][ T7130] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 144.013540][ T7130] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 144.026476][ T7130] BTRFS info (device loop0): checking UUID tree [pid 7130] open("./file0", O_RDONLY) = 4 [pid 7130] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7130] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7129] <... futex resumed>) = 0 [pid 7130] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7129] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7130] <... ioctl resumed>) = 0 [pid 7130] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7130] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7129] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7129] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7129] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7148]}, 88) = 7148 [pid 7129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7129] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7148 attached [ 144.105699][ T7130] BTRFS info (device loop0): balance: start -d -m [ 144.117189][ T7130] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 144.142178][ T7130] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7148] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7148] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7148] open(".", O_RDONLY) = 5 [pid 7148] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7129] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7148] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7148] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7148] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] <... futex resumed>) = 0 [ 144.191094][ T7130] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 144.222755][ T7130] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7130] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7130] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7130] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] exit_group(0 [pid 7130] <... futex resumed>) = ? [pid 7129] <... exit_group resumed>) = ? [pid 7130] +++ exited with 0 +++ [pid 7148] <... futex resumed>) = ? [pid 7148] +++ exited with 0 +++ [pid 7129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7129, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 144.240207][ T7130] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7149 attached [pid 7149] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7149] chdir("./104") = 0 [pid 7149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7149 [pid 7149] setpgid(0, 0) = 0 [pid 7149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7149] write(3, "1000", 4) = 4 [pid 7149] close(3) = 0 [pid 7149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7149] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7149] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7149] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7150 attached [pid 7150] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7149] <... clone3 resumed> => {parent_tid=[7150]}, 88) = 7150 [pid 7150] <... rseq resumed>) = 0 [pid 7149] rt_sigprocmask(SIG_SETMASK, [], [pid 7150] set_robust_list(0x7f0bd5e299a0, 24 [pid 7149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7150] <... set_robust_list resumed>) = 0 [pid 7149] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7150] rt_sigprocmask(SIG_SETMASK, [], [pid 7149] <... futex resumed>) = 0 [pid 7150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7149] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7150] memfd_create("syzkaller", 0) = 3 [pid 7150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7150] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7150] close(3) = 0 [pid 7150] mkdir("./file0", 0777) = 0 [ 144.790835][ T7150] loop0: detected capacity change from 0 to 32768 [ 144.804964][ T7150] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7150) [ 144.820758][ T7150] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 144.830084][ T7150] BTRFS info (device loop0): force clearing of disk cache [ 144.837427][ T7150] BTRFS info (device loop0): setting nodatasum [ 144.843612][ T7150] BTRFS info (device loop0): allowing degraded mounts [ 144.850464][ T7150] BTRFS info (device loop0): enabling disk space caching [ 144.857521][ T7150] BTRFS info (device loop0): disk space caching is enabled [ 144.876565][ T7150] BTRFS info (device loop0): enabling ssd optimizations [ 144.883683][ T7150] BTRFS info (device loop0): auto enabling async discard [pid 7150] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7150] chdir("./file0") = 0 [pid 7150] ioctl(4, LOOP_CLR_FD) = 0 [ 144.892062][ T7150] BTRFS info (device loop0): rebuilding free space tree [ 144.903431][ T7150] BTRFS info (device loop0): disabling free space tree [ 144.910646][ T7150] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 144.920451][ T7150] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 144.933161][ T7150] BTRFS info (device loop0): checking UUID tree [pid 7150] close(4) = 0 [pid 7150] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7150] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7149] <... futex resumed>) = 0 [pid 7149] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7150] <... futex resumed>) = 0 [pid 7149] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7150] open("./file0", O_RDONLY) = 4 [pid 7150] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7149] <... futex resumed>) = 0 [pid 7150] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7149] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7149] <... futex resumed>) = 0 [pid 7150] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7149] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7150] <... ioctl resumed>) = 0 [pid 7150] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7149] <... futex resumed>) = 0 [pid 7150] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7149] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7149] <... futex resumed>) = 0 [pid 7150] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7149] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7149] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7149] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7168]}, 88) = 7168 [pid 7149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7149] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7149] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7168 attached [pid 7168] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7168] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7168] open(".", O_RDONLY) = 5 [pid 7168] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7168] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7149] <... futex resumed>) = 0 [pid 7149] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7149] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7168] <... futex resumed>) = 0 [ 144.993164][ T7150] BTRFS info (device loop0): balance: start -d -m [ 145.001805][ T7150] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 145.029999][ T7150] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7168] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7168] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7168] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7149] <... futex resumed>) = 0 [pid 7150] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7150] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7149] exit_group(0 [pid 7168] <... futex resumed>) = ? [pid 7149] <... exit_group resumed>) = ? [pid 7168] +++ exited with 0 +++ [pid 7150] <... futex resumed>) = ? [pid 7150] +++ exited with 0 +++ [pid 7149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7149, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 145.099917][ T7150] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 145.122951][ T7150] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 145.140998][ T7150] BTRFS info (device loop0): balance: ended with status: 0 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7169 attached , child_tidptr=0x5555570ad690) = 7169 [pid 7169] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7169] chdir("./105") = 0 [pid 7169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7169] setpgid(0, 0) = 0 [pid 7169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7169] write(3, "1000", 4) = 4 [pid 7169] close(3) = 0 [pid 7169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7169] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7169] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7169] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7170 attached [pid 7170] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7169] <... clone3 resumed> => {parent_tid=[7170]}, 88) = 7170 [pid 7170] <... rseq resumed>) = 0 [pid 7170] set_robust_list(0x7f0bd5e299a0, 24 [pid 7169] rt_sigprocmask(SIG_SETMASK, [], [pid 7170] <... set_robust_list resumed>) = 0 [pid 7169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7170] rt_sigprocmask(SIG_SETMASK, [], [pid 7169] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7169] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7170] memfd_create("syzkaller", 0) = 3 [pid 7170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7170] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7170] close(3) = 0 [pid 7170] mkdir("./file0", 0777) = 0 [ 145.631264][ T7170] loop0: detected capacity change from 0 to 32768 [ 145.661604][ T7170] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7170) [ 145.676762][ T7170] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 145.686061][ T7170] BTRFS info (device loop0): force clearing of disk cache [ 145.693193][ T7170] BTRFS info (device loop0): setting nodatasum [ 145.699418][ T7170] BTRFS info (device loop0): allowing degraded mounts [ 145.706244][ T7170] BTRFS info (device loop0): enabling disk space caching [ 145.713273][ T7170] BTRFS info (device loop0): disk space caching is enabled [ 145.733347][ T7170] BTRFS info (device loop0): enabling ssd optimizations [ 145.740477][ T7170] BTRFS info (device loop0): auto enabling async discard [ 145.748478][ T7170] BTRFS info (device loop0): rebuilding free space tree [ 145.761145][ T7170] BTRFS info (device loop0): disabling free space tree [ 145.768394][ T7170] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7170] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7170] chdir("./file0") = 0 [pid 7170] ioctl(4, LOOP_CLR_FD) = 0 [pid 7170] close(4) = 0 [pid 7170] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7170] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7169] <... futex resumed>) = 0 [pid 7170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7169] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7170] open("./file0", O_RDONLY [pid 7169] <... futex resumed>) = 0 [pid 7169] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7170] <... open resumed>) = 4 [pid 7170] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7169] <... futex resumed>) = 0 [pid 7169] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7170] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7169] <... futex resumed>) = 0 [pid 7170] <... ioctl resumed>) = 0 [pid 7169] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7170] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7169] <... futex resumed>) = 0 [pid 7170] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7169] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 145.778120][ T7170] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 145.791023][ T7170] BTRFS info (device loop0): checking UUID tree [pid 7169] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7169] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7169] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7188 attached => {parent_tid=[7188]}, 88) = 7188 [pid 7188] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [ 145.845962][ T7170] BTRFS info (device loop0): balance: start -d -m [ 145.854005][ T7170] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 145.874873][ T7170] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7188] set_robust_list(0x7f0bd5e089a0, 24 [pid 7169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7169] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7169] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7188] <... set_robust_list resumed>) = 0 [pid 7188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7188] open(".", O_RDONLY) = 5 [pid 7188] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7169] <... futex resumed>) = 0 [pid 7188] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7169] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7169] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7188] <... ioctl resumed>) = 0 [pid 7188] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7169] <... futex resumed>) = 0 [ 145.918611][ T7170] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 7188] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7170] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7170] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7170] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7169] exit_group(0 [pid 7188] <... futex resumed>) = ? [pid 7170] <... futex resumed>) = ? [pid 7169] <... exit_group resumed>) = ? [pid 7188] +++ exited with 0 +++ [pid 7170] +++ exited with 0 +++ [pid 7169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7169, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 145.967214][ T7170] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 145.993436][ T7170] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7189 attached , child_tidptr=0x5555570ad690) = 7189 [pid 7189] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7189] chdir("./106") = 0 [pid 7189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7189] setpgid(0, 0) = 0 [pid 7189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7189] write(3, "1000", 4) = 4 [pid 7189] close(3) = 0 [pid 7189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7189] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7189] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7189] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7190 attached => {parent_tid=[7190]}, 88) = 7190 [pid 7190] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7190] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7189] rt_sigprocmask(SIG_SETMASK, [], [pid 7190] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7189] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7190] <... futex resumed>) = 0 [pid 7189] <... futex resumed>) = 1 [pid 7190] memfd_create("syzkaller", 0) = 3 [pid 7189] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7190] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7190] close(3) = 0 [pid 7190] mkdir("./file0", 0777) = 0 [ 146.545073][ T7190] loop0: detected capacity change from 0 to 32768 [ 146.555319][ T7190] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7190) [ 146.570282][ T7190] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 146.579650][ T7190] BTRFS info (device loop0): force clearing of disk cache [ 146.586806][ T7190] BTRFS info (device loop0): setting nodatasum [ 146.592958][ T7190] BTRFS info (device loop0): allowing degraded mounts [ 146.599775][ T7190] BTRFS info (device loop0): enabling disk space caching [ 146.607045][ T7190] BTRFS info (device loop0): disk space caching is enabled [ 146.627240][ T7190] BTRFS info (device loop0): enabling ssd optimizations [ 146.634411][ T7190] BTRFS info (device loop0): auto enabling async discard [pid 7190] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7190] chdir("./file0") = 0 [pid 7190] ioctl(4, LOOP_CLR_FD) = 0 [pid 7190] close(4) = 0 [pid 7190] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7189] <... futex resumed>) = 0 [pid 7190] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7189] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7189] <... futex resumed>) = 0 [pid 7189] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 146.642427][ T7190] BTRFS info (device loop0): rebuilding free space tree [ 146.655339][ T7190] BTRFS info (device loop0): disabling free space tree [ 146.662350][ T7190] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 146.672098][ T7190] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 146.684642][ T7190] BTRFS info (device loop0): checking UUID tree [pid 7190] open("./file0", O_RDONLY) = 4 [pid 7190] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7189] <... futex resumed>) = 0 [pid 7190] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7189] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7190] <... futex resumed>) = 0 [pid 7189] <... futex resumed>) = 1 [pid 7190] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7189] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7190] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7190] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7189] <... futex resumed>) = 0 [pid 7189] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7190] <... futex resumed>) = 0 [pid 7189] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7190] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7189] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7189] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 146.766232][ T7190] BTRFS info (device loop0): balance: start -d -m [ 146.775421][ T7190] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 146.799611][ T7190] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7189] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7208 attached => {parent_tid=[7208]}, 88) = 7208 [pid 7189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7189] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7208] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7189] <... futex resumed>) = 0 [pid 7208] <... rseq resumed>) = 0 [pid 7208] set_robust_list(0x7f0bd5e089a0, 24 [pid 7189] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7208] <... set_robust_list resumed>) = 0 [pid 7208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7208] open(".", O_RDONLY) = 5 [pid 7208] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7189] <... futex resumed>) = 0 [pid 7189] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7189] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7208] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7190] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7190] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7190] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7208] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7189] <... futex resumed>) = 0 [pid 7208] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7189] exit_group(0 [pid 7208] <... futex resumed>) = ? [pid 7190] <... futex resumed>) = ? [pid 7189] <... exit_group resumed>) = ? [pid 7208] +++ exited with 0 +++ [pid 7190] +++ exited with 0 +++ [pid 7189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7189, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 146.838303][ T7190] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 146.860918][ T7190] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 146.880787][ T7190] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7209 attached , child_tidptr=0x5555570ad690) = 7209 [pid 7209] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7209] chdir("./107") = 0 [pid 7209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7209] setpgid(0, 0) = 0 [pid 7209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7209] write(3, "1000", 4) = 4 [pid 7209] close(3) = 0 [pid 7209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7209] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7209] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7209] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7210 attached [pid 7210] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7209] <... clone3 resumed> => {parent_tid=[7210]}, 88) = 7210 [pid 7210] <... rseq resumed>) = 0 [pid 7209] rt_sigprocmask(SIG_SETMASK, [], [pid 7210] set_robust_list(0x7f0bd5e299a0, 24 [pid 7209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7210] <... set_robust_list resumed>) = 0 [pid 7210] rt_sigprocmask(SIG_SETMASK, [], [pid 7209] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7209] <... futex resumed>) = 0 [pid 7210] memfd_create("syzkaller", 0 [pid 7209] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7210] <... memfd_create resumed>) = 3 [pid 7210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7210] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7210] close(3) = 0 [pid 7210] mkdir("./file0", 0777) = 0 [ 147.470376][ T7210] loop0: detected capacity change from 0 to 32768 [ 147.484095][ T7210] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7210) [ 147.498907][ T7210] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 147.508228][ T7210] BTRFS info (device loop0): force clearing of disk cache [pid 7210] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 147.515414][ T7210] BTRFS info (device loop0): setting nodatasum [ 147.521584][ T7210] BTRFS info (device loop0): allowing degraded mounts [ 147.528405][ T7210] BTRFS info (device loop0): enabling disk space caching [pid 7210] chdir("./file0") = 0 [pid 7210] ioctl(4, LOOP_CLR_FD) = 0 [pid 7210] close(4) = 0 [pid 7210] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7209] <... futex resumed>) = 0 [pid 7210] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7209] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7210] <... futex resumed>) = 0 [pid 7209] <... futex resumed>) = 1 [pid 7209] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7210] open("./file0", O_RDONLY) = 4 [pid 7210] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7209] <... futex resumed>) = 0 [pid 7210] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7209] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7210] <... ioctl resumed>) = 0 [pid 7209] <... futex resumed>) = 0 [pid 7210] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7209] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7210] <... futex resumed>) = 0 [pid 7209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7210] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7209] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7210] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7209] <... futex resumed>) = 0 [pid 7209] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7209] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7209] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7228 attached => {parent_tid=[7228]}, 88) = 7228 [pid 7228] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7209] rt_sigprocmask(SIG_SETMASK, [], [pid 7228] set_robust_list(0x7f0bd5e089a0, 24 [pid 7209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7228] <... set_robust_list resumed>) = 0 [pid 7209] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7228] rt_sigprocmask(SIG_SETMASK, [], [pid 7209] <... futex resumed>) = 0 [pid 7228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7209] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7228] open(".", O_RDONLY) = 5 [pid 7228] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7209] <... futex resumed>) = 0 [pid 7228] <... futex resumed>) = 1 [pid 7209] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7228] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7209] <... futex resumed>) = 0 [pid 7209] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7228] <... ioctl resumed>) = 0 [pid 7228] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7209] <... futex resumed>) = 0 [pid 7228] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7210] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7210] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7209] exit_group(0 [pid 7228] <... futex resumed>) = ? [pid 7209] <... exit_group resumed>) = ? [pid 7228] +++ exited with 0 +++ [pid 7210] +++ exited with 0 +++ [pid 7209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7209, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7229 attached [pid 7229] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7229] chdir("./108") = 0 [pid 7229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7229 [pid 7229] setpgid(0, 0) = 0 [pid 7229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7229] write(3, "1000", 4) = 4 [pid 7229] close(3) = 0 [pid 7229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7229] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7229] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7229] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7229] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7230 attached [pid 7230] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7229] <... clone3 resumed> => {parent_tid=[7230]}, 88) = 7230 [pid 7230] set_robust_list(0x7f0bd5e299a0, 24 [pid 7229] rt_sigprocmask(SIG_SETMASK, [], [pid 7230] <... set_robust_list resumed>) = 0 [pid 7229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7230] rt_sigprocmask(SIG_SETMASK, [], [pid 7229] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7229] <... futex resumed>) = 0 [pid 7230] memfd_create("syzkaller", 0 [pid 7229] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7230] <... memfd_create resumed>) = 3 [pid 7230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7230] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7230] close(3) = 0 [pid 7230] mkdir("./file0", 0777) = 0 [ 148.272270][ T7230] loop0: detected capacity change from 0 to 32768 [ 148.290128][ T7230] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7230) [ 148.305482][ T7230] _btrfs_printk: 14 callbacks suppressed [ 148.305496][ T7230] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 148.320457][ T7230] BTRFS info (device loop0): force clearing of disk cache [ 148.327626][ T7230] BTRFS info (device loop0): setting nodatasum [ 148.333768][ T7230] BTRFS info (device loop0): allowing degraded mounts [ 148.340594][ T7230] BTRFS info (device loop0): enabling disk space caching [ 148.347694][ T7230] BTRFS info (device loop0): disk space caching is enabled [ 148.367108][ T7230] BTRFS info (device loop0): enabling ssd optimizations [ 148.374153][ T7230] BTRFS info (device loop0): auto enabling async discard [ 148.381874][ T7230] BTRFS info (device loop0): rebuilding free space tree [ 148.394963][ T7230] BTRFS info (device loop0): disabling free space tree [ 148.401945][ T7230] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 148.411713][ T7230] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7230] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7230] chdir("./file0") = 0 [pid 7230] ioctl(4, LOOP_CLR_FD) = 0 [pid 7230] close(4) = 0 [pid 7230] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7229] <... futex resumed>) = 0 [pid 7230] open("./file0", O_RDONLY [pid 7229] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7230] <... open resumed>) = 4 [pid 7229] <... futex resumed>) = 0 [pid 7229] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7230] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7229] <... futex resumed>) = 0 [pid 7230] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7229] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7229] <... futex resumed>) = 0 [pid 7230] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7229] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7230] <... ioctl resumed>) = 0 [ 148.424629][ T7230] BTRFS info (device loop0): checking UUID tree [pid 7230] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7229] <... futex resumed>) = 0 [pid 7229] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7230] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7229] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7229] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7229] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7248 attached [pid 7248] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7229] <... clone3 resumed> => {parent_tid=[7248]}, 88) = 7248 [pid 7248] <... rseq resumed>) = 0 [pid 7248] set_robust_list(0x7f0bd5e089a0, 24 [pid 7229] rt_sigprocmask(SIG_SETMASK, [], [pid 7248] <... set_robust_list resumed>) = 0 [pid 7248] rt_sigprocmask(SIG_SETMASK, [], [pid 7229] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 148.498182][ T7230] BTRFS info (device loop0): balance: start -d -m [ 148.508107][ T7230] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 148.533485][ T7230] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7229] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7248] open(".", O_RDONLY) = 5 [pid 7248] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7229] <... futex resumed>) = 0 [pid 7248] <... futex resumed>) = 0 [pid 7248] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7229] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7229] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7248] <... futex resumed>) = 0 [pid 7229] <... futex resumed>) = 1 [pid 7248] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7229] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7248] <... ioctl resumed>) = 0 [pid 7248] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7229] <... futex resumed>) = 0 [pid 7248] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7230] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7230] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7230] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7229] exit_group(0 [pid 7248] <... futex resumed>) = ? [pid 7230] <... futex resumed>) = ? [pid 7229] <... exit_group resumed>) = ? [pid 7248] +++ exited with 0 +++ [pid 7230] +++ exited with 0 +++ [pid 7229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7229, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 148.597006][ T7230] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 148.619064][ T7230] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 148.636782][ T7230] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7249 attached , child_tidptr=0x5555570ad690) = 7249 [pid 7249] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7249] chdir("./109") = 0 [pid 7249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7249] setpgid(0, 0) = 0 [pid 7249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7249] write(3, "1000", 4) = 4 [pid 7249] close(3) = 0 [pid 7249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7249] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7249] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7250 attached [pid 7250] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7249] <... clone3 resumed> => {parent_tid=[7250]}, 88) = 7250 [pid 7250] <... rseq resumed>) = 0 [pid 7250] set_robust_list(0x7f0bd5e299a0, 24 [pid 7249] rt_sigprocmask(SIG_SETMASK, [], [pid 7250] <... set_robust_list resumed>) = 0 [pid 7250] rt_sigprocmask(SIG_SETMASK, [], [pid 7249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7249] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7250] memfd_create("syzkaller", 0) = 3 [pid 7250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7250] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7250] close(3) = 0 [pid 7250] mkdir("./file0", 0777) = 0 [ 149.160142][ T7250] loop0: detected capacity change from 0 to 32768 [ 149.175703][ T7250] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7250) [ 149.191626][ T7250] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 149.200979][ T7250] BTRFS info (device loop0): force clearing of disk cache [ 149.208158][ T7250] BTRFS info (device loop0): setting nodatasum [ 149.214422][ T7250] BTRFS info (device loop0): allowing degraded mounts [ 149.221202][ T7250] BTRFS info (device loop0): enabling disk space caching [ 149.228295][ T7250] BTRFS info (device loop0): disk space caching is enabled [ 149.247354][ T7250] BTRFS info (device loop0): enabling ssd optimizations [pid 7250] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [ 149.254404][ T7250] BTRFS info (device loop0): auto enabling async discard [ 149.262221][ T7250] BTRFS info (device loop0): rebuilding free space tree [ 149.273353][ T7250] BTRFS info (device loop0): disabling free space tree [ 149.280325][ T7250] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 149.290018][ T7250] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 149.304698][ T7250] BTRFS info (device loop0): checking UUID tree [pid 7250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7250] chdir("./file0") = 0 [pid 7250] ioctl(4, LOOP_CLR_FD) = 0 [pid 7250] close(4) = 0 [pid 7250] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7250] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7249] <... futex resumed>) = 0 [pid 7249] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7250] <... futex resumed>) = 0 [pid 7250] open("./file0", O_RDONLY [pid 7249] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7250] <... open resumed>) = 4 [pid 7250] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7249] <... futex resumed>) = 0 [pid 7249] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7250] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7249] <... futex resumed>) = 0 [pid 7249] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7250] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7250] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7249] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7249] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7249] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7268 attached [pid 7268] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7268] set_robust_list(0x7f0bd5e089a0, 24 [pid 7249] <... clone3 resumed> => {parent_tid=[7268]}, 88) = 7268 [ 149.343786][ T7250] BTRFS info (device loop0): balance: start -d -m [ 149.352979][ T7250] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 149.382012][ T7250] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7268] <... set_robust_list resumed>) = 0 [pid 7249] rt_sigprocmask(SIG_SETMASK, [], [pid 7268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7268] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7249] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7249] <... futex resumed>) = 0 [pid 7268] open(".", O_RDONLY [pid 7249] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7268] <... open resumed>) = 5 [pid 7268] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7249] <... futex resumed>) = 0 [pid 7268] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7249] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7249] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7268] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7268] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7249] <... futex resumed>) = 0 [ 149.429966][ T7250] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 7268] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7250] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7250] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7250] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7249] exit_group(0) = ? [pid 7268] <... futex resumed>) = ? [pid 7250] <... futex resumed>) = ? [pid 7268] +++ exited with 0 +++ [pid 7250] +++ exited with 0 +++ [pid 7249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7249, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=43 /* 0.43 s */} --- [ 149.480946][ T7250] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 149.506840][ T7250] BTRFS info (device loop0): balance: ended with status: 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7269 attached [pid 7269] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7269] chdir("./110") = 0 [pid 7269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7269 [pid 7269] setpgid(0, 0) = 0 [pid 7269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7269] write(3, "1000", 4) = 4 [pid 7269] close(3) = 0 [pid 7269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7269] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7269] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7269] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7269] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7270 attached [pid 7270] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7269] <... clone3 resumed> => {parent_tid=[7270]}, 88) = 7270 [pid 7270] set_robust_list(0x7f0bd5e299a0, 24 [pid 7269] rt_sigprocmask(SIG_SETMASK, [], [pid 7270] <... set_robust_list resumed>) = 0 [pid 7269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7270] rt_sigprocmask(SIG_SETMASK, [], [pid 7269] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7269] <... futex resumed>) = 0 [pid 7270] memfd_create("syzkaller", 0 [pid 7269] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7270] <... memfd_create resumed>) = 3 [pid 7270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7270] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7270] close(3) = 0 [pid 7270] mkdir("./file0", 0777) = 0 [ 150.010263][ T7270] loop0: detected capacity change from 0 to 32768 [ 150.020384][ T7270] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7270) [ 150.035833][ T7270] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 150.045126][ T7270] BTRFS info (device loop0): force clearing of disk cache [ 150.052319][ T7270] BTRFS info (device loop0): setting nodatasum [ 150.058530][ T7270] BTRFS info (device loop0): allowing degraded mounts [ 150.065328][ T7270] BTRFS info (device loop0): enabling disk space caching [ 150.072337][ T7270] BTRFS info (device loop0): disk space caching is enabled [ 150.090933][ T7270] BTRFS info (device loop0): enabling ssd optimizations [ 150.097985][ T7270] BTRFS info (device loop0): auto enabling async discard [pid 7270] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7270] chdir("./file0") = 0 [pid 7270] ioctl(4, LOOP_CLR_FD) = 0 [pid 7270] close(4) = 0 [ 150.106400][ T7270] BTRFS info (device loop0): rebuilding free space tree [ 150.118462][ T7270] BTRFS info (device loop0): disabling free space tree [ 150.126223][ T7270] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 150.135921][ T7270] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 150.148836][ T7270] BTRFS info (device loop0): checking UUID tree [pid 7270] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7270] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7269] <... futex resumed>) = 0 [pid 7270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7269] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7270] open("./file0", O_RDONLY [pid 7269] <... futex resumed>) = 0 [pid 7270] <... open resumed>) = 4 [pid 7269] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7270] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7269] <... futex resumed>) = 0 [pid 7269] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7270] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7269] <... futex resumed>) = 0 [pid 7270] <... ioctl resumed>) = 0 [pid 7269] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7270] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7269] <... futex resumed>) = 0 [pid 7269] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7270] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7269] <... futex resumed>) = 0 [pid 7269] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7269] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7269] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7288 attached [pid 7288] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7288] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7269] <... clone3 resumed> => {parent_tid=[7288]}, 88) = 7288 [pid 7288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7269] rt_sigprocmask(SIG_SETMASK, [], [pid 7288] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7269] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] <... futex resumed>) = 0 [pid 7269] <... futex resumed>) = 1 [pid 7288] open(".", O_RDONLY [pid 7269] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7288] <... open resumed>) = 5 [pid 7288] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7288] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7269] <... futex resumed>) = 0 [ 150.224395][ T7270] BTRFS info (device loop0): balance: start -d -m [ 150.233182][ T7270] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 150.258070][ T7270] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7269] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7269] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7288] <... futex resumed>) = 0 [pid 7288] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7288] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7288] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7269] <... futex resumed>) = 0 [pid 7270] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7270] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7269] exit_group(0 [pid 7288] <... futex resumed>) = ? [pid 7270] <... futex resumed>) = ? [pid 7269] <... exit_group resumed>) = ? [pid 7288] +++ exited with 0 +++ [pid 7270] +++ exited with 0 +++ [pid 7269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7269, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 150.324814][ T7270] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 150.345656][ T7270] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 150.366115][ T7270] BTRFS info (device loop0): balance: ended with status: 0 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7289 attached , child_tidptr=0x5555570ad690) = 7289 [pid 7289] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7289] chdir("./111") = 0 [pid 7289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7289] setpgid(0, 0) = 0 [pid 7289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7289] write(3, "1000", 4) = 4 [pid 7289] close(3) = 0 [pid 7289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7289] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7289] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7289] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7290 attached => {parent_tid=[7290]}, 88) = 7290 [pid 7290] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7289] rt_sigprocmask(SIG_SETMASK, [], [pid 7290] set_robust_list(0x7f0bd5e299a0, 24 [pid 7289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7290] <... set_robust_list resumed>) = 0 [pid 7290] rt_sigprocmask(SIG_SETMASK, [], [pid 7289] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7289] <... futex resumed>) = 0 [pid 7290] memfd_create("syzkaller", 0 [pid 7289] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7290] <... memfd_create resumed>) = 3 [pid 7290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7290] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7290] close(3) = 0 [pid 7290] mkdir("./file0", 0777) = 0 [ 150.839851][ T7290] loop0: detected capacity change from 0 to 32768 [ 150.859560][ T7290] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7290) [ 150.875773][ T7290] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 150.885075][ T7290] BTRFS info (device loop0): force clearing of disk cache [ 150.892208][ T7290] BTRFS info (device loop0): setting nodatasum [ 150.898446][ T7290] BTRFS info (device loop0): allowing degraded mounts [ 150.905263][ T7290] BTRFS info (device loop0): enabling disk space caching [ 150.912314][ T7290] BTRFS info (device loop0): disk space caching is enabled [ 150.931452][ T7290] BTRFS info (device loop0): enabling ssd optimizations [ 150.938523][ T7290] BTRFS info (device loop0): auto enabling async discard [ 150.946528][ T7290] BTRFS info (device loop0): rebuilding free space tree [ 150.957455][ T7290] BTRFS info (device loop0): disabling free space tree [ 150.964582][ T7290] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 150.974589][ T7290] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7290] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7290] chdir("./file0") = 0 [ 150.987221][ T7290] BTRFS info (device loop0): checking UUID tree [pid 7290] ioctl(4, LOOP_CLR_FD) = 0 [pid 7290] close(4) = 0 [pid 7290] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7289] <... futex resumed>) = 0 [pid 7290] open("./file0", O_RDONLY [pid 7289] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7289] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7290] <... open resumed>) = 4 [pid 7290] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7289] <... futex resumed>) = 0 [pid 7290] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7289] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7289] <... futex resumed>) = 0 [pid 7290] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7289] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7290] <... ioctl resumed>) = 0 [pid 7290] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7289] <... futex resumed>) = 0 [pid 7290] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7289] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7289] <... futex resumed>) = 0 [pid 7290] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7289] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7289] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7289] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7308 attached => {parent_tid=[7308]}, 88) = 7308 [pid 7289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7289] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7308] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7289] <... futex resumed>) = 0 [pid 7308] <... rseq resumed>) = 0 [pid 7289] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7308] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7308] open(".", O_RDONLY) = 5 [pid 7308] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7289] <... futex resumed>) = 0 [pid 7308] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7289] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 151.088645][ T7290] BTRFS info (device loop0): balance: start -d -m [ 151.097136][ T7290] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 151.126224][ T7290] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7289] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7308] <... ioctl resumed>) = 0 [pid 7308] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7289] <... futex resumed>) = 0 [pid 7308] <... futex resumed>) = 1 [pid 7308] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7290] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7290] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7289] exit_group(0) = ? [pid 7308] <... futex resumed>) = ? [pid 7290] <... futex resumed>) = ? [pid 7308] +++ exited with 0 +++ [pid 7290] +++ exited with 0 +++ [pid 7289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7289, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 151.200058][ T7290] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 151.220694][ T7290] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 151.238282][ T7290] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7309 attached , child_tidptr=0x5555570ad690) = 7309 [pid 7309] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7309] chdir("./112") = 0 [pid 7309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7309] setpgid(0, 0) = 0 [pid 7309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7309] write(3, "1000", 4) = 4 [pid 7309] close(3) = 0 [pid 7309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7309] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7309] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7309] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7310 attached [pid 7310] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7309] <... clone3 resumed> => {parent_tid=[7310]}, 88) = 7310 [pid 7310] <... rseq resumed>) = 0 [pid 7309] rt_sigprocmask(SIG_SETMASK, [], [pid 7310] set_robust_list(0x7f0bd5e299a0, 24 [pid 7309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7310] <... set_robust_list resumed>) = 0 [pid 7309] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7309] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7310] memfd_create("syzkaller", 0) = 3 [pid 7310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7310] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7310] close(3) = 0 [pid 7310] mkdir("./file0", 0777) = 0 [ 151.749301][ T7310] loop0: detected capacity change from 0 to 32768 [ 151.773322][ T7310] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7310) [ 151.789858][ T7310] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 151.799168][ T7310] BTRFS info (device loop0): force clearing of disk cache [ 151.806371][ T7310] BTRFS info (device loop0): setting nodatasum [ 151.812539][ T7310] BTRFS info (device loop0): allowing degraded mounts [ 151.819400][ T7310] BTRFS info (device loop0): enabling disk space caching [ 151.826502][ T7310] BTRFS info (device loop0): disk space caching is enabled [ 151.845623][ T7310] BTRFS info (device loop0): enabling ssd optimizations [ 151.852585][ T7310] BTRFS info (device loop0): auto enabling async discard [ 151.860980][ T7310] BTRFS info (device loop0): rebuilding free space tree [ 151.873485][ T7310] BTRFS info (device loop0): disabling free space tree [ 151.880542][ T7310] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7310] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7310] chdir("./file0") = 0 [pid 7310] ioctl(4, LOOP_CLR_FD) = 0 [pid 7310] close(4) = 0 [pid 7310] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7310] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7309] <... futex resumed>) = 0 [pid 7309] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7310] <... futex resumed>) = 0 [pid 7309] <... futex resumed>) = 1 [pid 7310] open("./file0", O_RDONLY [pid 7309] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7310] <... open resumed>) = 4 [ 151.890245][ T7310] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 151.902794][ T7310] BTRFS info (device loop0): checking UUID tree [pid 7310] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7309] <... futex resumed>) = 0 [pid 7310] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7309] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7310] <... ioctl resumed>) = 0 [pid 7309] <... futex resumed>) = 0 [pid 7310] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7309] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7310] <... futex resumed>) = 0 [pid 7309] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7310] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7309] <... futex resumed>) = 0 [pid 7309] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7309] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7309] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7328]}, 88) = 7328 [pid 7309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7328 attached [pid 7328] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7328] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7309] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7309] <... futex resumed>) = 0 [pid 7328] open(".", O_RDONLY [pid 7309] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7328] <... open resumed>) = 5 [pid 7328] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7309] <... futex resumed>) = 0 [pid 7328] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7309] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7309] <... futex resumed>) = 0 [pid 7328] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 151.991707][ T7310] BTRFS info (device loop0): balance: start -d -m [ 152.000347][ T7310] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 152.026399][ T7310] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7309] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7328] <... ioctl resumed>) = 0 [pid 7328] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7309] <... futex resumed>) = 0 [ 152.090246][ T7310] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 152.115089][ T7310] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7328] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7310] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7310] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7309] exit_group(0 [pid 7328] <... futex resumed>) = ? [pid 7309] <... exit_group resumed>) = ? [pid 7328] +++ exited with 0 +++ [pid 7310] <... futex resumed>) = ? [pid 7310] +++ exited with 0 +++ [pid 7309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7309, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 152.134927][ T7310] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7329 attached , child_tidptr=0x5555570ad690) = 7329 [pid 7329] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7329] chdir("./113") = 0 [pid 7329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7329] setpgid(0, 0) = 0 [pid 7329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7329] write(3, "1000", 4) = 4 [pid 7329] close(3) = 0 [pid 7329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7329] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7329] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7329] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7330 attached [pid 7330] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7329] <... clone3 resumed> => {parent_tid=[7330]}, 88) = 7330 [pid 7330] set_robust_list(0x7f0bd5e299a0, 24 [pid 7329] rt_sigprocmask(SIG_SETMASK, [], [pid 7330] <... set_robust_list resumed>) = 0 [pid 7330] rt_sigprocmask(SIG_SETMASK, [], [pid 7329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7329] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7330] memfd_create("syzkaller", 0 [pid 7329] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7330] <... memfd_create resumed>) = 3 [pid 7330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7330] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7330] close(3) = 0 [pid 7330] mkdir("./file0", 0777) = 0 [ 152.639771][ T7330] loop0: detected capacity change from 0 to 32768 [ 152.656394][ T7330] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7330) [ 152.672261][ T7330] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 152.681644][ T7330] BTRFS info (device loop0): force clearing of disk cache [pid 7330] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [ 152.688827][ T7330] BTRFS info (device loop0): setting nodatasum [ 152.695016][ T7330] BTRFS info (device loop0): allowing degraded mounts [ 152.701772][ T7330] BTRFS info (device loop0): enabling disk space caching [pid 7330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7330] chdir("./file0") = 0 [pid 7330] ioctl(4, LOOP_CLR_FD) = 0 [pid 7330] close(4) = 0 [pid 7330] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7329] <... futex resumed>) = 0 [pid 7330] <... futex resumed>) = 1 [pid 7329] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7330] open("./file0", O_RDONLY [pid 7329] <... futex resumed>) = 0 [pid 7329] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7330] <... open resumed>) = 4 [pid 7330] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7329] <... futex resumed>) = 0 [pid 7330] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7329] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7329] <... futex resumed>) = 0 [pid 7330] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7329] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7330] <... ioctl resumed>) = 0 [pid 7330] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7329] <... futex resumed>) = 0 [pid 7330] <... futex resumed>) = 1 [pid 7329] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7330] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7329] <... futex resumed>) = 0 [pid 7329] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7329] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7329] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7348 attached => {parent_tid=[7348]}, 88) = 7348 [pid 7329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7329] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7348] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7329] <... futex resumed>) = 0 [pid 7348] <... rseq resumed>) = 0 [pid 7329] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7348] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7348] open(".", O_RDONLY) = 5 [pid 7348] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7329] <... futex resumed>) = 0 [pid 7329] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7348] <... futex resumed>) = 1 [pid 7329] <... futex resumed>) = 0 [pid 7329] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7348] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7348] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7348] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7329] <... futex resumed>) = 0 [pid 7330] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7330] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7330] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7329] exit_group(0 [pid 7330] <... futex resumed>) = ? [pid 7348] <... futex resumed>) = ? [pid 7329] <... exit_group resumed>) = ? [pid 7330] +++ exited with 0 +++ [pid 7348] +++ exited with 0 +++ [pid 7329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7329, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7349 attached , child_tidptr=0x5555570ad690) = 7349 [pid 7349] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7349] chdir("./114") = 0 [pid 7349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7349] setpgid(0, 0) = 0 [pid 7349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7349] write(3, "1000", 4) = 4 [pid 7349] close(3) = 0 [pid 7349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7349] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7349] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7349] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7350 attached [pid 7350] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7350] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7350] rt_sigprocmask(SIG_SETMASK, [], [pid 7349] <... clone3 resumed> => {parent_tid=[7350]}, 88) = 7350 [pid 7350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7350] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7349] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7350] <... futex resumed>) = 0 [pid 7349] <... futex resumed>) = 1 [pid 7350] memfd_create("syzkaller", 0 [pid 7349] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7350] <... memfd_create resumed>) = 3 [pid 7350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7350] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7350] close(3) = 0 [pid 7350] mkdir("./file0", 0777) = 0 [ 153.276315][ T7350] loop0: detected capacity change from 0 to 32768 [ 153.294149][ T7350] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7350) [ 153.322022][ T7350] _btrfs_printk: 20 callbacks suppressed [ 153.322038][ T7350] BTRFS info (device loop0): enabling ssd optimizations [ 153.334994][ T7350] BTRFS info (device loop0): auto enabling async discard [ 153.343060][ T7350] BTRFS info (device loop0): rebuilding free space tree [ 153.353950][ T7350] BTRFS info (device loop0): disabling free space tree [ 153.360866][ T7350] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7350] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7350] chdir("./file0") = 0 [pid 7350] ioctl(4, LOOP_CLR_FD) = 0 [pid 7350] close(4) = 0 [pid 7350] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7350] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7349] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] open("./file0", O_RDONLY) = 4 [pid 7350] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7349] <... futex resumed>) = 0 [pid 7350] <... futex resumed>) = 1 [pid 7350] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7349] <... futex resumed>) = 0 [pid 7350] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7349] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] <... ioctl resumed>) = 0 [pid 7350] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7350] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7349] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 153.370642][ T7350] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 153.382984][ T7350] BTRFS info (device loop0): checking UUID tree [pid 7349] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7349] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7349] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7368 attached => {parent_tid=[7368]}, 88) = 7368 [pid 7368] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7368] <... rseq resumed>) = 0 [pid 7349] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7368] set_robust_list(0x7f0bd5e089a0, 24 [pid 7349] <... futex resumed>) = 0 [pid 7368] <... set_robust_list resumed>) = 0 [pid 7349] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7368] open(".", O_RDONLY) = 5 [pid 7368] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7368] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7349] <... futex resumed>) = 0 [pid 7368] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 153.436113][ T7350] BTRFS info (device loop0): balance: start -d -m [ 153.444627][ T7350] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 153.472775][ T7350] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7349] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7368] <... ioctl resumed>) = 0 [pid 7368] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7349] <... futex resumed>) = 0 [pid 7368] <... futex resumed>) = 1 [ 153.552457][ T7350] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 153.580754][ T7350] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7368] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7350] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7350] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7350] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] exit_group(0 [pid 7368] <... futex resumed>) = ? [pid 7350] <... futex resumed>) = ? [pid 7349] <... exit_group resumed>) = ? [pid 7368] +++ exited with 0 +++ [pid 7350] +++ exited with 0 +++ [pid 7349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7349, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 153.598586][ T7350] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7369 attached , child_tidptr=0x5555570ad690) = 7369 [pid 7369] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7369] chdir("./115") = 0 [pid 7369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7369] setpgid(0, 0) = 0 [pid 7369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7369] write(3, "1000", 4) = 4 [pid 7369] close(3) = 0 [pid 7369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7369] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7369] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7370 attached [pid 7370] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7369] <... clone3 resumed> => {parent_tid=[7370]}, 88) = 7370 [pid 7370] set_robust_list(0x7f0bd5e299a0, 24 [pid 7369] rt_sigprocmask(SIG_SETMASK, [], [pid 7370] <... set_robust_list resumed>) = 0 [pid 7369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7370] rt_sigprocmask(SIG_SETMASK, [], [pid 7369] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7369] <... futex resumed>) = 0 [pid 7370] memfd_create("syzkaller", 0 [pid 7369] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7370] <... memfd_create resumed>) = 3 [pid 7370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7370] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7370] close(3) = 0 [pid 7370] mkdir("./file0", 0777) = 0 [ 154.221618][ T7370] loop0: detected capacity change from 0 to 32768 [ 154.246815][ T7370] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7370) [ 154.262330][ T7370] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 154.271652][ T7370] BTRFS info (device loop0): force clearing of disk cache [ 154.278838][ T7370] BTRFS info (device loop0): setting nodatasum [ 154.285077][ T7370] BTRFS info (device loop0): allowing degraded mounts [ 154.291853][ T7370] BTRFS info (device loop0): enabling disk space caching [ 154.298912][ T7370] BTRFS info (device loop0): disk space caching is enabled [ 154.317441][ T7370] BTRFS info (device loop0): enabling ssd optimizations [ 154.324484][ T7370] BTRFS info (device loop0): auto enabling async discard [ 154.332303][ T7370] BTRFS info (device loop0): rebuilding free space tree [ 154.343303][ T7370] BTRFS info (device loop0): disabling free space tree [ 154.350346][ T7370] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 154.360074][ T7370] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7370] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7370] chdir("./file0") = 0 [pid 7370] ioctl(4, LOOP_CLR_FD) = 0 [pid 7370] close(4) = 0 [pid 7370] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7369] <... futex resumed>) = 0 [pid 7369] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7370] open("./file0", O_RDONLY) = 4 [pid 7370] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7369] <... futex resumed>) = 0 [pid 7370] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7369] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7370] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7369] <... futex resumed>) = 0 [pid 7370] <... ioctl resumed>) = 0 [pid 7369] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7370] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7369] <... futex resumed>) = 0 [pid 7370] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7369] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7369] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7370] <... futex resumed>) = 0 [ 154.374463][ T7370] BTRFS info (device loop0): checking UUID tree [pid 7370] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7369] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7369] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7369] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 154.438202][ T7370] BTRFS info (device loop0): balance: start -d -m [ 154.448702][ T7370] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 154.471964][ T7370] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7388]}, 88) = 7388 [pid 7369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7369] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7388 attached [pid 7388] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7388] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7388] open(".", O_RDONLY) = 5 [pid 7388] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7369] <... futex resumed>) = 0 [pid 7388] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7369] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7388] <... ioctl resumed>) = 0 [pid 7388] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7369] <... futex resumed>) = 0 [ 154.515756][ T7370] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 7388] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7370] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7370] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7370] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7369] exit_group(0 [pid 7388] <... futex resumed>) = ? [pid 7370] <... futex resumed>) = ? [pid 7370] +++ exited with 0 +++ [pid 7388] +++ exited with 0 +++ [pid 7369] <... exit_group resumed>) = ? [pid 7369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7369, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 154.557816][ T7370] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 154.574647][ T7370] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7389 attached , child_tidptr=0x5555570ad690) = 7389 [pid 7389] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7389] chdir("./116") = 0 [pid 7389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7389] setpgid(0, 0) = 0 [pid 7389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7389] write(3, "1000", 4) = 4 [pid 7389] close(3) = 0 [pid 7389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7389] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7389] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7389] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7390 attached [pid 7390] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7390] set_robust_list(0x7f0bd5e299a0, 24 [pid 7389] <... clone3 resumed> => {parent_tid=[7390]}, 88) = 7390 [pid 7390] <... set_robust_list resumed>) = 0 [pid 7389] rt_sigprocmask(SIG_SETMASK, [], [pid 7390] rt_sigprocmask(SIG_SETMASK, [], [pid 7389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7389] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] memfd_create("syzkaller", 0 [pid 7389] <... futex resumed>) = 0 [pid 7389] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7390] <... memfd_create resumed>) = 3 [pid 7390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7390] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7390] close(3) = 0 [pid 7390] mkdir("./file0", 0777) = 0 [ 155.110031][ T7390] loop0: detected capacity change from 0 to 32768 [ 155.119537][ T7390] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7390) [ 155.135691][ T7390] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 155.144968][ T7390] BTRFS info (device loop0): force clearing of disk cache [ 155.152070][ T7390] BTRFS info (device loop0): setting nodatasum [ 155.158291][ T7390] BTRFS info (device loop0): allowing degraded mounts [ 155.165150][ T7390] BTRFS info (device loop0): enabling disk space caching [ 155.172192][ T7390] BTRFS info (device loop0): disk space caching is enabled [ 155.191849][ T7390] BTRFS info (device loop0): enabling ssd optimizations [ 155.199202][ T7390] BTRFS info (device loop0): auto enabling async discard [pid 7390] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7390] chdir("./file0") = 0 [pid 7390] ioctl(4, LOOP_CLR_FD) = 0 [pid 7390] close(4) = 0 [ 155.207187][ T7390] BTRFS info (device loop0): rebuilding free space tree [ 155.218204][ T7390] BTRFS info (device loop0): disabling free space tree [ 155.225448][ T7390] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 155.235371][ T7390] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 155.247808][ T7390] BTRFS info (device loop0): checking UUID tree [pid 7390] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7389] <... futex resumed>) = 0 [pid 7390] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7389] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7389] <... futex resumed>) = 0 [pid 7390] open("./file0", O_RDONLY [pid 7389] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7390] <... open resumed>) = 4 [pid 7390] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7389] <... futex resumed>) = 0 [pid 7390] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7389] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7389] <... futex resumed>) = 0 [pid 7390] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7389] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7390] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7389] <... futex resumed>) = 0 [pid 7390] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7389] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7389] <... futex resumed>) = 0 [pid 7389] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7389] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7389] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7408]}, 88) = 7408 [pid 7389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7389] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7389] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7408 attached [pid 7408] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7408] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7408] open(".", O_RDONLY) = 5 [pid 7408] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7389] <... futex resumed>) = 0 [pid 7408] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7389] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7389] <... futex resumed>) = 0 [pid 7408] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 155.317157][ T7390] BTRFS info (device loop0): balance: start -d -m [ 155.325750][ T7390] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 155.350525][ T7390] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7389] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7408] <... ioctl resumed>) = 0 [pid 7408] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7389] <... futex resumed>) = 0 [pid 7408] <... futex resumed>) = 1 [pid 7408] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7390] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7390] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7390] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7389] exit_group(0 [pid 7408] <... futex resumed>) = ? [pid 7390] <... futex resumed>) = ? [pid 7408] +++ exited with 0 +++ [pid 7390] +++ exited with 0 +++ [pid 7389] <... exit_group resumed>) = ? [pid 7389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7389, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 [ 155.432553][ T7390] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 155.454393][ T7390] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 155.472413][ T7390] BTRFS info (device loop0): balance: ended with status: 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7409 attached [pid 7409] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7409] chdir("./117") = 0 [pid 7409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7409] setpgid(0, 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7409 [pid 7409] <... setpgid resumed>) = 0 [pid 7409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7409] write(3, "1000", 4) = 4 [pid 7409] close(3) = 0 [pid 7409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7409] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7409] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7409] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7410 attached [pid 7410] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7409] <... clone3 resumed> => {parent_tid=[7410]}, 88) = 7410 [pid 7410] set_robust_list(0x7f0bd5e299a0, 24 [pid 7409] rt_sigprocmask(SIG_SETMASK, [], [pid 7410] <... set_robust_list resumed>) = 0 [pid 7409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7410] rt_sigprocmask(SIG_SETMASK, [], [pid 7409] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7409] <... futex resumed>) = 0 [pid 7410] memfd_create("syzkaller", 0 [pid 7409] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7410] <... memfd_create resumed>) = 3 [pid 7410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7410] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7410] close(3) = 0 [pid 7410] mkdir("./file0", 0777) = 0 [ 155.979050][ T7410] loop0: detected capacity change from 0 to 32768 [ 156.003456][ T7410] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7410) [ 156.020121][ T7410] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 156.029467][ T7410] BTRFS info (device loop0): force clearing of disk cache [ 156.036654][ T7410] BTRFS info (device loop0): setting nodatasum [ 156.042821][ T7410] BTRFS info (device loop0): allowing degraded mounts [ 156.049631][ T7410] BTRFS info (device loop0): enabling disk space caching [ 156.056721][ T7410] BTRFS info (device loop0): disk space caching is enabled [ 156.076483][ T7410] BTRFS info (device loop0): enabling ssd optimizations [ 156.083481][ T7410] BTRFS info (device loop0): auto enabling async discard [ 156.091496][ T7410] BTRFS info (device loop0): rebuilding free space tree [ 156.102812][ T7410] BTRFS info (device loop0): disabling free space tree [ 156.109814][ T7410] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 156.119541][ T7410] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7410] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7410] chdir("./file0") = 0 [pid 7410] ioctl(4, LOOP_CLR_FD) = 0 [pid 7410] close(4) = 0 [pid 7410] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7409] <... futex resumed>) = 0 [pid 7410] open("./file0", O_RDONLY [ 156.132332][ T7410] BTRFS info (device loop0): checking UUID tree [pid 7409] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7410] <... open resumed>) = 4 [pid 7409] <... futex resumed>) = 0 [pid 7409] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7410] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7409] <... futex resumed>) = 0 [pid 7410] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7409] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7410] <... futex resumed>) = 0 [pid 7409] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7410] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7410] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7409] <... futex resumed>) = 0 [pid 7410] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7409] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7409] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7409] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7409] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7409] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7428 attached [pid 7428] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7409] <... clone3 resumed> => {parent_tid=[7428]}, 88) = 7428 [pid 7428] <... rseq resumed>) = 0 [pid 7409] rt_sigprocmask(SIG_SETMASK, [], [pid 7428] set_robust_list(0x7f0bd5e089a0, 24 [pid 7409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7428] <... set_robust_list resumed>) = 0 [pid 7409] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7428] rt_sigprocmask(SIG_SETMASK, [], [pid 7409] <... futex resumed>) = 0 [pid 7428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7409] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7428] open(".", O_RDONLY) = 5 [pid 7428] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7409] <... futex resumed>) = 0 [pid 7428] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7409] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7409] <... futex resumed>) = 0 [pid 7428] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 156.230796][ T7410] BTRFS info (device loop0): balance: start -d -m [ 156.242141][ T7410] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 156.269377][ T7410] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7409] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7428] <... ioctl resumed>) = 0 [pid 7428] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7409] <... futex resumed>) = 0 [pid 7428] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7410] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7410] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7409] exit_group(0 [pid 7410] <... futex resumed>) = 0 [pid 7409] <... exit_group resumed>) = ? [pid 7428] <... futex resumed>) = ? [pid 7410] +++ exited with 0 +++ [pid 7428] +++ exited with 0 +++ [pid 7409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7409, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [ 156.337222][ T7410] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 156.357653][ T7410] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 156.375787][ T7410] BTRFS info (device loop0): balance: ended with status: 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7429 attached [pid 7429] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7429] chdir("./118") = 0 [pid 7429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7429 [pid 7429] setpgid(0, 0) = 0 [pid 7429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7429] write(3, "1000", 4) = 4 [pid 7429] close(3) = 0 [pid 7429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7429] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7429] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7429] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7430 attached [pid 7430] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7429] <... clone3 resumed> => {parent_tid=[7430]}, 88) = 7430 [pid 7430] <... rseq resumed>) = 0 [pid 7429] rt_sigprocmask(SIG_SETMASK, [], [pid 7430] set_robust_list(0x7f0bd5e299a0, 24 [pid 7429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7430] <... set_robust_list resumed>) = 0 [pid 7429] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7430] rt_sigprocmask(SIG_SETMASK, [], [pid 7429] <... futex resumed>) = 0 [pid 7430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7429] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7430] memfd_create("syzkaller", 0) = 3 [pid 7430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7430] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7430] close(3) = 0 [pid 7430] mkdir("./file0", 0777) = 0 [ 156.913369][ T7430] loop0: detected capacity change from 0 to 32768 [ 156.948897][ T7430] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7430) [ 156.964969][ T7430] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 156.974283][ T7430] BTRFS info (device loop0): force clearing of disk cache [ 156.981385][ T7430] BTRFS info (device loop0): setting nodatasum [ 156.987813][ T7430] BTRFS info (device loop0): allowing degraded mounts [ 156.994679][ T7430] BTRFS info (device loop0): enabling disk space caching [ 157.001772][ T7430] BTRFS info (device loop0): disk space caching is enabled [ 157.021803][ T7430] BTRFS info (device loop0): enabling ssd optimizations [ 157.028863][ T7430] BTRFS info (device loop0): auto enabling async discard [ 157.037192][ T7430] BTRFS info (device loop0): rebuilding free space tree [ 157.048432][ T7430] BTRFS info (device loop0): disabling free space tree [ 157.055401][ T7430] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7430] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7430] chdir("./file0") = 0 [pid 7430] ioctl(4, LOOP_CLR_FD) = 0 [pid 7430] close(4) = 0 [pid 7430] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7429] <... futex resumed>) = 0 [pid 7429] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7430] open("./file0", O_RDONLY [pid 7429] <... futex resumed>) = 0 [pid 7430] <... open resumed>) = 4 [pid 7429] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7430] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7429] <... futex resumed>) = 0 [ 157.065071][ T7430] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 157.077561][ T7430] BTRFS info (device loop0): checking UUID tree [pid 7430] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7429] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7429] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7430] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7430] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7429] <... futex resumed>) = 0 [pid 7430] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7429] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7429] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7429] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7429] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7448 attached => {parent_tid=[7448]}, 88) = 7448 [pid 7448] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7448] <... rseq resumed>) = 0 [pid 7429] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7448] set_robust_list(0x7f0bd5e089a0, 24 [pid 7429] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7448] <... set_robust_list resumed>) = 0 [pid 7448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7448] open(".", O_RDONLY) = 5 [pid 7448] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7429] <... futex resumed>) = 0 [pid 7448] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7429] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7448] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7429] <... futex resumed>) = 0 [ 157.150532][ T7430] BTRFS info (device loop0): balance: start -d -m [ 157.159474][ T7430] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 157.183105][ T7430] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7429] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7448] <... ioctl resumed>) = 0 [pid 7448] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7429] <... futex resumed>) = 0 [pid 7448] <... futex resumed>) = 1 [ 157.265780][ T7430] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 157.292815][ T7430] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7448] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7430] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7430] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7430] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7429] exit_group(0 [pid 7448] <... futex resumed>) = ? [pid 7429] <... exit_group resumed>) = ? [pid 7448] +++ exited with 0 +++ [pid 7430] <... futex resumed>) = ? [pid 7430] +++ exited with 0 +++ [pid 7429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7429, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 157.309223][ T7430] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7449 attached [pid 7449] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7449] chdir("./119" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7449 [pid 7449] <... chdir resumed>) = 0 [pid 7449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7449] setpgid(0, 0) = 0 [pid 7449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7449] write(3, "1000", 4) = 4 [pid 7449] close(3) = 0 [pid 7449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7449] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7449] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7449] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7449] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7450 attached [pid 7450] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7449] <... clone3 resumed> => {parent_tid=[7450]}, 88) = 7450 [pid 7450] <... rseq resumed>) = 0 [pid 7450] set_robust_list(0x7f0bd5e299a0, 24 [pid 7449] rt_sigprocmask(SIG_SETMASK, [], [pid 7450] <... set_robust_list resumed>) = 0 [pid 7449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7450] rt_sigprocmask(SIG_SETMASK, [], [pid 7449] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7450] memfd_create("syzkaller", 0 [pid 7449] <... futex resumed>) = 0 [pid 7449] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7450] <... memfd_create resumed>) = 3 [pid 7450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7450] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7450] close(3) = 0 [pid 7450] mkdir("./file0", 0777) = 0 [ 157.839259][ T7450] loop0: detected capacity change from 0 to 32768 [ 157.861772][ T7450] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7450) [ 157.877343][ T7450] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 157.886655][ T7450] BTRFS info (device loop0): force clearing of disk cache [ 157.893781][ T7450] BTRFS info (device loop0): setting nodatasum [ 157.900008][ T7450] BTRFS info (device loop0): allowing degraded mounts [ 157.906840][ T7450] BTRFS info (device loop0): enabling disk space caching [ 157.914010][ T7450] BTRFS info (device loop0): disk space caching is enabled [ 157.932557][ T7450] BTRFS info (device loop0): enabling ssd optimizations [pid 7450] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7450] chdir("./file0") = 0 [pid 7450] ioctl(4, LOOP_CLR_FD) = 0 [pid 7450] close(4) = 0 [pid 7450] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7449] <... futex resumed>) = 0 [pid 7450] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7449] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7450] <... futex resumed>) = 0 [pid 7449] <... futex resumed>) = 1 [pid 7450] open("./file0", O_RDONLY [pid 7449] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7450] <... open resumed>) = 4 [pid 7450] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7450] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7449] <... futex resumed>) = 0 [pid 7449] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7450] <... futex resumed>) = 0 [pid 7449] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7450] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7450] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7449] <... futex resumed>) = 0 [pid 7450] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7449] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 157.939596][ T7450] BTRFS info (device loop0): auto enabling async discard [ 157.948310][ T7450] BTRFS info (device loop0): rebuilding free space tree [ 157.962127][ T7450] BTRFS info (device loop0): disabling free space tree [ 157.969520][ T7450] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7449] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7449] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7449] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7468]}, 88) = 7468 [pid 7449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7449] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7449] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7468 attached [pid 7468] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7468] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7468] open(".", O_RDONLY) = 5 [pid 7468] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7449] <... futex resumed>) = 0 [pid 7468] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7449] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7449] <... futex resumed>) = 0 [pid 7468] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7449] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7468] <... ioctl resumed>) = 0 [pid 7468] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7449] <... futex resumed>) = 0 [pid 7468] <... futex resumed>) = 1 [pid 7468] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7450] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7450] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7449] exit_group(0 [pid 7468] <... futex resumed>) = ? [pid 7450] <... futex resumed>) = ? [pid 7449] <... exit_group resumed>) = ? [pid 7468] +++ exited with 0 +++ [pid 7450] +++ exited with 0 +++ [pid 7449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7449, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7469 attached , child_tidptr=0x5555570ad690) = 7469 [pid 7469] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7469] chdir("./120") = 0 [pid 7469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7469] setpgid(0, 0) = 0 [pid 7469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7469] write(3, "1000", 4) = 4 [pid 7469] close(3) = 0 [pid 7469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7469] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7469] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7469] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7470 attached [pid 7470] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7469] <... clone3 resumed> => {parent_tid=[7470]}, 88) = 7470 [pid 7470] <... rseq resumed>) = 0 [pid 7469] rt_sigprocmask(SIG_SETMASK, [], [pid 7470] set_robust_list(0x7f0bd5e299a0, 24 [pid 7469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7470] <... set_robust_list resumed>) = 0 [pid 7469] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7470] rt_sigprocmask(SIG_SETMASK, [], [pid 7469] <... futex resumed>) = 0 [pid 7470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7469] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7470] memfd_create("syzkaller", 0) = 3 [pid 7470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7470] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7470] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7470] close(3) = 0 [pid 7470] mkdir("./file0", 0777) = 0 [ 158.600604][ T7470] loop0: detected capacity change from 0 to 32768 [ 158.620303][ T7470] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7470) [ 158.636143][ T7470] _btrfs_printk: 8 callbacks suppressed [ 158.636159][ T7470] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 158.651003][ T7470] BTRFS info (device loop0): force clearing of disk cache [ 158.658191][ T7470] BTRFS info (device loop0): setting nodatasum [ 158.664398][ T7470] BTRFS info (device loop0): allowing degraded mounts [ 158.671181][ T7470] BTRFS info (device loop0): enabling disk space caching [ 158.678756][ T7470] BTRFS info (device loop0): disk space caching is enabled [ 158.698212][ T7470] BTRFS info (device loop0): enabling ssd optimizations [ 158.705335][ T7470] BTRFS info (device loop0): auto enabling async discard [ 158.713221][ T7470] BTRFS info (device loop0): rebuilding free space tree [ 158.724492][ T7470] BTRFS info (device loop0): disabling free space tree [ 158.731402][ T7470] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 158.741148][ T7470] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7470] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7470] chdir("./file0") = 0 [pid 7470] ioctl(4, LOOP_CLR_FD) = 0 [pid 7470] close(4) = 0 [pid 7470] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7469] <... futex resumed>) = 0 [pid 7470] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7469] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7469] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7470] open("./file0", O_RDONLY) = 4 [pid 7470] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7469] <... futex resumed>) = 0 [pid 7469] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 158.754033][ T7470] BTRFS info (device loop0): checking UUID tree [pid 7469] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7470] <... futex resumed>) = 1 [pid 7470] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7470] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7469] <... futex resumed>) = 0 [pid 7469] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7469] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7470] <... futex resumed>) = 1 [pid 7470] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7469] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7469] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7469] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7488 attached => {parent_tid=[7488]}, 88) = 7488 [pid 7488] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7469] rt_sigprocmask(SIG_SETMASK, [], [pid 7488] <... rseq resumed>) = 0 [pid 7469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7488] set_robust_list(0x7f0bd5e089a0, 24 [pid 7469] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7488] <... set_robust_list resumed>) = 0 [pid 7469] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7488] open(".", O_RDONLY) = 5 [ 158.855027][ T7470] BTRFS info (device loop0): balance: start -d -m [ 158.865952][ T7470] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 158.883327][ T7470] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7488] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7469] <... futex resumed>) = 0 [pid 7488] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7469] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7488] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7469] <... futex resumed>) = 0 [pid 7488] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7469] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7488] <... ioctl resumed>) = 0 [pid 7488] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7469] <... futex resumed>) = 0 [ 158.915012][ T7470] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 158.942633][ T7470] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7488] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7470] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7470] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7469] exit_group(0 [pid 7470] <... futex resumed>) = 0 [pid 7488] <... futex resumed>) = ? [pid 7488] +++ exited with 0 +++ [pid 7469] <... exit_group resumed>) = ? [pid 7470] +++ exited with 0 +++ [pid 7469] +++ exited with 0 +++ [ 158.963419][ T7470] BTRFS info (device loop0): balance: ended with status: 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7469, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7489 attached , child_tidptr=0x5555570ad690) = 7489 [pid 7489] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7489] chdir("./121") = 0 [pid 7489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7489] setpgid(0, 0) = 0 [pid 7489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7489] write(3, "1000", 4) = 4 [pid 7489] close(3) = 0 [pid 7489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7489] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7489] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7489] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7490 attached [pid 7490] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7489] <... clone3 resumed> => {parent_tid=[7490]}, 88) = 7490 [pid 7490] <... rseq resumed>) = 0 [pid 7489] rt_sigprocmask(SIG_SETMASK, [], [pid 7490] set_robust_list(0x7f0bd5e299a0, 24 [pid 7489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7490] <... set_robust_list resumed>) = 0 [pid 7489] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7490] rt_sigprocmask(SIG_SETMASK, [], [pid 7489] <... futex resumed>) = 0 [pid 7490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7489] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7490] memfd_create("syzkaller", 0) = 3 [pid 7490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7490] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7490] close(3) = 0 [pid 7490] mkdir("./file0", 0777) = 0 [ 159.507494][ T7490] loop0: detected capacity change from 0 to 32768 [ 159.521064][ T7490] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7490) [ 159.537849][ T7490] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 159.547138][ T7490] BTRFS info (device loop0): force clearing of disk cache [ 159.554666][ T7490] BTRFS info (device loop0): setting nodatasum [ 159.561094][ T7490] BTRFS info (device loop0): allowing degraded mounts [ 159.568188][ T7490] BTRFS info (device loop0): enabling disk space caching [ 159.575269][ T7490] BTRFS info (device loop0): disk space caching is enabled [ 159.594531][ T7490] BTRFS info (device loop0): enabling ssd optimizations [pid 7490] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7490] chdir("./file0") = 0 [pid 7490] ioctl(4, LOOP_CLR_FD) = 0 [pid 7490] close(4) = 0 [pid 7490] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7489] <... futex resumed>) = 0 [pid 7489] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7489] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 159.601505][ T7490] BTRFS info (device loop0): auto enabling async discard [ 159.609527][ T7490] BTRFS info (device loop0): rebuilding free space tree [ 159.620630][ T7490] BTRFS info (device loop0): disabling free space tree [ 159.627636][ T7490] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 159.637351][ T7490] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 159.650121][ T7490] BTRFS info (device loop0): checking UUID tree [pid 7490] open("./file0", O_RDONLY) = 4 [pid 7490] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7489] <... futex resumed>) = 0 [pid 7490] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7489] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7490] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7489] <... futex resumed>) = 0 [pid 7490] <... ioctl resumed>) = 0 [pid 7490] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7489] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7489] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7489] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7490] <... futex resumed>) = 1 [pid 7489] <... futex resumed>) = 0 [pid 7490] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7489] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7489] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7489] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7489] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7508 attached => {parent_tid=[7508]}, 88) = 7508 [pid 7508] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7489] rt_sigprocmask(SIG_SETMASK, [], [pid 7508] <... rseq resumed>) = 0 [pid 7489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7508] set_robust_list(0x7f0bd5e089a0, 24 [pid 7489] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7508] <... set_robust_list resumed>) = 0 [pid 7489] <... futex resumed>) = 0 [pid 7508] rt_sigprocmask(SIG_SETMASK, [], [pid 7489] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7508] open(".", O_RDONLY) = 5 [pid 7508] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7489] <... futex resumed>) = 0 [pid 7508] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7489] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7489] <... futex resumed>) = 0 [pid 7508] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 159.718182][ T7490] BTRFS info (device loop0): balance: start -d -m [ 159.727503][ T7490] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 159.749964][ T7490] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7489] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7508] <... ioctl resumed>) = 0 [pid 7508] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7489] <... futex resumed>) = 0 [pid 7508] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7490] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7490] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7489] exit_group(0 [pid 7490] <... futex resumed>) = 231 [pid 7508] <... futex resumed>) = ? [pid 7489] <... exit_group resumed>) = ? [pid 7490] +++ exited with 0 +++ [pid 7508] +++ exited with 0 +++ [pid 7489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7489, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 159.816980][ T7490] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 159.839647][ T7490] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 159.857007][ T7490] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7509 attached [pid 7509] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7509] chdir("./122") = 0 [pid 7509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7509] setpgid(0, 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7509 [pid 7509] <... setpgid resumed>) = 0 [pid 7509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7509] write(3, "1000", 4) = 4 [pid 7509] close(3) = 0 [pid 7509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7509] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7509] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7509] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7509] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7509] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7510 attached => {parent_tid=[7510]}, 88) = 7510 [pid 7510] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7509] rt_sigprocmask(SIG_SETMASK, [], [pid 7510] set_robust_list(0x7f0bd5e299a0, 24 [pid 7509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7510] <... set_robust_list resumed>) = 0 [pid 7509] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7510] rt_sigprocmask(SIG_SETMASK, [], [pid 7509] <... futex resumed>) = 0 [pid 7510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7509] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7510] memfd_create("syzkaller", 0) = 3 [pid 7510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7510] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7510] close(3) = 0 [pid 7510] mkdir("./file0", 0777) = 0 [ 160.389800][ T7510] loop0: detected capacity change from 0 to 32768 [ 160.399690][ T7510] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7510) [ 160.415647][ T7510] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 160.424949][ T7510] BTRFS info (device loop0): force clearing of disk cache [ 160.432078][ T7510] BTRFS info (device loop0): setting nodatasum [ 160.438678][ T7510] BTRFS info (device loop0): allowing degraded mounts [ 160.445608][ T7510] BTRFS info (device loop0): enabling disk space caching [ 160.452724][ T7510] BTRFS info (device loop0): disk space caching is enabled [ 160.472197][ T7510] BTRFS info (device loop0): enabling ssd optimizations [ 160.479336][ T7510] BTRFS info (device loop0): auto enabling async discard [pid 7510] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7510] chdir("./file0") = 0 [pid 7510] ioctl(4, LOOP_CLR_FD) = 0 [pid 7510] close(4) = 0 [pid 7510] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7509] <... futex resumed>) = 0 [pid 7510] open("./file0", O_RDONLY [pid 7509] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7510] <... open resumed>) = 4 [pid 7509] <... futex resumed>) = 0 [pid 7510] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7509] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7510] <... futex resumed>) = 0 [pid 7510] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7509] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7510] <... futex resumed>) = 0 [pid 7509] <... futex resumed>) = 1 [pid 7510] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7509] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7510] <... ioctl resumed>) = 0 [pid 7510] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7509] <... futex resumed>) = 0 [pid 7510] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7509] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7509] <... futex resumed>) = 0 [ 160.487711][ T7510] BTRFS info (device loop0): rebuilding free space tree [ 160.499349][ T7510] BTRFS info (device loop0): disabling free space tree [ 160.507345][ T7510] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 160.517070][ T7510] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 160.530016][ T7510] BTRFS info (device loop0): checking UUID tree [pid 7509] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7510] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7509] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7509] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7509] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7509] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7528 attached => {parent_tid=[7528]}, 88) = 7528 [pid 7528] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7528] set_robust_list(0x7f0bd5e089a0, 24 [pid 7509] rt_sigprocmask(SIG_SETMASK, [], [pid 7528] <... set_robust_list resumed>) = 0 [pid 7509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7528] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7509] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7528] <... futex resumed>) = 0 [pid 7509] <... futex resumed>) = 1 [pid 7509] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7528] open(".", O_RDONLY) = 5 [pid 7528] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7528] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7509] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7528] <... futex resumed>) = 0 [pid 7509] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 160.576442][ T7510] BTRFS info (device loop0): balance: start -d -m [ 160.585304][ T7510] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 160.609751][ T7510] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7528] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7509] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7528] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 160.670230][ T7510] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 160.709889][ T7510] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7528] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7510] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7510] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7510] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7509] exit_group(0 [pid 7528] <... futex resumed>) = ? [pid 7510] <... futex resumed>) = ? [pid 7509] <... exit_group resumed>) = ? [pid 7528] +++ exited with 0 +++ [pid 7510] +++ exited with 0 +++ [pid 7509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7509, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 160.727061][ T7510] BTRFS info (device loop0): balance: ended with status: 0 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7529 attached , child_tidptr=0x5555570ad690) = 7529 [pid 7529] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7529] chdir("./123") = 0 [pid 7529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7529] setpgid(0, 0) = 0 [pid 7529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7529] write(3, "1000", 4) = 4 [pid 7529] close(3) = 0 [pid 7529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7529] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7529] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7529] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7530 attached => {parent_tid=[7530]}, 88) = 7530 [pid 7530] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7530] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7530] rt_sigprocmask(SIG_SETMASK, [], [pid 7529] rt_sigprocmask(SIG_SETMASK, [], [pid 7530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7530] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7529] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7529] <... futex resumed>) = 0 [pid 7530] memfd_create("syzkaller", 0 [pid 7529] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7530] <... memfd_create resumed>) = 3 [pid 7530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7530] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7530] close(3) = 0 [pid 7530] mkdir("./file0", 0777) = 0 [ 161.314368][ T7530] loop0: detected capacity change from 0 to 32768 [ 161.328951][ T7530] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7530) [ 161.344762][ T7530] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 161.354089][ T7530] BTRFS info (device loop0): force clearing of disk cache [ 161.361191][ T7530] BTRFS info (device loop0): setting nodatasum [ 161.367574][ T7530] BTRFS info (device loop0): allowing degraded mounts [ 161.374440][ T7530] BTRFS info (device loop0): enabling disk space caching [ 161.381481][ T7530] BTRFS info (device loop0): disk space caching is enabled [ 161.400320][ T7530] BTRFS info (device loop0): enabling ssd optimizations [ 161.407404][ T7530] BTRFS info (device loop0): auto enabling async discard [pid 7530] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7530] chdir("./file0") = 0 [ 161.415346][ T7530] BTRFS info (device loop0): rebuilding free space tree [ 161.426533][ T7530] BTRFS info (device loop0): disabling free space tree [ 161.433504][ T7530] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 161.443303][ T7530] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 161.455996][ T7530] BTRFS info (device loop0): checking UUID tree [pid 7530] ioctl(4, LOOP_CLR_FD) = 0 [pid 7530] close(4) = 0 [pid 7530] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7529] <... futex resumed>) = 0 [pid 7530] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7529] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7530] <... futex resumed>) = 0 [pid 7530] open("./file0", O_RDONLY) = 4 [pid 7529] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7530] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7529] <... futex resumed>) = 0 [pid 7529] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7530] <... futex resumed>) = 1 [pid 7529] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7530] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7530] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7529] <... futex resumed>) = 0 [pid 7530] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7529] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7529] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7529] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7529] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7529] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 161.596417][ T7530] BTRFS info (device loop0): balance: start -d -m [ 161.603928][ T7530] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 161.620392][ T7530] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7548 attached => {parent_tid=[7548]}, 88) = 7548 [pid 7548] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7529] rt_sigprocmask(SIG_SETMASK, [], [pid 7548] set_robust_list(0x7f0bd5e089a0, 24 [pid 7529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7548] <... set_robust_list resumed>) = 0 [pid 7529] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7548] rt_sigprocmask(SIG_SETMASK, [], [pid 7529] <... futex resumed>) = 0 [pid 7548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7548] open(".", O_RDONLY [pid 7529] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7548] <... open resumed>) = 5 [pid 7548] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7529] <... futex resumed>) = 0 [pid 7548] <... futex resumed>) = 1 [pid 7529] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7548] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7529] <... futex resumed>) = 0 [ 161.650520][ T7530] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 161.671933][ T7530] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7529] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7548] <... ioctl resumed>) = 0 [pid 7548] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7530] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7529] <... futex resumed>) = 0 [pid 7530] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7548] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7530] <... futex resumed>) = 0 [pid 7529] exit_group(0 [pid 7530] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7548] <... futex resumed>) = ? [pid 7530] <... futex resumed>) = ? [pid 7529] <... exit_group resumed>) = ? [pid 7548] +++ exited with 0 +++ [pid 7530] +++ exited with 0 +++ [pid 7529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7529, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 161.699241][ T7530] BTRFS info (device loop0): balance: ended with status: 0 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7549 attached , child_tidptr=0x5555570ad690) = 7549 [pid 7549] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7549] chdir("./124") = 0 [pid 7549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7549] setpgid(0, 0) = 0 [pid 7549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7549] write(3, "1000", 4) = 4 [pid 7549] close(3) = 0 [pid 7549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7549] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7549] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7549] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7549] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7550 attached [pid 7550] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7549] <... clone3 resumed> => {parent_tid=[7550]}, 88) = 7550 [pid 7550] set_robust_list(0x7f0bd5e299a0, 24 [pid 7549] rt_sigprocmask(SIG_SETMASK, [], [pid 7550] <... set_robust_list resumed>) = 0 [pid 7549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7550] rt_sigprocmask(SIG_SETMASK, [], [pid 7549] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7549] <... futex resumed>) = 0 [pid 7550] memfd_create("syzkaller", 0 [pid 7549] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7550] <... memfd_create resumed>) = 3 [pid 7550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7550] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7550] close(3) = 0 [pid 7550] mkdir("./file0", 0777) = 0 [ 162.241955][ T7550] loop0: detected capacity change from 0 to 32768 [ 162.257087][ T7550] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7550) [ 162.273376][ T7550] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 162.282927][ T7550] BTRFS info (device loop0): force clearing of disk cache [ 162.290189][ T7550] BTRFS info (device loop0): setting nodatasum [ 162.296607][ T7550] BTRFS info (device loop0): allowing degraded mounts [ 162.303382][ T7550] BTRFS info (device loop0): enabling disk space caching [ 162.310644][ T7550] BTRFS info (device loop0): disk space caching is enabled [ 162.330905][ T7550] BTRFS info (device loop0): enabling ssd optimizations [ 162.337962][ T7550] BTRFS info (device loop0): auto enabling async discard [ 162.346305][ T7550] BTRFS info (device loop0): rebuilding free space tree [ 162.357297][ T7550] BTRFS info (device loop0): disabling free space tree [ 162.364296][ T7550] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 162.374054][ T7550] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7550] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7550] chdir("./file0") = 0 [pid 7550] ioctl(4, LOOP_CLR_FD) = 0 [pid 7550] close(4) = 0 [pid 7550] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7549] <... futex resumed>) = 0 [pid 7550] open("./file0", O_RDONLY [pid 7549] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7550] <... open resumed>) = 4 [pid 7549] <... futex resumed>) = 0 [pid 7550] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7549] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7550] <... futex resumed>) = 0 [pid 7549] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7550] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7549] <... futex resumed>) = 0 [ 162.386947][ T7550] BTRFS info (device loop0): checking UUID tree [pid 7550] <... ioctl resumed>) = 0 [pid 7549] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7550] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7549] <... futex resumed>) = 0 [pid 7549] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7550] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7549] <... futex resumed>) = 0 [pid 7549] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7549] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7549] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7549] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7568 attached => {parent_tid=[7568]}, 88) = 7568 [pid 7568] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7568] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7549] rt_sigprocmask(SIG_SETMASK, [], [pid 7568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7568] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7549] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7568] <... futex resumed>) = 0 [pid 7549] <... futex resumed>) = 1 [pid 7568] open(".", O_RDONLY [pid 7549] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7568] <... open resumed>) = 5 [pid 7568] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7549] <... futex resumed>) = 0 [pid 7549] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7549] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7568] <... futex resumed>) = 1 [ 162.439104][ T7550] BTRFS info (device loop0): balance: start -d -m [ 162.447205][ T7550] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 162.469514][ T7550] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7568] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7568] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7568] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7549] <... futex resumed>) = 0 [ 162.518161][ T7550] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 7550] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7550] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7550] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7549] exit_group(0 [pid 7568] <... futex resumed>) = ? [pid 7550] <... futex resumed>) = ? [pid 7549] <... exit_group resumed>) = ? [pid 7568] +++ exited with 0 +++ [pid 7550] +++ exited with 0 +++ [pid 7549] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7549, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 162.582395][ T7550] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 162.600156][ T7550] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7569 attached [pid 7569] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7569] chdir("./125") = 0 [pid 7569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7569] setpgid(0, 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7569 [pid 7569] <... setpgid resumed>) = 0 [pid 7569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7569] write(3, "1000", 4) = 4 [pid 7569] close(3) = 0 [pid 7569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7569] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7569] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7569] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7570 attached [pid 7570] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7570] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7570] rt_sigprocmask(SIG_SETMASK, [], [pid 7569] <... clone3 resumed> => {parent_tid=[7570]}, 88) = 7570 [pid 7570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7569] rt_sigprocmask(SIG_SETMASK, [], [pid 7570] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7569] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7570] <... futex resumed>) = 0 [pid 7570] memfd_create("syzkaller", 0 [pid 7569] <... futex resumed>) = 1 [pid 7569] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7570] <... memfd_create resumed>) = 3 [pid 7570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7570] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7570] close(3) = 0 [pid 7570] mkdir("./file0", 0777) = 0 [ 163.084147][ T7570] loop0: detected capacity change from 0 to 32768 [ 163.104325][ T7570] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7570) [ 163.120023][ T7570] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 7570] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 163.129339][ T7570] BTRFS info (device loop0): force clearing of disk cache [ 163.136487][ T7570] BTRFS info (device loop0): setting nodatasum [ 163.142665][ T7570] BTRFS info (device loop0): allowing degraded mounts [ 163.149519][ T7570] BTRFS info (device loop0): enabling disk space caching [pid 7570] chdir("./file0") = 0 [pid 7570] ioctl(4, LOOP_CLR_FD) = 0 [pid 7570] close(4) = 0 [pid 7570] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7569] <... futex resumed>) = 0 [pid 7570] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7569] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7569] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7570] <... futex resumed>) = 0 [pid 7570] open("./file0", O_RDONLY) = 4 [pid 7570] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7569] <... futex resumed>) = 0 [pid 7570] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7569] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7570] <... ioctl resumed>) = 0 [pid 7569] <... futex resumed>) = 0 [pid 7569] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7570] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7569] <... futex resumed>) = 0 [pid 7570] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7569] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7570] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7569] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7569] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7569] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7588]}, 88) = 7588 ./strace-static-x86_64: Process 7588 attached [pid 7569] rt_sigprocmask(SIG_SETMASK, [], [pid 7588] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7588] <... rseq resumed>) = 0 [pid 7569] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7588] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7569] <... futex resumed>) = 0 [pid 7588] rt_sigprocmask(SIG_SETMASK, [], [pid 7569] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7588] open(".", O_RDONLY) = 5 [pid 7588] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7569] <... futex resumed>) = 0 [pid 7569] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7569] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7588] <... futex resumed>) = 1 [pid 7588] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7569] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7569] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7588] <... ioctl resumed>) = 0 [pid 7588] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7588] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7570] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7570] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7569] exit_group(0 [pid 7570] <... futex resumed>) = 0 [pid 7588] <... futex resumed>) = ? [pid 7569] <... exit_group resumed>) = ? [pid 7588] +++ exited with 0 +++ [pid 7570] +++ exited with 0 +++ [pid 7569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7569, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7589 attached , child_tidptr=0x5555570ad690) = 7589 [pid 7589] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7589] chdir("./126") = 0 [pid 7589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7589] setpgid(0, 0) = 0 [pid 7589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7589] write(3, "1000", 4) = 4 [pid 7589] close(3) = 0 [pid 7589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7589] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7589] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7589] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7589] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7589] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7590 attached [pid 7590] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7589] <... clone3 resumed> => {parent_tid=[7590]}, 88) = 7590 [pid 7590] <... rseq resumed>) = 0 [pid 7590] set_robust_list(0x7f0bd5e299a0, 24 [pid 7589] rt_sigprocmask(SIG_SETMASK, [], [pid 7590] <... set_robust_list resumed>) = 0 [pid 7589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7590] rt_sigprocmask(SIG_SETMASK, [], [pid 7589] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7589] <... futex resumed>) = 0 [pid 7590] memfd_create("syzkaller", 0 [pid 7589] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7590] <... memfd_create resumed>) = 3 [pid 7590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7590] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7590] close(3) = 0 [pid 7590] mkdir("./file0", 0777) = 0 [ 163.910473][ T7590] loop0: detected capacity change from 0 to 32768 [ 163.919999][ T7590] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7590) [ 163.935778][ T7590] _btrfs_printk: 14 callbacks suppressed [ 163.935794][ T7590] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 163.950721][ T7590] BTRFS info (device loop0): force clearing of disk cache [ 163.957915][ T7590] BTRFS info (device loop0): setting nodatasum [ 163.964255][ T7590] BTRFS info (device loop0): allowing degraded mounts [ 163.971026][ T7590] BTRFS info (device loop0): enabling disk space caching [ 163.978111][ T7590] BTRFS info (device loop0): disk space caching is enabled [ 163.997425][ T7590] BTRFS info (device loop0): enabling ssd optimizations [pid 7590] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 164.004438][ T7590] BTRFS info (device loop0): auto enabling async discard [ 164.013070][ T7590] BTRFS info (device loop0): rebuilding free space tree [ 164.024187][ T7590] BTRFS info (device loop0): disabling free space tree [ 164.031081][ T7590] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 164.040821][ T7590] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 164.053464][ T7590] BTRFS info (device loop0): checking UUID tree [pid 7590] chdir("./file0") = 0 [pid 7590] ioctl(4, LOOP_CLR_FD) = 0 [pid 7590] close(4) = 0 [pid 7590] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7589] <... futex resumed>) = 0 [pid 7589] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7590] open("./file0", O_RDONLY [pid 7589] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7590] <... open resumed>) = 4 [pid 7590] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7589] <... futex resumed>) = 0 [pid 7589] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7590] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7589] <... futex resumed>) = 0 [pid 7589] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7590] <... ioctl resumed>) = 0 [pid 7590] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7589] <... futex resumed>) = 0 [pid 7590] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7589] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7589] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7590] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7589] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7589] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7589] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7589] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7608]}, 88) = 7608 [pid 7589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7589] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7589] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7608 attached [pid 7608] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7608] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7608] open(".", O_RDONLY) = 5 [pid 7608] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7589] <... futex resumed>) = 0 [pid 7589] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7589] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7608] <... futex resumed>) = 1 [ 164.167248][ T7590] BTRFS info (device loop0): balance: start -d -m [ 164.178027][ T7590] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 164.204429][ T7590] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7608] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7608] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7608] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7589] <... futex resumed>) = 0 [pid 7590] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7590] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7590] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7589] exit_group(0 [pid 7608] <... futex resumed>) = ? [pid 7590] <... futex resumed>) = ? [pid 7590] +++ exited with 0 +++ [pid 7589] <... exit_group resumed>) = ? [pid 7608] +++ exited with 0 +++ [pid 7589] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7589, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 [ 164.264499][ T7590] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 164.285817][ T7590] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 164.303023][ T7590] BTRFS info (device loop0): balance: ended with status: 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7609 attached , child_tidptr=0x5555570ad690) = 7609 [pid 7609] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7609] chdir("./127") = 0 [pid 7609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7609] setpgid(0, 0) = 0 [pid 7609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7609] write(3, "1000", 4) = 4 [pid 7609] close(3) = 0 [pid 7609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7609] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7609] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7609] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7609] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7610 attached => {parent_tid=[7610]}, 88) = 7610 [pid 7610] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7609] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7609] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7610] <... rseq resumed>) = 0 [pid 7610] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7610] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7610] memfd_create("syzkaller", 0) = 3 [pid 7610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7610] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7610] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7610] close(3) = 0 [pid 7610] mkdir("./file0", 0777) = 0 [ 164.751572][ T7610] loop0: detected capacity change from 0 to 32768 [ 164.771458][ T7610] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7610) [ 164.787053][ T7610] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 164.796438][ T7610] BTRFS info (device loop0): force clearing of disk cache [ 164.803627][ T7610] BTRFS info (device loop0): setting nodatasum [ 164.809876][ T7610] BTRFS info (device loop0): allowing degraded mounts [ 164.816714][ T7610] BTRFS info (device loop0): enabling disk space caching [ 164.823976][ T7610] BTRFS info (device loop0): disk space caching is enabled [ 164.843930][ T7610] BTRFS info (device loop0): enabling ssd optimizations [ 164.851022][ T7610] BTRFS info (device loop0): auto enabling async discard [ 164.859009][ T7610] BTRFS info (device loop0): rebuilding free space tree [ 164.870562][ T7610] BTRFS info (device loop0): disabling free space tree [ 164.877629][ T7610] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 164.887392][ T7610] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7610] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7610] chdir("./file0") = 0 [pid 7610] ioctl(4, LOOP_CLR_FD) = 0 [pid 7610] close(4) = 0 [ 164.900130][ T7610] BTRFS info (device loop0): checking UUID tree [pid 7610] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7609] <... futex resumed>) = 0 [pid 7610] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7609] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7609] <... futex resumed>) = 0 [pid 7609] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7610] open("./file0", O_RDONLY) = 4 [pid 7610] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7609] <... futex resumed>) = 0 [pid 7610] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7609] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7609] <... futex resumed>) = 0 [pid 7610] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7609] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7610] <... ioctl resumed>) = 0 [pid 7610] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7609] <... futex resumed>) = 0 [pid 7609] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7610] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7609] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7609] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7609] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7628]}, 88) = 7628 [pid 7609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7609] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7609] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7628 attached [pid 7628] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7628] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7628] open(".", O_RDONLY) = 5 [pid 7628] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7609] <... futex resumed>) = 0 [pid 7628] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7609] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7609] <... futex resumed>) = 0 [pid 7628] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 164.964626][ T7610] BTRFS info (device loop0): balance: start -d -m [ 164.972399][ T7610] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 164.993366][ T7610] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7609] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7628] <... ioctl resumed>) = 0 [pid 7628] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7609] <... futex resumed>) = 0 [ 165.066887][ T7610] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 165.104471][ T7610] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7628] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7610] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7610] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7610] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7609] exit_group(0 [pid 7628] <... futex resumed>) = ? [pid 7609] <... exit_group resumed>) = ? [pid 7610] <... futex resumed>) = ? [pid 7610] +++ exited with 0 +++ [pid 7628] +++ exited with 0 +++ [pid 7609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7609, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 165.124910][ T7610] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7629 attached , child_tidptr=0x5555570ad690) = 7629 [pid 7629] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7629] chdir("./128") = 0 [pid 7629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7629] setpgid(0, 0) = 0 [pid 7629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7629] write(3, "1000", 4) = 4 [pid 7629] close(3) = 0 [pid 7629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7629] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7629] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7629] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7629] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7629] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7629] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7630 attached [pid 7630] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7629] <... clone3 resumed> => {parent_tid=[7630]}, 88) = 7630 [pid 7630] set_robust_list(0x7f0bd5e299a0, 24 [pid 7629] rt_sigprocmask(SIG_SETMASK, [], [pid 7630] <... set_robust_list resumed>) = 0 [pid 7630] rt_sigprocmask(SIG_SETMASK, [], [pid 7629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7629] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7630] memfd_create("syzkaller", 0 [pid 7629] <... futex resumed>) = 0 [pid 7629] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7630] <... memfd_create resumed>) = 3 [pid 7630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7630] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7630] close(3) = 0 [pid 7630] mkdir("./file0", 0777) = 0 [ 165.721573][ T7630] loop0: detected capacity change from 0 to 32768 [ 165.746402][ T7630] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7630) [ 165.761360][ T7630] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 165.770677][ T7630] BTRFS info (device loop0): force clearing of disk cache [ 165.777874][ T7630] BTRFS info (device loop0): setting nodatasum [ 165.784125][ T7630] BTRFS info (device loop0): allowing degraded mounts [ 165.790916][ T7630] BTRFS info (device loop0): enabling disk space caching [ 165.798002][ T7630] BTRFS info (device loop0): disk space caching is enabled [ 165.816903][ T7630] BTRFS info (device loop0): enabling ssd optimizations [ 165.824134][ T7630] BTRFS info (device loop0): auto enabling async discard [ 165.832079][ T7630] BTRFS info (device loop0): rebuilding free space tree [ 165.843520][ T7630] BTRFS info (device loop0): disabling free space tree [ 165.850538][ T7630] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 165.860300][ T7630] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7630] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7630] chdir("./file0") = 0 [pid 7630] ioctl(4, LOOP_CLR_FD) = 0 [pid 7630] close(4) = 0 [pid 7630] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7629] <... futex resumed>) = 0 [pid 7630] <... futex resumed>) = 1 [pid 7629] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7630] open("./file0", O_RDONLY [pid 7629] <... futex resumed>) = 0 [pid 7629] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7630] <... open resumed>) = 4 [pid 7630] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7629] <... futex resumed>) = 0 [pid 7630] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7629] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7630] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7629] <... futex resumed>) = 0 [pid 7630] <... ioctl resumed>) = 0 [pid 7629] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7630] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7630] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7629] <... futex resumed>) = 0 [pid 7629] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7630] <... futex resumed>) = 0 [ 165.873030][ T7630] BTRFS info (device loop0): checking UUID tree [pid 7630] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 165.933222][ T7630] BTRFS info (device loop0): balance: start -d -m [ 165.942055][ T7630] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 7629] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7629] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7629] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7629] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7629] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7648]}, 88) = 7648 ./strace-static-x86_64: Process 7648 attached [pid 7648] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7629] rt_sigprocmask(SIG_SETMASK, [], [pid 7648] <... rseq resumed>) = 0 [pid 7629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7629] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7629] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7648] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7648] open(".", O_RDONLY) = 5 [pid 7648] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7629] <... futex resumed>) = 0 [pid 7648] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7629] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7629] <... futex resumed>) = 0 [pid 7648] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 165.974734][ T7630] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7629] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7648] <... ioctl resumed>) = 0 [pid 7648] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7648] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7629] <... futex resumed>) = 0 [ 166.026845][ T7630] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 166.060716][ T7630] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7630] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7630] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7629] exit_group(0 [pid 7648] <... futex resumed>) = ? [pid 7629] <... exit_group resumed>) = ? [pid 7648] +++ exited with 0 +++ [pid 7630] <... futex resumed>) = ? [pid 7630] +++ exited with 0 +++ [pid 7629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7629, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 166.078055][ T7630] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7649 attached [pid 7649] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7649] chdir("./129") = 0 [pid 7649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7649 [pid 7649] setpgid(0, 0) = 0 [pid 7649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7649] write(3, "1000", 4) = 4 [pid 7649] close(3) = 0 [pid 7649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7649] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7649] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7649] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7650 attached [pid 7650] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7649] <... clone3 resumed> => {parent_tid=[7650]}, 88) = 7650 [pid 7650] <... rseq resumed>) = 0 [pid 7649] rt_sigprocmask(SIG_SETMASK, [], [pid 7650] set_robust_list(0x7f0bd5e299a0, 24 [pid 7649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7650] <... set_robust_list resumed>) = 0 [pid 7649] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7649] <... futex resumed>) = 0 [pid 7650] memfd_create("syzkaller", 0 [pid 7649] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7650] <... memfd_create resumed>) = 3 [pid 7650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7650] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7650] close(3) = 0 [pid 7650] mkdir("./file0", 0777) = 0 [ 166.584613][ T7650] loop0: detected capacity change from 0 to 32768 [ 166.612101][ T7650] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7650) [ 166.628426][ T7650] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 166.637747][ T7650] BTRFS info (device loop0): force clearing of disk cache [ 166.644909][ T7650] BTRFS info (device loop0): setting nodatasum [ 166.651059][ T7650] BTRFS info (device loop0): allowing degraded mounts [ 166.657937][ T7650] BTRFS info (device loop0): enabling disk space caching [ 166.665054][ T7650] BTRFS info (device loop0): disk space caching is enabled [ 166.685007][ T7650] BTRFS info (device loop0): enabling ssd optimizations [ 166.692058][ T7650] BTRFS info (device loop0): auto enabling async discard [ 166.700047][ T7650] BTRFS info (device loop0): rebuilding free space tree [ 166.710981][ T7650] BTRFS info (device loop0): disabling free space tree [ 166.718016][ T7650] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7650] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7650] chdir("./file0") = 0 [pid 7650] ioctl(4, LOOP_CLR_FD) = 0 [pid 7650] close(4) = 0 [pid 7650] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7649] <... futex resumed>) = 0 [pid 7650] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7649] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7649] <... futex resumed>) = 0 [pid 7650] open("./file0", O_RDONLY [pid 7649] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7650] <... open resumed>) = 4 [ 166.727694][ T7650] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 166.740495][ T7650] BTRFS info (device loop0): checking UUID tree [pid 7650] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7649] <... futex resumed>) = 0 [pid 7650] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7649] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7649] <... futex resumed>) = 0 [pid 7650] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7649] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7650] <... ioctl resumed>) = 0 [pid 7650] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7649] <... futex resumed>) = 0 [pid 7649] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7650] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7649] <... futex resumed>) = 0 [pid 7649] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7649] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 166.826919][ T7650] BTRFS info (device loop0): balance: start -d -m [ 166.837718][ T7650] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 166.860953][ T7650] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7649] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7668 attached [pid 7668] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7649] <... clone3 resumed> => {parent_tid=[7668]}, 88) = 7668 [pid 7668] <... rseq resumed>) = 0 [pid 7649] rt_sigprocmask(SIG_SETMASK, [], [pid 7668] set_robust_list(0x7f0bd5e089a0, 24 [pid 7649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7668] <... set_robust_list resumed>) = 0 [pid 7649] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7649] <... futex resumed>) = 0 [pid 7668] open(".", O_RDONLY [pid 7649] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7668] <... open resumed>) = 5 [pid 7668] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7649] <... futex resumed>) = 0 [pid 7668] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7649] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7668] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7649] <... futex resumed>) = 0 [pid 7668] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 166.895951][ T7650] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 166.917786][ T7650] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7649] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7668] <... ioctl resumed>) = 0 [pid 7650] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7668] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7649] <... futex resumed>) = 0 [pid 7668] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7650] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7649] exit_group(0 [pid 7650] <... futex resumed>) = 0 [pid 7650] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7668] <... futex resumed>) = ? [pid 7650] <... futex resumed>) = ? [pid 7649] <... exit_group resumed>) = ? [pid 7668] +++ exited with 0 +++ [pid 7650] +++ exited with 0 +++ [pid 7649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7649, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- [ 166.947341][ T7650] BTRFS info (device loop0): balance: ended with status: 0 umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7669 attached , child_tidptr=0x5555570ad690) = 7669 [pid 7669] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7669] chdir("./130") = 0 [pid 7669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7669] setpgid(0, 0) = 0 [pid 7669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7669] write(3, "1000", 4) = 4 [pid 7669] close(3) = 0 [pid 7669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7669] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7669] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7669] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7669] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7670 attached [pid 7670] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7669] <... clone3 resumed> => {parent_tid=[7670]}, 88) = 7670 [pid 7670] <... rseq resumed>) = 0 [pid 7669] rt_sigprocmask(SIG_SETMASK, [], [pid 7670] set_robust_list(0x7f0bd5e299a0, 24 [pid 7669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7670] <... set_robust_list resumed>) = 0 [pid 7669] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7669] <... futex resumed>) = 0 [pid 7670] memfd_create("syzkaller", 0 [pid 7669] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7670] <... memfd_create resumed>) = 3 [pid 7670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7670] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7670] close(3) = 0 [pid 7670] mkdir("./file0", 0777) = 0 [ 167.536085][ T7670] loop0: detected capacity change from 0 to 32768 [ 167.552046][ T7670] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7670) [ 167.567638][ T7670] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 167.577017][ T7670] BTRFS info (device loop0): force clearing of disk cache [ 167.584193][ T7670] BTRFS info (device loop0): setting nodatasum [ 167.590367][ T7670] BTRFS info (device loop0): allowing degraded mounts [ 167.597465][ T7670] BTRFS info (device loop0): enabling disk space caching [ 167.604583][ T7670] BTRFS info (device loop0): disk space caching is enabled [ 167.623218][ T7670] BTRFS info (device loop0): enabling ssd optimizations [pid 7670] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7670] chdir("./file0") = 0 [pid 7670] ioctl(4, LOOP_CLR_FD) = 0 [pid 7670] close(4) = 0 [pid 7670] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7669] <... futex resumed>) = 0 [pid 7670] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7669] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 167.630382][ T7670] BTRFS info (device loop0): auto enabling async discard [ 167.638413][ T7670] BTRFS info (device loop0): rebuilding free space tree [ 167.649520][ T7670] BTRFS info (device loop0): disabling free space tree [ 167.656847][ T7670] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 167.666708][ T7670] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 167.679148][ T7670] BTRFS info (device loop0): checking UUID tree [pid 7669] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7670] open("./file0", O_RDONLY) = 4 [pid 7670] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7670] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7669] <... futex resumed>) = 0 [pid 7669] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7670] <... futex resumed>) = 0 [pid 7669] <... futex resumed>) = 1 [pid 7670] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7669] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7670] <... ioctl resumed>) = 0 [pid 7670] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7669] <... futex resumed>) = 0 [pid 7670] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7669] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7669] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7669] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7669] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7669] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7688]}, 88) = 7688 [pid 7669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7669] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7669] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7688 attached [pid 7688] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7688] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7688] open(".", O_RDONLY) = 5 [pid 7688] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7669] <... futex resumed>) = 0 [pid 7688] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7669] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7688] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7669] <... futex resumed>) = 0 [ 167.743501][ T7670] BTRFS info (device loop0): balance: start -d -m [ 167.753970][ T7670] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 167.779888][ T7670] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7669] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7688] <... ioctl resumed>) = 0 [pid 7688] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7669] <... futex resumed>) = 0 [pid 7688] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7670] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7670] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7670] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7669] exit_group(0 [pid 7688] <... futex resumed>) = ? [pid 7670] <... futex resumed>) = ? [pid 7669] <... exit_group resumed>) = ? [pid 7688] +++ exited with 0 +++ [pid 7670] +++ exited with 0 +++ [pid 7669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7669, si_uid=0, si_status=0, si_utime=0, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 167.852288][ T7670] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 167.874017][ T7670] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 167.892437][ T7670] BTRFS info (device loop0): balance: ended with status: 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7689 attached , child_tidptr=0x5555570ad690) = 7689 [pid 7689] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7689] chdir("./131") = 0 [pid 7689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7689] setpgid(0, 0) = 0 [pid 7689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7689] write(3, "1000", 4) = 4 [pid 7689] close(3) = 0 [pid 7689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7689] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7689] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7689] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7690 attached [pid 7690] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7689] <... clone3 resumed> => {parent_tid=[7690]}, 88) = 7690 [pid 7690] <... rseq resumed>) = 0 [pid 7689] rt_sigprocmask(SIG_SETMASK, [], [pid 7690] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7690] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7690] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7689] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7690] <... futex resumed>) = 0 [pid 7689] <... futex resumed>) = 1 [pid 7690] memfd_create("syzkaller", 0 [pid 7689] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7690] <... memfd_create resumed>) = 3 [pid 7690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7690] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7690] close(3) = 0 [pid 7690] mkdir("./file0", 0777) = 0 [ 168.436537][ T7690] loop0: detected capacity change from 0 to 32768 [ 168.466864][ T7690] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7690) [pid 7690] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7690] chdir("./file0") = 0 [ 168.483406][ T7690] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 168.492740][ T7690] BTRFS info (device loop0): force clearing of disk cache [ 168.499930][ T7690] BTRFS info (device loop0): setting nodatasum [ 168.506146][ T7690] BTRFS info (device loop0): allowing degraded mounts [ 168.512908][ T7690] BTRFS info (device loop0): enabling disk space caching [pid 7690] ioctl(4, LOOP_CLR_FD) = 0 [pid 7690] close(4) = 0 [pid 7690] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7689] <... futex resumed>) = 0 [pid 7690] open("./file0", O_RDONLY [pid 7689] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7690] <... open resumed>) = 4 [pid 7689] <... futex resumed>) = 0 [pid 7689] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7690] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7689] <... futex resumed>) = 0 [pid 7690] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7689] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7690] <... futex resumed>) = 0 [pid 7690] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7690] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7690] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7689] <... futex resumed>) = 1 [pid 7689] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7689] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7690] <... futex resumed>) = 0 [pid 7690] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7689] <... futex resumed>) = 1 [pid 7689] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7689] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7689] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7708 attached => {parent_tid=[7708]}, 88) = 7708 [pid 7708] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7689] rt_sigprocmask(SIG_SETMASK, [], [pid 7708] <... rseq resumed>) = 0 [pid 7708] set_robust_list(0x7f0bd5e089a0, 24 [pid 7689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7708] <... set_robust_list resumed>) = 0 [pid 7689] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7708] rt_sigprocmask(SIG_SETMASK, [], [pid 7689] <... futex resumed>) = 0 [pid 7708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7689] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7708] open(".", O_RDONLY) = 5 [pid 7708] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7689] <... futex resumed>) = 0 [pid 7689] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7708] <... futex resumed>) = 1 [pid 7689] <... futex resumed>) = 0 [pid 7708] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7689] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7708] <... ioctl resumed>) = 0 [pid 7708] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7708] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7689] <... futex resumed>) = 0 [pid 7690] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7690] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7690] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7689] exit_group(0 [pid 7708] <... futex resumed>) = ? [pid 7690] <... futex resumed>) = ? [pid 7689] <... exit_group resumed>) = ? [pid 7708] +++ exited with 0 +++ [pid 7690] +++ exited with 0 +++ [pid 7689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7689, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7709 attached , child_tidptr=0x5555570ad690) = 7709 [pid 7709] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7709] chdir("./132") = 0 [pid 7709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7709] setpgid(0, 0) = 0 [pid 7709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7709] write(3, "1000", 4) = 4 [pid 7709] close(3) = 0 [pid 7709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7709] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7709] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7709] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7709] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7710 attached => {parent_tid=[7710]}, 88) = 7710 [pid 7710] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7710] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7710] rt_sigprocmask(SIG_SETMASK, [], [pid 7709] rt_sigprocmask(SIG_SETMASK, [], [pid 7710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7710] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7709] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7709] <... futex resumed>) = 0 [pid 7710] memfd_create("syzkaller", 0 [pid 7709] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7710] <... memfd_create resumed>) = 3 [pid 7710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7710] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7710] close(3) = 0 [pid 7710] mkdir("./file0", 0777) = 0 [ 169.212368][ T7710] loop0: detected capacity change from 0 to 32768 [ 169.229983][ T7710] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7710) [ 169.244867][ T7710] _btrfs_printk: 14 callbacks suppressed [ 169.244882][ T7710] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 169.259800][ T7710] BTRFS info (device loop0): force clearing of disk cache [ 169.266999][ T7710] BTRFS info (device loop0): setting nodatasum [ 169.273162][ T7710] BTRFS info (device loop0): allowing degraded mounts [ 169.279975][ T7710] BTRFS info (device loop0): enabling disk space caching [ 169.287056][ T7710] BTRFS info (device loop0): disk space caching is enabled [ 169.306112][ T7710] BTRFS info (device loop0): enabling ssd optimizations [ 169.313096][ T7710] BTRFS info (device loop0): auto enabling async discard [ 169.321493][ T7710] BTRFS info (device loop0): rebuilding free space tree [ 169.332276][ T7710] BTRFS info (device loop0): disabling free space tree [ 169.339434][ T7710] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 169.349109][ T7710] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7710] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7710] chdir("./file0") = 0 [pid 7710] ioctl(4, LOOP_CLR_FD) = 0 [pid 7710] close(4) = 0 [pid 7710] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7709] <... futex resumed>) = 0 [pid 7710] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7709] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7709] <... futex resumed>) = 0 [pid 7710] open("./file0", O_RDONLY [pid 7709] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7710] <... open resumed>) = 4 [pid 7710] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 169.361823][ T7710] BTRFS info (device loop0): checking UUID tree [pid 7710] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7709] <... futex resumed>) = 0 [pid 7709] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7710] <... futex resumed>) = 0 [pid 7709] <... futex resumed>) = 1 [pid 7709] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7710] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7710] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7709] <... futex resumed>) = 0 [pid 7710] <... futex resumed>) = 1 [pid 7709] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7710] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7709] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7709] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7709] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7728 attached => {parent_tid=[7728]}, 88) = 7728 [pid 7728] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7709] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7728] <... rseq resumed>) = 0 [pid 7709] <... futex resumed>) = 0 [pid 7728] set_robust_list(0x7f0bd5e089a0, 24 [pid 7709] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7728] <... set_robust_list resumed>) = 0 [pid 7728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7728] open(".", O_RDONLY) = 5 [pid 7728] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7728] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7709] <... futex resumed>) = 0 [pid 7709] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7728] <... futex resumed>) = 0 [pid 7709] <... futex resumed>) = 1 [pid 7728] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 169.428527][ T7710] BTRFS info (device loop0): balance: start -d -m [ 169.439077][ T7710] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 169.464930][ T7710] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7709] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7728] <... ioctl resumed>) = 0 [pid 7728] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7709] <... futex resumed>) = 0 [pid 7728] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7710] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7710] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7709] exit_group(0 [pid 7728] <... futex resumed>) = ? [pid 7710] <... futex resumed>) = ? [pid 7709] <... exit_group resumed>) = ? [pid 7728] +++ exited with 0 +++ [pid 7710] +++ exited with 0 +++ [pid 7709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7709, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 169.533237][ T7710] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 169.553470][ T7710] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 169.571893][ T7710] BTRFS info (device loop0): balance: ended with status: 0 unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7729 attached , child_tidptr=0x5555570ad690) = 7729 [pid 7729] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7729] chdir("./133") = 0 [pid 7729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7729] setpgid(0, 0) = 0 [pid 7729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7729] write(3, "1000", 4) = 4 [pid 7729] close(3) = 0 [pid 7729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7729] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7729] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7729] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7730 attached [pid 7730] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7729] <... clone3 resumed> => {parent_tid=[7730]}, 88) = 7730 [pid 7730] set_robust_list(0x7f0bd5e299a0, 24 [pid 7729] rt_sigprocmask(SIG_SETMASK, [], [pid 7730] <... set_robust_list resumed>) = 0 [pid 7729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7729] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7730] memfd_create("syzkaller", 0 [pid 7729] <... futex resumed>) = 0 [pid 7729] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7730] <... memfd_create resumed>) = 3 [pid 7730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7730] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7730] close(3) = 0 [pid 7730] mkdir("./file0", 0777) = 0 [ 170.045410][ T7730] loop0: detected capacity change from 0 to 32768 [ 170.060167][ T7730] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7730) [ 170.076267][ T7730] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 170.085697][ T7730] BTRFS info (device loop0): force clearing of disk cache [ 170.092808][ T7730] BTRFS info (device loop0): setting nodatasum [ 170.099236][ T7730] BTRFS info (device loop0): allowing degraded mounts [ 170.106070][ T7730] BTRFS info (device loop0): enabling disk space caching [ 170.113095][ T7730] BTRFS info (device loop0): disk space caching is enabled [ 170.131791][ T7730] BTRFS info (device loop0): enabling ssd optimizations [ 170.138927][ T7730] BTRFS info (device loop0): auto enabling async discard [pid 7730] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7730] chdir("./file0") = 0 [pid 7730] ioctl(4, LOOP_CLR_FD) = 0 [pid 7730] close(4) = 0 [pid 7730] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7729] <... futex resumed>) = 0 [pid 7730] <... futex resumed>) = 1 [ 170.146933][ T7730] BTRFS info (device loop0): rebuilding free space tree [ 170.157786][ T7730] BTRFS info (device loop0): disabling free space tree [ 170.165021][ T7730] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 170.174930][ T7730] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 170.187385][ T7730] BTRFS info (device loop0): checking UUID tree [pid 7729] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7730] open("./file0", O_RDONLY [pid 7729] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7730] <... open resumed>) = 4 [pid 7730] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7729] <... futex resumed>) = 0 [pid 7730] <... futex resumed>) = 1 [pid 7729] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7730] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7729] <... futex resumed>) = 0 [pid 7730] <... ioctl resumed>) = 0 [pid 7729] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7730] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7730] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7729] <... futex resumed>) = 0 [pid 7730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7729] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7730] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7729] <... futex resumed>) = 0 [pid 7729] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7729] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7729] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7748 attached => {parent_tid=[7748]}, 88) = 7748 [pid 7748] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7729] rt_sigprocmask(SIG_SETMASK, [], [pid 7748] <... rseq resumed>) = 0 [pid 7729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7748] set_robust_list(0x7f0bd5e089a0, 24 [pid 7729] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7748] <... set_robust_list resumed>) = 0 [pid 7729] <... futex resumed>) = 0 [pid 7748] rt_sigprocmask(SIG_SETMASK, [], [pid 7729] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7748] open(".", O_RDONLY) = 5 [pid 7748] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7729] <... futex resumed>) = 0 [pid 7729] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 170.256612][ T7730] BTRFS info (device loop0): balance: start -d -m [ 170.265462][ T7730] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 170.289678][ T7730] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7729] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 170.333384][ T7730] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 7748] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 7729] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7748] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7748] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7730] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7730] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7729] exit_group(0 [pid 7748] <... futex resumed>) = ? [pid 7730] <... futex resumed>) = ? [pid 7729] <... exit_group resumed>) = ? [pid 7748] +++ exited with 0 +++ [pid 7730] +++ exited with 0 +++ [pid 7729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7729, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 [ 170.378788][ T7730] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 170.397888][ T7730] BTRFS info (device loop0): balance: ended with status: 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7749 attached , child_tidptr=0x5555570ad690) = 7749 [pid 7749] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7749] chdir("./134") = 0 [pid 7749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7749] setpgid(0, 0) = 0 [pid 7749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7749] write(3, "1000", 4) = 4 [pid 7749] close(3) = 0 [pid 7749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7749] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7749] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7749] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7749] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7750 attached => {parent_tid=[7750]}, 88) = 7750 [pid 7749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7749] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7750] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7749] <... futex resumed>) = 0 [pid 7750] set_robust_list(0x7f0bd5e299a0, 24 [pid 7749] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7750] <... set_robust_list resumed>) = 0 [pid 7750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7750] memfd_create("syzkaller", 0) = 3 [pid 7750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7750] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7750] close(3) = 0 [pid 7750] mkdir("./file0", 0777) = 0 [ 170.816371][ T7750] loop0: detected capacity change from 0 to 32768 [ 170.832877][ T7750] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7750) [ 170.849483][ T7750] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 170.858883][ T7750] BTRFS info (device loop0): force clearing of disk cache [ 170.866047][ T7750] BTRFS info (device loop0): setting nodatasum [ 170.872216][ T7750] BTRFS info (device loop0): allowing degraded mounts [ 170.879282][ T7750] BTRFS info (device loop0): enabling disk space caching [ 170.886361][ T7750] BTRFS info (device loop0): disk space caching is enabled [ 170.906077][ T7750] BTRFS info (device loop0): enabling ssd optimizations [ 170.913057][ T7750] BTRFS info (device loop0): auto enabling async discard [ 170.921020][ T7750] BTRFS info (device loop0): rebuilding free space tree [ 170.932106][ T7750] BTRFS info (device loop0): disabling free space tree [ 170.939664][ T7750] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 170.949517][ T7750] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7750] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7750] chdir("./file0") = 0 [pid 7750] ioctl(4, LOOP_CLR_FD) = 0 [pid 7750] close(4) = 0 [pid 7750] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7749] <... futex resumed>) = 0 [pid 7750] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7749] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7749] <... futex resumed>) = 0 [pid 7750] open("./file0", O_RDONLY [pid 7749] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7750] <... open resumed>) = 4 [ 170.961980][ T7750] BTRFS info (device loop0): checking UUID tree [pid 7750] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7749] <... futex resumed>) = 0 [pid 7750] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7749] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7749] <... futex resumed>) = 0 [pid 7750] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7749] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7750] <... ioctl resumed>) = 0 [pid 7750] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7749] <... futex resumed>) = 0 [pid 7749] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7750] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7749] <... futex resumed>) = 0 [pid 7749] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7749] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7749] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7768 attached => {parent_tid=[7768]}, 88) = 7768 [pid 7768] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7749] rt_sigprocmask(SIG_SETMASK, [], [pid 7768] <... rseq resumed>) = 0 [pid 7749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7768] set_robust_list(0x7f0bd5e089a0, 24 [pid 7749] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7768] <... set_robust_list resumed>) = 0 [pid 7749] <... futex resumed>) = 0 [pid 7768] rt_sigprocmask(SIG_SETMASK, [], [pid 7749] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7768] open(".", O_RDONLY) = 5 [pid 7768] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7749] <... futex resumed>) = 0 [pid 7749] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7768] <... futex resumed>) = 1 [pid 7749] <... futex resumed>) = 0 [pid 7768] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 171.022022][ T7750] BTRFS info (device loop0): balance: start -d -m [ 171.030108][ T7750] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 171.052912][ T7750] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7749] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7768] <... ioctl resumed>) = 0 [pid 7768] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7768] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7749] <... futex resumed>) = 0 [ 171.117746][ T7750] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 171.147796][ T7750] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7750] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7750] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7749] exit_group(0 [pid 7768] <... futex resumed>) = ? [pid 7750] <... futex resumed>) = ? [pid 7749] <... exit_group resumed>) = ? [pid 7768] +++ exited with 0 +++ [pid 7750] +++ exited with 0 +++ [pid 7749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7749, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 [ 171.169048][ T7750] BTRFS info (device loop0): balance: ended with status: 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7769 attached [pid 7769] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7769] chdir("./135") = 0 [pid 7769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7769 [pid 7769] setpgid(0, 0) = 0 [pid 7769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7769] write(3, "1000", 4) = 4 [pid 7769] close(3) = 0 [pid 7769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7769] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7769] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7769] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7769] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7770 attached [pid 7770] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7769] <... clone3 resumed> => {parent_tid=[7770]}, 88) = 7770 [pid 7770] set_robust_list(0x7f0bd5e299a0, 24 [pid 7769] rt_sigprocmask(SIG_SETMASK, [], [pid 7770] <... set_robust_list resumed>) = 0 [pid 7769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7770] rt_sigprocmask(SIG_SETMASK, [], [pid 7769] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7769] <... futex resumed>) = 0 [pid 7770] memfd_create("syzkaller", 0 [pid 7769] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7770] <... memfd_create resumed>) = 3 [pid 7770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7770] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7770] close(3) = 0 [pid 7770] mkdir("./file0", 0777) = 0 [ 171.650711][ T7770] loop0: detected capacity change from 0 to 32768 [ 171.664587][ T7770] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7770) [ 171.680203][ T7770] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 171.689544][ T7770] BTRFS info (device loop0): force clearing of disk cache [ 171.696723][ T7770] BTRFS info (device loop0): setting nodatasum [ 171.702900][ T7770] BTRFS info (device loop0): allowing degraded mounts [ 171.709725][ T7770] BTRFS info (device loop0): enabling disk space caching [ 171.716800][ T7770] BTRFS info (device loop0): disk space caching is enabled [ 171.736013][ T7770] BTRFS info (device loop0): enabling ssd optimizations [ 171.743009][ T7770] BTRFS info (device loop0): auto enabling async discard [pid 7770] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7770] chdir("./file0") = 0 [pid 7770] ioctl(4, LOOP_CLR_FD) = 0 [pid 7770] close(4) = 0 [pid 7770] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7769] <... futex resumed>) = 0 [ 171.751311][ T7770] BTRFS info (device loop0): rebuilding free space tree [ 171.762374][ T7770] BTRFS info (device loop0): disabling free space tree [ 171.769383][ T7770] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 171.779245][ T7770] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 171.792262][ T7770] BTRFS info (device loop0): checking UUID tree [pid 7770] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7769] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7770] <... futex resumed>) = 0 [pid 7769] <... futex resumed>) = 1 [pid 7770] open("./file0", O_RDONLY [pid 7769] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7770] <... open resumed>) = 4 [pid 7770] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7769] <... futex resumed>) = 0 [pid 7769] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7770] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7769] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7770] <... ioctl resumed>) = 0 [pid 7770] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7769] <... futex resumed>) = 0 [pid 7770] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7769] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7769] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7769] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7769] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7788 attached [pid 7788] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7769] <... clone3 resumed> => {parent_tid=[7788]}, 88) = 7788 [pid 7788] <... rseq resumed>) = 0 [pid 7769] rt_sigprocmask(SIG_SETMASK, [], [pid 7788] set_robust_list(0x7f0bd5e089a0, 24 [pid 7769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7788] <... set_robust_list resumed>) = 0 [pid 7769] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7788] rt_sigprocmask(SIG_SETMASK, [], [pid 7769] <... futex resumed>) = 0 [pid 7788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7788] open(".", O_RDONLY [pid 7769] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7788] <... open resumed>) = 5 [pid 7788] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7769] <... futex resumed>) = 0 [pid 7788] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7769] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7769] <... futex resumed>) = 0 [pid 7788] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 171.881638][ T7770] BTRFS info (device loop0): balance: start -d -m [ 171.891481][ T7770] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 171.913344][ T7770] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7769] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7788] <... ioctl resumed>) = 0 [pid 7788] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7769] <... futex resumed>) = 0 [pid 7788] <... futex resumed>) = 1 [pid 7788] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7770] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7770] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7769] exit_group(0 [pid 7788] <... futex resumed>) = ? [pid 7770] <... futex resumed>) = ? [pid 7769] <... exit_group resumed>) = ? [pid 7788] +++ exited with 0 +++ [pid 7770] +++ exited with 0 +++ [pid 7769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7769, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 171.964827][ T7770] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 171.990162][ T7770] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 172.007191][ T7770] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7789 attached , child_tidptr=0x5555570ad690) = 7789 [pid 7789] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7789] chdir("./136") = 0 [pid 7789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7789] setpgid(0, 0) = 0 [pid 7789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7789] write(3, "1000", 4) = 4 [pid 7789] close(3) = 0 [pid 7789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7789] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7789] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7789] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7789] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7790 attached [pid 7790] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7790] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7789] <... clone3 resumed> => {parent_tid=[7790]}, 88) = 7790 [pid 7790] rt_sigprocmask(SIG_SETMASK, [], [pid 7789] rt_sigprocmask(SIG_SETMASK, [], [pid 7790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7790] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7789] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7789] <... futex resumed>) = 0 [pid 7790] memfd_create("syzkaller", 0 [pid 7789] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7790] <... memfd_create resumed>) = 3 [pid 7790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7790] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7790] close(3) = 0 [pid 7790] mkdir("./file0", 0777) = 0 [ 172.516652][ T7790] loop0: detected capacity change from 0 to 32768 [ 172.530394][ T7790] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7790) [ 172.546817][ T7790] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 172.556420][ T7790] BTRFS info (device loop0): force clearing of disk cache [ 172.563664][ T7790] BTRFS info (device loop0): setting nodatasum [ 172.569893][ T7790] BTRFS info (device loop0): allowing degraded mounts [ 172.576776][ T7790] BTRFS info (device loop0): enabling disk space caching [ 172.583870][ T7790] BTRFS info (device loop0): disk space caching is enabled [ 172.603408][ T7790] BTRFS info (device loop0): enabling ssd optimizations [pid 7790] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7790] chdir("./file0") = 0 [pid 7790] ioctl(4, LOOP_CLR_FD) = 0 [pid 7790] close(4) = 0 [ 172.610478][ T7790] BTRFS info (device loop0): auto enabling async discard [ 172.618493][ T7790] BTRFS info (device loop0): rebuilding free space tree [ 172.629270][ T7790] BTRFS info (device loop0): disabling free space tree [ 172.636419][ T7790] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 172.646141][ T7790] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 172.658846][ T7790] BTRFS info (device loop0): checking UUID tree [pid 7790] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7789] <... futex resumed>) = 0 [pid 7789] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7790] open("./file0", O_RDONLY [pid 7789] <... futex resumed>) = 0 [pid 7790] <... open resumed>) = 4 [pid 7789] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7790] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7789] <... futex resumed>) = 0 [pid 7789] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7790] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7790] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7790] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 7789] <... futex resumed>) = 1 [pid 7790] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7789] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7789] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7790] <... futex resumed>) = 0 [pid 7789] <... futex resumed>) = 1 [pid 7790] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7789] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7789] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7789] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7808]}, 88) = 7808 ./strace-static-x86_64: Process 7808 attached [ 172.729252][ T7790] BTRFS info (device loop0): balance: start -d -m [ 172.738945][ T7790] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 172.760593][ T7790] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7789] rt_sigprocmask(SIG_SETMASK, [], [pid 7808] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7808] <... rseq resumed>) = 0 [pid 7789] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7789] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7808] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7808] open(".", O_RDONLY) = 5 [pid 7808] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7789] <... futex resumed>) = 0 [pid 7808] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7789] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7808] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7789] <... futex resumed>) = 0 [pid 7789] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7808] <... ioctl resumed>) = 0 [pid 7808] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7789] <... futex resumed>) = 0 [ 172.801494][ T7790] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 7808] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7790] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7790] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7789] exit_group(0 [pid 7790] <... futex resumed>) = 0 [pid 7808] <... futex resumed>) = ? [pid 7789] <... exit_group resumed>) = ? [pid 7808] +++ exited with 0 +++ [pid 7790] +++ exited with 0 +++ [pid 7789] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7789, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 [ 172.857209][ T7790] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 172.876787][ T7790] BTRFS info (device loop0): balance: ended with status: 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7809 attached , child_tidptr=0x5555570ad690) = 7809 [pid 7809] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7809] chdir("./137") = 0 [pid 7809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7809] setpgid(0, 0) = 0 [pid 7809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7809] write(3, "1000", 4) = 4 [pid 7809] close(3) = 0 [pid 7809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7809] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7809] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7809] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7810 attached [pid 7810] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7809] <... clone3 resumed> => {parent_tid=[7810]}, 88) = 7810 [pid 7810] <... rseq resumed>) = 0 [pid 7809] rt_sigprocmask(SIG_SETMASK, [], [pid 7810] set_robust_list(0x7f0bd5e299a0, 24 [pid 7809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7810] <... set_robust_list resumed>) = 0 [pid 7809] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7810] rt_sigprocmask(SIG_SETMASK, [], [pid 7809] <... futex resumed>) = 0 [pid 7810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7809] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7810] memfd_create("syzkaller", 0) = 3 [pid 7810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7810] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7810] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7810] close(3) = 0 [pid 7810] mkdir("./file0", 0777) = 0 [ 173.362016][ T7810] loop0: detected capacity change from 0 to 32768 [ 173.387614][ T7810] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7810) [pid 7810] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7810] chdir("./file0") = 0 [pid 7810] ioctl(4, LOOP_CLR_FD) = 0 [pid 7810] close(4) = 0 [ 173.405210][ T7810] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 173.414562][ T7810] BTRFS info (device loop0): force clearing of disk cache [ 173.421689][ T7810] BTRFS info (device loop0): setting nodatasum [ 173.428373][ T7810] BTRFS info (device loop0): allowing degraded mounts [ 173.435306][ T7810] BTRFS info (device loop0): enabling disk space caching [pid 7810] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7809] <... futex resumed>) = 0 [pid 7810] open("./file0", O_RDONLY [pid 7809] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7810] <... open resumed>) = 4 [pid 7810] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7810] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 7809] <... futex resumed>) = 1 [pid 7810] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7809] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7809] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7810] <... futex resumed>) = 0 [pid 7809] <... futex resumed>) = 1 [pid 7810] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7809] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7810] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7810] <... futex resumed>) = 0 [pid 7809] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7810] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7809] <... futex resumed>) = 0 [pid 7809] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7809] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7809] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7828]}, 88) = 7828 [pid 7809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7809] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7809] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7828 attached [pid 7828] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7828] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7828] open(".", O_RDONLY) = 5 [pid 7828] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7809] <... futex resumed>) = 0 [pid 7828] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7809] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7809] <... futex resumed>) = 0 [pid 7828] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7809] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7810] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7810] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7810] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7828] <... ioctl resumed>) = 0 [pid 7828] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7809] <... futex resumed>) = 0 [pid 7828] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7809] exit_group(0 [pid 7828] <... futex resumed>) = ? [pid 7810] <... futex resumed>) = ? [pid 7809] <... exit_group resumed>) = ? [pid 7828] +++ exited with 0 +++ [pid 7810] +++ exited with 0 +++ [pid 7809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7809, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7829 attached , child_tidptr=0x5555570ad690) = 7829 [pid 7829] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7829] chdir("./138") = 0 [pid 7829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7829] setpgid(0, 0) = 0 [pid 7829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7829] write(3, "1000", 4) = 4 [pid 7829] close(3) = 0 [pid 7829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7829] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7829] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7829] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7830 attached [pid 7830] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7829] <... clone3 resumed> => {parent_tid=[7830]}, 88) = 7830 [pid 7830] <... rseq resumed>) = 0 [pid 7829] rt_sigprocmask(SIG_SETMASK, [], [pid 7830] set_robust_list(0x7f0bd5e299a0, 24 [pid 7829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7830] <... set_robust_list resumed>) = 0 [pid 7829] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7830] rt_sigprocmask(SIG_SETMASK, [], [pid 7829] <... futex resumed>) = 0 [pid 7830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7829] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7830] memfd_create("syzkaller", 0) = 3 [pid 7830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7830] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7830] close(3) = 0 [pid 7830] mkdir("./file0", 0777) = 0 [pid 7830] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7830] chdir("./file0") = 0 [pid 7830] ioctl(4, LOOP_CLR_FD) = 0 [ 174.053922][ T7830] loop0: detected capacity change from 0 to 32768 [ 174.063512][ T7830] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7830) [pid 7830] close(4) = 0 [pid 7830] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7829] <... futex resumed>) = 0 [pid 7829] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7830] open("./file0", O_RDONLY [pid 7829] <... futex resumed>) = 0 [pid 7829] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7830] <... open resumed>) = 4 [pid 7830] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7829] <... futex resumed>) = 0 [pid 7830] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7829] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7830] <... futex resumed>) = 0 [pid 7829] <... futex resumed>) = 1 [pid 7830] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7829] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7830] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7830] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7829] <... futex resumed>) = 0 [pid 7829] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7830] <... futex resumed>) = 0 [pid 7829] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7830] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7829] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7829] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7829] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7848 attached [pid 7848] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7829] <... clone3 resumed> => {parent_tid=[7848]}, 88) = 7848 [pid 7848] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7829] rt_sigprocmask(SIG_SETMASK, [], [pid 7848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7848] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7829] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7829] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7848] open(".", O_RDONLY) = 5 [pid 7848] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7829] <... futex resumed>) = 0 [pid 7848] <... futex resumed>) = 1 [pid 7829] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7848] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7829] <... futex resumed>) = 0 [pid 7829] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7848] <... ioctl resumed>) = 0 [pid 7848] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7848] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7829] <... futex resumed>) = 0 [pid 7830] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7830] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7829] exit_group(0 [pid 7830] <... futex resumed>) = 0 [pid 7830] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7848] <... futex resumed>) = ? [pid 7830] <... futex resumed>) = ? [pid 7848] +++ exited with 0 +++ [pid 7830] +++ exited with 0 +++ [pid 7829] <... exit_group resumed>) = ? [pid 7829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7829, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 [ 174.264584][ T7830] _btrfs_printk: 31 callbacks suppressed [ 174.264602][ T7830] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 174.287367][ T7830] BTRFS info (device loop0): balance: ended with status: 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7849 attached , child_tidptr=0x5555570ad690) = 7849 [pid 7849] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7849] chdir("./139") = 0 [pid 7849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7849] setpgid(0, 0) = 0 [pid 7849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7849] write(3, "1000", 4) = 4 [pid 7849] close(3) = 0 [pid 7849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7849] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7849] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7849] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7850 attached => {parent_tid=[7850]}, 88) = 7850 [pid 7850] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7850] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7850] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7849] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7850] <... futex resumed>) = 0 [pid 7850] memfd_create("syzkaller", 0 [pid 7849] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7850] <... memfd_create resumed>) = 3 [pid 7850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7850] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7850] close(3) = 0 [pid 7850] mkdir("./file0", 0777) = 0 [ 174.779216][ T7850] loop0: detected capacity change from 0 to 32768 [ 174.792846][ T7850] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7850) [ 174.810013][ T7850] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 174.819302][ T7850] BTRFS info (device loop0): force clearing of disk cache [ 174.826667][ T7850] BTRFS info (device loop0): setting nodatasum [ 174.832833][ T7850] BTRFS info (device loop0): allowing degraded mounts [ 174.839668][ T7850] BTRFS info (device loop0): enabling disk space caching [ 174.846865][ T7850] BTRFS info (device loop0): disk space caching is enabled [ 174.865863][ T7850] BTRFS info (device loop0): enabling ssd optimizations [ 174.873080][ T7850] BTRFS info (device loop0): auto enabling async discard [ 174.881473][ T7850] BTRFS info (device loop0): rebuilding free space tree [ 174.893243][ T7850] BTRFS info (device loop0): disabling free space tree [ 174.900701][ T7850] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 174.910514][ T7850] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7850] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7850] chdir("./file0") = 0 [pid 7850] ioctl(4, LOOP_CLR_FD) = 0 [pid 7850] close(4) = 0 [pid 7850] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7849] <... futex resumed>) = 0 [pid 7850] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7849] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7849] <... futex resumed>) = 0 [pid 7850] open("./file0", O_RDONLY [pid 7849] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7850] <... open resumed>) = 4 [pid 7850] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7849] <... futex resumed>) = 0 [pid 7850] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7849] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7849] <... futex resumed>) = 0 [pid 7850] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7849] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7850] <... ioctl resumed>) = 0 [pid 7850] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7849] <... futex resumed>) = 0 [pid 7850] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7849] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7849] <... futex resumed>) = 0 [pid 7850] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 174.924239][ T7850] BTRFS info (device loop0): checking UUID tree [pid 7849] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7849] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7849] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7868]}, 88) = 7868 [pid 7849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7849] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7849] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7868 attached [pid 7868] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7868] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7868] open(".", O_RDONLY) = 5 [pid 7868] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7868] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7849] <... futex resumed>) = 0 [pid 7849] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7868] <... futex resumed>) = 0 [pid 7849] <... futex resumed>) = 1 [pid 7868] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 174.974833][ T7850] BTRFS info (device loop0): balance: start -d -m [ 174.985407][ T7850] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 175.012568][ T7850] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7849] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7868] <... ioctl resumed>) = 0 [pid 7868] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7849] <... futex resumed>) = 0 [ 175.091314][ T7850] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 175.121703][ T7850] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7868] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7850] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7850] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7849] exit_group(0 [pid 7868] <... futex resumed>) = ? [pid 7850] <... futex resumed>) = ? [pid 7849] <... exit_group resumed>) = ? [pid 7868] +++ exited with 0 +++ [pid 7850] +++ exited with 0 +++ [pid 7849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7849, si_uid=0, si_status=0, si_utime=0, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 175.138807][ T7850] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7869 attached [pid 7869] set_robust_list(0x5555570ad6a0, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7869 [pid 7869] <... set_robust_list resumed>) = 0 [pid 7869] chdir("./140") = 0 [pid 7869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7869] setpgid(0, 0) = 0 [pid 7869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7869] write(3, "1000", 4) = 4 [pid 7869] close(3) = 0 [pid 7869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7869] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7869] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7869] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7869] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7870 attached [pid 7870] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7869] <... clone3 resumed> => {parent_tid=[7870]}, 88) = 7870 [pid 7870] <... rseq resumed>) = 0 [pid 7869] rt_sigprocmask(SIG_SETMASK, [], [pid 7870] set_robust_list(0x7f0bd5e299a0, 24 [pid 7869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7870] <... set_robust_list resumed>) = 0 [pid 7869] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7870] rt_sigprocmask(SIG_SETMASK, [], [pid 7869] <... futex resumed>) = 0 [pid 7870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7869] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7870] memfd_create("syzkaller", 0) = 3 [pid 7870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7870] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7870] close(3) = 0 [pid 7870] mkdir("./file0", 0777) = 0 [ 175.618730][ T7870] loop0: detected capacity change from 0 to 32768 [ 175.638366][ T7870] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7870) [ 175.654043][ T7870] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 175.663358][ T7870] BTRFS info (device loop0): force clearing of disk cache [ 175.670571][ T7870] BTRFS info (device loop0): setting nodatasum [ 175.676771][ T7870] BTRFS info (device loop0): allowing degraded mounts [ 175.683526][ T7870] BTRFS info (device loop0): enabling disk space caching [ 175.690722][ T7870] BTRFS info (device loop0): disk space caching is enabled [ 175.709759][ T7870] BTRFS info (device loop0): enabling ssd optimizations [ 175.716814][ T7870] BTRFS info (device loop0): auto enabling async discard [ 175.724754][ T7870] BTRFS info (device loop0): rebuilding free space tree [ 175.736712][ T7870] BTRFS info (device loop0): disabling free space tree [ 175.744011][ T7870] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 175.753941][ T7870] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7870] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7870] chdir("./file0") = 0 [pid 7870] ioctl(4, LOOP_CLR_FD) = 0 [pid 7870] close(4) = 0 [pid 7870] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7869] <... futex resumed>) = 0 [ 175.766551][ T7870] BTRFS info (device loop0): checking UUID tree [pid 7869] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7870] open("./file0", O_RDONLY [pid 7869] <... futex resumed>) = 0 [pid 7870] <... open resumed>) = 4 [pid 7869] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7870] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7869] <... futex resumed>) = 0 [pid 7869] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7870] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7869] <... futex resumed>) = 0 [pid 7869] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7870] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7870] <... futex resumed>) = 0 [pid 7869] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7870] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7869] <... futex resumed>) = 0 [pid 7869] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7869] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7869] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7888 attached => {parent_tid=[7888]}, 88) = 7888 [ 175.854668][ T7870] BTRFS info (device loop0): balance: start -d -m [ 175.863390][ T7870] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 175.891181][ T7870] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7888] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7869] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7888] set_robust_list(0x7f0bd5e089a0, 24 [pid 7869] <... futex resumed>) = 0 [pid 7869] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7888] <... set_robust_list resumed>) = 0 [pid 7888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7888] open(".", O_RDONLY) = 5 [pid 7888] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7869] <... futex resumed>) = 0 [pid 7888] <... futex resumed>) = 1 [pid 7869] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7888] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 175.927689][ T7870] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 175.949252][ T7870] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 7869] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7888] <... ioctl resumed>) = 0 [pid 7888] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7869] <... futex resumed>) = 0 [pid 7888] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7870] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7870] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7870] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7869] exit_group(0 [pid 7888] <... futex resumed>) = ? [pid 7870] <... futex resumed>) = ? [pid 7869] <... exit_group resumed>) = ? [pid 7870] +++ exited with 0 +++ [pid 7888] +++ exited with 0 +++ [pid 7869] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7869, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 175.977728][ T7870] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7889 attached [pid 7889] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7889] chdir("./141") = 0 [pid 7889] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7889 [pid 7889] <... prctl resumed>) = 0 [pid 7889] setpgid(0, 0) = 0 [pid 7889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7889] write(3, "1000", 4) = 4 [pid 7889] close(3) = 0 [pid 7889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7889] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7889] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7889] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7890 attached => {parent_tid=[7890]}, 88) = 7890 [pid 7890] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7890] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7890] rt_sigprocmask(SIG_SETMASK, [], [pid 7889] rt_sigprocmask(SIG_SETMASK, [], [pid 7890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7890] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7889] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7889] <... futex resumed>) = 0 [pid 7889] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7890] memfd_create("syzkaller", 0) = 3 [pid 7890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7890] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7890] close(3) = 0 [pid 7890] mkdir("./file0", 0777) = 0 [ 176.478487][ T7890] loop0: detected capacity change from 0 to 32768 [ 176.494181][ T7890] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7890) [ 176.510568][ T7890] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 176.519911][ T7890] BTRFS info (device loop0): force clearing of disk cache [ 176.527070][ T7890] BTRFS info (device loop0): setting nodatasum [ 176.533220][ T7890] BTRFS info (device loop0): allowing degraded mounts [ 176.540050][ T7890] BTRFS info (device loop0): enabling disk space caching [ 176.547125][ T7890] BTRFS info (device loop0): disk space caching is enabled [ 176.567757][ T7890] BTRFS info (device loop0): enabling ssd optimizations [ 176.574776][ T7890] BTRFS info (device loop0): auto enabling async discard [ 176.582819][ T7890] BTRFS info (device loop0): rebuilding free space tree [ 176.594997][ T7890] BTRFS info (device loop0): disabling free space tree [ 176.601976][ T7890] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 176.612048][ T7890] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 7890] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7890] chdir("./file0") = 0 [pid 7890] ioctl(4, LOOP_CLR_FD) = 0 [pid 7890] close(4) = 0 [pid 7890] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7889] <... futex resumed>) = 0 [pid 7890] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7889] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7890] open("./file0", O_RDONLY [pid 7889] <... futex resumed>) = 0 [pid 7889] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7890] <... open resumed>) = 4 [ 176.625279][ T7890] BTRFS info (device loop0): checking UUID tree [pid 7890] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7889] <... futex resumed>) = 0 [pid 7890] <... futex resumed>) = 1 [pid 7889] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7890] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7889] <... futex resumed>) = 0 [pid 7890] <... ioctl resumed>) = 0 [pid 7889] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7890] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7889] <... futex resumed>) = 0 [pid 7890] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7889] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7889] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7889] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7889] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7908 attached => {parent_tid=[7908]}, 88) = 7908 [pid 7889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7908] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7889] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7908] <... rseq resumed>) = 0 [pid 7889] <... futex resumed>) = 0 [pid 7908] set_robust_list(0x7f0bd5e089a0, 24 [pid 7889] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7908] <... set_robust_list resumed>) = 0 [pid 7908] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7908] open(".", O_RDONLY) = 5 [pid 7908] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 176.677809][ T7890] BTRFS info (device loop0): balance: start -d -m [ 176.685524][ T7890] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 176.707285][ T7890] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7908] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7889] <... futex resumed>) = 0 [pid 7889] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7908] <... futex resumed>) = 0 [pid 7889] <... futex resumed>) = 1 [pid 7908] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 176.756341][ T7890] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 7889] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7908] <... ioctl resumed>) = 0 [pid 7908] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7889] <... futex resumed>) = 0 [pid 7908] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7890] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7890] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7889] exit_group(0 [pid 7908] <... futex resumed>) = ? [pid 7890] <... futex resumed>) = ? [pid 7889] <... exit_group resumed>) = ? [pid 7908] +++ exited with 0 +++ [pid 7890] +++ exited with 0 +++ [pid 7889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7889, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 [ 176.808804][ T7890] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 176.835002][ T7890] BTRFS info (device loop0): balance: ended with status: 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7909 attached , child_tidptr=0x5555570ad690) = 7909 [pid 7909] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7909] chdir("./142") = 0 [pid 7909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7909] setpgid(0, 0) = 0 [pid 7909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7909] write(3, "1000", 4) = 4 [pid 7909] close(3) = 0 [pid 7909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7909] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7909] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7909] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7909] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7910 attached [pid 7910] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7909] <... clone3 resumed> => {parent_tid=[7910]}, 88) = 7910 [pid 7910] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7909] rt_sigprocmask(SIG_SETMASK, [], [pid 7910] rt_sigprocmask(SIG_SETMASK, [], [pid 7909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7909] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7910] memfd_create("syzkaller", 0 [pid 7909] <... futex resumed>) = 0 [pid 7910] <... memfd_create resumed>) = 3 [pid 7910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7909] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7910] <... mmap resumed>) = 0x7f0bcda09000 [pid 7910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7910] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7910] close(3) = 0 [pid 7910] mkdir("./file0", 0777) = 0 [ 177.293004][ T7910] loop0: detected capacity change from 0 to 32768 [ 177.307400][ T7910] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7910) [ 177.323053][ T7910] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 177.332388][ T7910] BTRFS info (device loop0): force clearing of disk cache [ 177.339566][ T7910] BTRFS info (device loop0): setting nodatasum [ 177.345808][ T7910] BTRFS info (device loop0): allowing degraded mounts [ 177.352598][ T7910] BTRFS info (device loop0): enabling disk space caching [ 177.359695][ T7910] BTRFS info (device loop0): disk space caching is enabled [ 177.380742][ T7910] BTRFS info (device loop0): enabling ssd optimizations [pid 7910] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7910] chdir("./file0") = 0 [pid 7910] ioctl(4, LOOP_CLR_FD) = 0 [pid 7910] close(4) = 0 [pid 7910] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7909] <... futex resumed>) = 0 [pid 7910] <... futex resumed>) = 1 [pid 7909] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7910] open("./file0", O_RDONLY [pid 7909] <... futex resumed>) = 0 [pid 7910] <... open resumed>) = 4 [pid 7909] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7910] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7910] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7909] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7909] <... futex resumed>) = 0 [pid 7910] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7909] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7910] <... ioctl resumed>) = 0 [pid 7910] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7909] <... futex resumed>) = 0 [pid 7910] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7909] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7909] <... futex resumed>) = 0 [pid 7910] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 177.387928][ T7910] BTRFS info (device loop0): auto enabling async discard [ 177.396093][ T7910] BTRFS info (device loop0): rebuilding free space tree [ 177.407554][ T7910] BTRFS info (device loop0): disabling free space tree [ 177.414531][ T7910] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 177.424272][ T7910] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 177.436896][ T7910] BTRFS info (device loop0): checking UUID tree [pid 7909] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7909] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7909] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7928 attached [ 177.460559][ T7910] BTRFS info (device loop0): balance: start -d -m [ 177.468463][ T7910] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 177.491789][ T7910] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7928] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7909] <... clone3 resumed> => {parent_tid=[7928]}, 88) = 7928 [pid 7909] rt_sigprocmask(SIG_SETMASK, [], [pid 7928] <... rseq resumed>) = 0 [pid 7909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7928] set_robust_list(0x7f0bd5e089a0, 24 [pid 7909] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7928] <... set_robust_list resumed>) = 0 [pid 7909] <... futex resumed>) = 0 [pid 7928] rt_sigprocmask(SIG_SETMASK, [], [pid 7909] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7928] open(".", O_RDONLY) = 5 [pid 7928] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7909] <... futex resumed>) = 0 [pid 7928] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7909] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7909] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7928] <... ioctl resumed>) = 0 [pid 7928] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7909] <... futex resumed>) = 0 [ 177.535094][ T7910] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 7928] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7910] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7910] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7909] exit_group(0 [pid 7910] exit_group(0 [pid 7909] <... exit_group resumed>) = ? [pid 7928] <... futex resumed>) = ? [pid 7928] +++ exited with 0 +++ [pid 7910] +++ exited with 0 +++ [pid 7909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7909, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 [ 177.590203][ T7910] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 177.617245][ T7910] BTRFS info (device loop0): balance: ended with status: 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7929 attached [pid 7929] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7929] chdir("./143") = 0 [pid 7929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7929] setpgid(0, 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7929 [pid 7929] <... setpgid resumed>) = 0 [pid 7929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7929] write(3, "1000", 4) = 4 [pid 7929] close(3) = 0 [pid 7929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7929] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7929] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7929] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7930 attached => {parent_tid=[7930]}, 88) = 7930 [pid 7930] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7929] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7929] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7930] <... rseq resumed>) = 0 [pid 7930] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7930] memfd_create("syzkaller", 0) = 3 [pid 7930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7930] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7930] close(3) = 0 [pid 7930] mkdir("./file0", 0777) = 0 [ 178.071721][ T7930] loop0: detected capacity change from 0 to 32768 [ 178.086674][ T7930] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7930) [ 178.102183][ T7930] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 178.111477][ T7930] BTRFS info (device loop0): force clearing of disk cache [ 178.118689][ T7930] BTRFS info (device loop0): setting nodatasum [ 178.124884][ T7930] BTRFS info (device loop0): allowing degraded mounts [ 178.131655][ T7930] BTRFS info (device loop0): enabling disk space caching [ 178.138768][ T7930] BTRFS info (device loop0): disk space caching is enabled [ 178.158615][ T7930] BTRFS info (device loop0): enabling ssd optimizations [pid 7930] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7930] chdir("./file0") = 0 [pid 7930] ioctl(4, LOOP_CLR_FD) = 0 [pid 7930] close(4) = 0 [pid 7930] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7929] <... futex resumed>) = 0 [pid 7930] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7929] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7930] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7929] <... futex resumed>) = 0 [pid 7929] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 178.165643][ T7930] BTRFS info (device loop0): auto enabling async discard [ 178.173506][ T7930] BTRFS info (device loop0): rebuilding free space tree [ 178.184487][ T7930] BTRFS info (device loop0): disabling free space tree [ 178.191410][ T7930] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 178.201194][ T7930] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 178.214133][ T7930] BTRFS info (device loop0): checking UUID tree [pid 7930] open("./file0", O_RDONLY) = 4 [pid 7930] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7929] <... futex resumed>) = 0 [pid 7930] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7929] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7930] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7929] <... futex resumed>) = 0 [pid 7929] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7930] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7930] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7929] <... futex resumed>) = 0 [pid 7930] <... futex resumed>) = 1 [pid 7929] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7930] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7929] <... futex resumed>) = 0 [pid 7929] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7929] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7929] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 7948 attached [pid 7948] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 7929] <... clone3 resumed> => {parent_tid=[7948]}, 88) = 7948 [pid 7948] <... rseq resumed>) = 0 [pid 7948] set_robust_list(0x7f0bd5e089a0, 24 [pid 7929] rt_sigprocmask(SIG_SETMASK, [], [pid 7948] <... set_robust_list resumed>) = 0 [pid 7948] rt_sigprocmask(SIG_SETMASK, [], [pid 7929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7948] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7929] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7948] open(".", O_RDONLY [pid 7929] <... futex resumed>) = 0 [pid 7929] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7948] <... open resumed>) = 5 [pid 7948] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7929] <... futex resumed>) = 0 [pid 7948] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7929] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7948] <... futex resumed>) = 0 [pid 7929] <... futex resumed>) = 1 [pid 7948] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 178.281559][ T7930] BTRFS info (device loop0): balance: start -d -m [ 178.292846][ T7930] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 178.317864][ T7930] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7929] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7948] <... ioctl resumed>) = 0 [pid 7948] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7929] <... futex resumed>) = 0 [pid 7948] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7930] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7930] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7930] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7929] exit_group(0 [pid 7930] <... futex resumed>) = ? [pid 7929] <... exit_group resumed>) = ? [pid 7948] <... futex resumed>) = ? [pid 7948] +++ exited with 0 +++ [pid 7930] +++ exited with 0 +++ [pid 7929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7929, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- [ 178.375816][ T7930] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 178.397778][ T7930] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 178.415167][ T7930] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ad690) = 7949 ./strace-static-x86_64: Process 7949 attached [pid 7949] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7949] chdir("./144") = 0 [pid 7949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7949] setpgid(0, 0) = 0 [pid 7949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7949] write(3, "1000", 4) = 4 [pid 7949] close(3) = 0 [pid 7949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7949] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7949] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7949] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7949] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7950 attached [pid 7950] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 7949] <... clone3 resumed> => {parent_tid=[7950]}, 88) = 7950 [pid 7950] <... rseq resumed>) = 0 [pid 7949] rt_sigprocmask(SIG_SETMASK, [], [pid 7950] set_robust_list(0x7f0bd5e299a0, 24 [pid 7949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7950] <... set_robust_list resumed>) = 0 [pid 7949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7950] rt_sigprocmask(SIG_SETMASK, [], [pid 7949] <... futex resumed>) = 0 [pid 7950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7950] memfd_create("syzkaller", 0 [pid 7949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7950] <... memfd_create resumed>) = 3 [pid 7950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7950] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7950] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7950] close(3) = 0 [pid 7950] mkdir("./file0", 0777) = 0 [ 178.878503][ T7950] loop0: detected capacity change from 0 to 32768 [ 178.893712][ T7950] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7950) [ 178.909800][ T7950] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 178.919195][ T7950] BTRFS info (device loop0): force clearing of disk cache [pid 7950] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7950] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 178.926410][ T7950] BTRFS info (device loop0): setting nodatasum [pid 7950] chdir("./file0") = 0 [pid 7950] ioctl(4, LOOP_CLR_FD) = 0 [pid 7950] close(4) = 0 [pid 7950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7950] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7949] <... futex resumed>) = 0 [pid 7950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7950] open("./file0", O_RDONLY) = 4 [pid 7949] <... futex resumed>) = 0 [pid 7949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7949] <... futex resumed>) = 0 [pid 7949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7950] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7949] <... futex resumed>) = 0 [pid 7950] <... ioctl resumed>) = 0 [pid 7949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7950] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7949] <... futex resumed>) = 0 [pid 7949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7950] <... futex resumed>) = 0 [pid 7950] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7949] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7949] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7968]}, 88) = 7968 [pid 7949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7949] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7968 attached [pid 7949] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7968] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7968] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7968] open(".", O_RDONLY) = 5 [pid 7968] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7949] <... futex resumed>) = 0 [pid 7968] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7949] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7949] <... futex resumed>) = 0 [pid 7968] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 7949] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7968] <... ioctl resumed>) = 0 [pid 7968] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7949] <... futex resumed>) = 0 [pid 7968] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7950] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7950] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7949] exit_group(0 [pid 7968] <... futex resumed>) = ? [pid 7950] <... futex resumed>) = ? [pid 7968] +++ exited with 0 +++ [pid 7949] <... exit_group resumed>) = ? [pid 7950] +++ exited with 0 +++ [pid 7949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7949, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7969 attached [pid 7969] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7969] chdir("./145" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7969 [pid 7969] <... chdir resumed>) = 0 [pid 7969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7969] setpgid(0, 0) = 0 [pid 7969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7969] write(3, "1000", 4) = 4 [pid 7969] close(3) = 0 [pid 7969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7969] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7969] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7969] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7969] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7970 attached [pid 7970] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7969] <... clone3 resumed> => {parent_tid=[7970]}, 88) = 7970 [pid 7970] set_robust_list(0x7f0bd5e299a0, 24 [pid 7969] rt_sigprocmask(SIG_SETMASK, [], [pid 7970] <... set_robust_list resumed>) = 0 [pid 7969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7970] rt_sigprocmask(SIG_SETMASK, [], [pid 7969] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7969] <... futex resumed>) = 0 [pid 7970] memfd_create("syzkaller", 0 [pid 7969] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7970] <... memfd_create resumed>) = 3 [pid 7970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7970] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7970] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7970] close(3) = 0 [pid 7970] mkdir("./file0", 0777) = 0 [ 179.612478][ T7970] loop0: detected capacity change from 0 to 32768 [ 179.637602][ T7970] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7970) [ 179.653763][ T7970] _btrfs_printk: 16 callbacks suppressed [ 179.653777][ T7970] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 179.668819][ T7970] BTRFS info (device loop0): force clearing of disk cache [ 179.676096][ T7970] BTRFS info (device loop0): setting nodatasum [ 179.682277][ T7970] BTRFS info (device loop0): allowing degraded mounts [ 179.689095][ T7970] BTRFS info (device loop0): enabling disk space caching [ 179.696280][ T7970] BTRFS info (device loop0): disk space caching is enabled [ 179.715334][ T7970] BTRFS info (device loop0): enabling ssd optimizations [ 179.722305][ T7970] BTRFS info (device loop0): auto enabling async discard [ 179.730792][ T7970] BTRFS info (device loop0): rebuilding free space tree [ 179.742397][ T7970] BTRFS info (device loop0): disabling free space tree [ 179.749430][ T7970] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 7970] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7970] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7970] chdir("./file0") = 0 [pid 7970] ioctl(4, LOOP_CLR_FD) = 0 [pid 7970] close(4) = 0 [pid 7970] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7969] <... futex resumed>) = 0 [pid 7970] open("./file0", O_RDONLY [pid 7969] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7970] <... open resumed>) = 4 [pid 7969] <... futex resumed>) = 0 [pid 7969] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7970] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7969] <... futex resumed>) = 0 [pid 7969] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7970] <... futex resumed>) = 1 [pid 7969] <... futex resumed>) = 0 [pid 7970] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7969] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7970] <... ioctl resumed>) = 0 [pid 7970] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7970] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7969] <... futex resumed>) = 0 [pid 7969] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 179.759117][ T7970] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 179.772080][ T7970] BTRFS info (device loop0): checking UUID tree [pid 7969] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7970] <... futex resumed>) = 0 [pid 7970] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7969] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7969] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7969] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7969] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[7988]}, 88) = 7988 [pid 7969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7969] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7969] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7988 attached [pid 7988] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 7988] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 7988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7988] open(".", O_RDONLY) = 5 [pid 7988] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7969] <... futex resumed>) = 0 [pid 7988] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7969] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7988] <... futex resumed>) = 0 [pid 7969] <... futex resumed>) = 1 [pid 7988] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 179.840908][ T7970] BTRFS info (device loop0): balance: start -d -m [ 179.850126][ T7970] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 179.880756][ T7970] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7969] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7988] <... ioctl resumed>) = 0 [pid 7988] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7969] <... futex resumed>) = 0 [pid 7988] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7970] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7970] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7970] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7969] exit_group(0 [pid 7988] <... futex resumed>) = ? [pid 7970] <... futex resumed>) = ? [pid 7988] +++ exited with 0 +++ [pid 7970] +++ exited with 0 +++ [pid 7969] <... exit_group resumed>) = ? [pid 7969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7969, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 179.945491][ T7970] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 179.966414][ T7970] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 179.983590][ T7970] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7989 attached [pid 7989] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 7989] chdir("./146") = 0 [pid 7989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 7989 [pid 7989] setpgid(0, 0) = 0 [pid 7989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7989] write(3, "1000", 4) = 4 [pid 7989] close(3) = 0 [pid 7989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7989] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7989] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 7989] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 7989] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 7990 attached [pid 7990] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 7990] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 7990] rt_sigprocmask(SIG_SETMASK, [], [pid 7989] <... clone3 resumed> => {parent_tid=[7990]}, 88) = 7990 [pid 7990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7989] rt_sigprocmask(SIG_SETMASK, [], [pid 7990] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7989] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7990] <... futex resumed>) = 0 [pid 7989] <... futex resumed>) = 1 [pid 7990] memfd_create("syzkaller", 0 [pid 7989] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7990] <... memfd_create resumed>) = 3 [pid 7990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 7990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7990] munmap(0x7f0bcda09000, 138412032) = 0 [pid 7990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7990] close(3) = 0 [pid 7990] mkdir("./file0", 0777) = 0 [ 180.492244][ T7990] loop0: detected capacity change from 0 to 32768 [ 180.507495][ T7990] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (7990) [ 180.523267][ T7990] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 180.532860][ T7990] BTRFS info (device loop0): force clearing of disk cache [ 180.540034][ T7990] BTRFS info (device loop0): setting nodatasum [ 180.546220][ T7990] BTRFS info (device loop0): allowing degraded mounts [ 180.552978][ T7990] BTRFS info (device loop0): enabling disk space caching [ 180.560040][ T7990] BTRFS info (device loop0): disk space caching is enabled [ 180.579707][ T7990] BTRFS info (device loop0): enabling ssd optimizations [pid 7990] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 7990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7990] chdir("./file0") = 0 [pid 7990] ioctl(4, LOOP_CLR_FD) = 0 [pid 7990] close(4) = 0 [pid 7990] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7989] <... futex resumed>) = 0 [pid 7990] open("./file0", O_RDONLY [pid 7989] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7990] <... open resumed>) = 4 [pid 7989] <... futex resumed>) = 0 [ 180.586748][ T7990] BTRFS info (device loop0): auto enabling async discard [ 180.594840][ T7990] BTRFS info (device loop0): rebuilding free space tree [ 180.606055][ T7990] BTRFS info (device loop0): disabling free space tree [ 180.612947][ T7990] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 180.622869][ T7990] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 180.635663][ T7990] BTRFS info (device loop0): checking UUID tree [pid 7989] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7990] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7989] <... futex resumed>) = 0 [pid 7990] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 7989] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7990] <... ioctl resumed>) = 0 [pid 7989] <... futex resumed>) = 0 [pid 7990] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7989] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7990] <... futex resumed>) = 0 [pid 7989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7990] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7989] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7989] <... futex resumed>) = 0 [pid 7990] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7989] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7989] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 7989] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8008]}, 88) = 8008 [pid 7989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7989] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7989] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8008 attached [pid 8008] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8008] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8008] open(".", O_RDONLY) = 5 [pid 8008] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7989] <... futex resumed>) = 0 [pid 8008] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7989] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7989] <... futex resumed>) = 0 [pid 8008] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 180.686185][ T7990] BTRFS info (device loop0): balance: start -d -m [ 180.693906][ T7990] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 180.725356][ T7990] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 7989] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8008] <... ioctl resumed>) = 0 [pid 8008] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7989] <... futex resumed>) = 0 [pid 8008] <... futex resumed>) = 1 [pid 8008] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7990] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7990] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7990] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7989] exit_group(0 [pid 8008] <... futex resumed>) = ? [pid 8008] +++ exited with 0 +++ [pid 7989] <... exit_group resumed>) = ? [pid 7990] <... futex resumed>) = ? [pid 7990] +++ exited with 0 +++ [pid 7989] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7989, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 180.808680][ T7990] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 180.830518][ T7990] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 180.848938][ T7990] BTRFS info (device loop0): balance: ended with status: 0 umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ad690) = 8009 ./strace-static-x86_64: Process 8009 attached [pid 8009] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8009] chdir("./147") = 0 [pid 8009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8009] setpgid(0, 0) = 0 [pid 8009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8009] write(3, "1000", 4) = 4 [pid 8009] close(3) = 0 [pid 8009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8009] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8009] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8009] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8010 attached [pid 8010] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8009] <... clone3 resumed> => {parent_tid=[8010]}, 88) = 8010 [pid 8010] set_robust_list(0x7f0bd5e299a0, 24 [pid 8009] rt_sigprocmask(SIG_SETMASK, [], [pid 8010] <... set_robust_list resumed>) = 0 [pid 8009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8010] rt_sigprocmask(SIG_SETMASK, [], [pid 8009] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8009] <... futex resumed>) = 0 [pid 8010] memfd_create("syzkaller", 0 [pid 8009] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8010] <... memfd_create resumed>) = 3 [pid 8010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8010] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8010] close(3) = 0 [pid 8010] mkdir("./file0", 0777) = 0 [ 181.347544][ T8010] loop0: detected capacity change from 0 to 32768 [ 181.361579][ T8010] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8010) [ 181.376658][ T8010] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 181.385973][ T8010] BTRFS info (device loop0): force clearing of disk cache [ 181.393073][ T8010] BTRFS info (device loop0): setting nodatasum [ 181.399299][ T8010] BTRFS info (device loop0): allowing degraded mounts [ 181.406143][ T8010] BTRFS info (device loop0): enabling disk space caching [ 181.413175][ T8010] BTRFS info (device loop0): disk space caching is enabled [ 181.432123][ T8010] BTRFS info (device loop0): enabling ssd optimizations [ 181.439195][ T8010] BTRFS info (device loop0): auto enabling async discard [pid 8010] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8010] chdir("./file0") = 0 [pid 8010] ioctl(4, LOOP_CLR_FD) = 0 [ 181.448060][ T8010] BTRFS info (device loop0): rebuilding free space tree [ 181.458932][ T8010] BTRFS info (device loop0): disabling free space tree [ 181.466174][ T8010] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 181.476102][ T8010] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 181.488622][ T8010] BTRFS info (device loop0): checking UUID tree [pid 8010] close(4) = 0 [pid 8010] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8009] <... futex resumed>) = 0 [pid 8010] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8009] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8009] <... futex resumed>) = 0 [pid 8010] open("./file0", O_RDONLY [pid 8009] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8010] <... open resumed>) = 4 [pid 8010] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8009] <... futex resumed>) = 0 [pid 8010] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8009] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8010] <... futex resumed>) = 0 [pid 8009] <... futex resumed>) = 1 [pid 8010] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8009] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8010] <... ioctl resumed>) = 0 [pid 8010] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8009] <... futex resumed>) = 0 [pid 8010] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8009] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8009] <... futex resumed>) = 0 [pid 8009] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8010] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8009] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8009] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8028 attached => {parent_tid=[8028]}, 88) = 8028 [pid 8009] rt_sigprocmask(SIG_SETMASK, [], [pid 8028] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8028] set_robust_list(0x7f0bd5e089a0, 24) = 0 [ 181.553491][ T8010] BTRFS info (device loop0): balance: start -d -m [ 181.566250][ T8010] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 181.590526][ T8010] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8028] rt_sigprocmask(SIG_SETMASK, [], [pid 8009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8009] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8009] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8028] open(".", O_RDONLY) = 5 [pid 8028] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8009] <... futex resumed>) = 0 [pid 8028] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8009] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8009] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8028] <... ioctl resumed>) = 0 [pid 8028] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8009] <... futex resumed>) = 0 [ 181.633699][ T8010] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8028] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8010] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8010] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8010] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8009] exit_group(0 [pid 8028] <... futex resumed>) = ? [pid 8028] +++ exited with 0 +++ [pid 8009] <... exit_group resumed>) = ? [pid 8010] <... futex resumed>) = ? [pid 8010] +++ exited with 0 +++ [pid 8009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8009, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 181.696909][ T8010] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 181.722226][ T8010] BTRFS info (device loop0): balance: ended with status: 0 unlink("./147/binderfs") = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8029 attached [pid 8029] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8029] chdir("./148") = 0 [pid 8029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8029 [pid 8029] setpgid(0, 0) = 0 [pid 8029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8029] write(3, "1000", 4) = 4 [pid 8029] close(3) = 0 [pid 8029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8029] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8029] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8029] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8030 attached [pid 8030] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8029] <... clone3 resumed> => {parent_tid=[8030]}, 88) = 8030 [pid 8030] set_robust_list(0x7f0bd5e299a0, 24 [pid 8029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8030] <... set_robust_list resumed>) = 0 [pid 8029] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8030] rt_sigprocmask(SIG_SETMASK, [], [pid 8029] <... futex resumed>) = 0 [pid 8030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8030] memfd_create("syzkaller", 0) = 3 [pid 8029] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8030] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8030] close(3) = 0 [pid 8030] mkdir("./file0", 0777) = 0 [ 182.201042][ T8030] loop0: detected capacity change from 0 to 32768 [ 182.226047][ T8030] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8030) [ 182.242097][ T8030] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 182.251389][ T8030] BTRFS info (device loop0): force clearing of disk cache [ 182.258533][ T8030] BTRFS info (device loop0): setting nodatasum [ 182.264783][ T8030] BTRFS info (device loop0): allowing degraded mounts [ 182.271560][ T8030] BTRFS info (device loop0): enabling disk space caching [ 182.278617][ T8030] BTRFS info (device loop0): disk space caching is enabled [ 182.297788][ T8030] BTRFS info (device loop0): enabling ssd optimizations [ 182.304792][ T8030] BTRFS info (device loop0): auto enabling async discard [ 182.312415][ T8030] BTRFS info (device loop0): rebuilding free space tree [ 182.323344][ T8030] BTRFS info (device loop0): disabling free space tree [ 182.330990][ T8030] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 182.340852][ T8030] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8030] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8030] chdir("./file0") = 0 [pid 8030] ioctl(4, LOOP_CLR_FD) = 0 [pid 8030] close(4) = 0 [ 182.353687][ T8030] BTRFS info (device loop0): checking UUID tree [pid 8030] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8029] <... futex resumed>) = 0 [pid 8029] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8030] open("./file0", O_RDONLY [pid 8029] <... futex resumed>) = 0 [pid 8030] <... open resumed>) = 4 [pid 8030] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8029] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8030] <... futex resumed>) = 0 [pid 8030] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8029] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8030] <... futex resumed>) = 0 [pid 8030] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8029] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8030] <... ioctl resumed>) = 0 [pid 8030] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8029] <... futex resumed>) = 0 [pid 8030] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8029] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8029] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8029] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8029] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 182.459059][ T8030] BTRFS info (device loop0): balance: start -d -m [ 182.468952][ T8030] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 182.492614][ T8030] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8048 attached [pid 8048] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8029] <... clone3 resumed> => {parent_tid=[8048]}, 88) = 8048 [pid 8048] <... rseq resumed>) = 0 [pid 8029] rt_sigprocmask(SIG_SETMASK, [], [pid 8048] set_robust_list(0x7f0bd5e089a0, 24 [pid 8029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8048] <... set_robust_list resumed>) = 0 [pid 8029] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8048] rt_sigprocmask(SIG_SETMASK, [], [pid 8029] <... futex resumed>) = 0 [pid 8029] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8048] open(".", O_RDONLY) = 5 [pid 8048] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8048] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8029] <... futex resumed>) = 0 [pid 8048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8029] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8048] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8029] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8048] <... ioctl resumed>) = 0 [pid 8048] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8029] <... futex resumed>) = 0 [ 182.528391][ T8030] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 182.566646][ T8030] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8048] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8030] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8030] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8029] exit_group(0 [pid 8030] <... futex resumed>) = ? [pid 8048] <... futex resumed>) = ? [pid 8029] <... exit_group resumed>) = ? [pid 8030] +++ exited with 0 +++ [pid 8048] +++ exited with 0 +++ [pid 8029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8029, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 182.584761][ T8030] BTRFS info (device loop0): balance: ended with status: 0 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8049 attached , child_tidptr=0x5555570ad690) = 8049 [pid 8049] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8049] chdir("./149") = 0 [pid 8049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8049] setpgid(0, 0) = 0 [pid 8049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8049] write(3, "1000", 4) = 4 [pid 8049] close(3) = 0 [pid 8049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8049] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8049] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8049] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8050 attached [pid 8050] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8049] <... clone3 resumed> => {parent_tid=[8050]}, 88) = 8050 [pid 8050] <... rseq resumed>) = 0 [pid 8050] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8050] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8049] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8050] <... futex resumed>) = 0 [pid 8049] <... futex resumed>) = 1 [pid 8050] memfd_create("syzkaller", 0 [pid 8049] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8050] <... memfd_create resumed>) = 3 [pid 8050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8050] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8050] close(3) = 0 [pid 8050] mkdir("./file0", 0777) = 0 [ 183.088672][ T8050] loop0: detected capacity change from 0 to 32768 [ 183.103060][ T8050] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8050) [ 183.118937][ T8050] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 183.128272][ T8050] BTRFS info (device loop0): force clearing of disk cache [ 183.135479][ T8050] BTRFS info (device loop0): setting nodatasum [ 183.141653][ T8050] BTRFS info (device loop0): allowing degraded mounts [ 183.148498][ T8050] BTRFS info (device loop0): enabling disk space caching [ 183.155580][ T8050] BTRFS info (device loop0): disk space caching is enabled [ 183.175114][ T8050] BTRFS info (device loop0): enabling ssd optimizations [ 183.182088][ T8050] BTRFS info (device loop0): auto enabling async discard [pid 8050] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8050] chdir("./file0") = 0 [pid 8050] ioctl(4, LOOP_CLR_FD) = 0 [pid 8050] close(4) = 0 [pid 8050] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8050] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8049] <... futex resumed>) = 0 [pid 8049] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8049] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8050] open("./file0", O_RDONLY) = 4 [ 183.190533][ T8050] BTRFS info (device loop0): rebuilding free space tree [ 183.201749][ T8050] BTRFS info (device loop0): disabling free space tree [ 183.208791][ T8050] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 183.218509][ T8050] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 183.231399][ T8050] BTRFS info (device loop0): checking UUID tree [pid 8050] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8049] <... futex resumed>) = 0 [pid 8050] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8049] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8050] <... ioctl resumed>) = 0 [pid 8049] <... futex resumed>) = 0 [pid 8050] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8049] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8050] <... futex resumed>) = 0 [pid 8049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8050] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8049] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8050] <... futex resumed>) = 0 [pid 8049] <... futex resumed>) = 1 [pid 8050] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8049] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8049] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8049] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8068]}, 88) = 8068 [pid 8049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8049] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8049] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8068 attached [pid 8068] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8068] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8068] open(".", O_RDONLY) = 5 [pid 8068] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8049] <... futex resumed>) = 0 [pid 8068] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8049] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 183.303812][ T8050] BTRFS info (device loop0): balance: start -d -m [ 183.313691][ T8050] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 183.335531][ T8050] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8049] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8068] <... ioctl resumed>) = 0 [pid 8068] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8049] <... futex resumed>) = 0 [pid 8068] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8050] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8050] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8050] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8049] exit_group(0 [pid 8068] <... futex resumed>) = ? [pid 8050] <... futex resumed>) = ? [pid 8049] <... exit_group resumed>) = ? [pid 8068] +++ exited with 0 +++ [pid 8050] +++ exited with 0 +++ [pid 8049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8049, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 183.408650][ T8050] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 183.428955][ T8050] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 183.447322][ T8050] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8069 attached , child_tidptr=0x5555570ad690) = 8069 [pid 8069] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8069] chdir("./150") = 0 [pid 8069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8069] setpgid(0, 0) = 0 [pid 8069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8069] write(3, "1000", 4) = 4 [pid 8069] close(3) = 0 [pid 8069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8069] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8069] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8069] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8070 attached [pid 8070] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8069] <... clone3 resumed> => {parent_tid=[8070]}, 88) = 8070 [pid 8070] set_robust_list(0x7f0bd5e299a0, 24 [pid 8069] rt_sigprocmask(SIG_SETMASK, [], [pid 8070] <... set_robust_list resumed>) = 0 [pid 8069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8069] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8070] memfd_create("syzkaller", 0 [pid 8069] <... futex resumed>) = 0 [pid 8069] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8070] <... memfd_create resumed>) = 3 [pid 8070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8070] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8070] close(3) = 0 [pid 8070] mkdir("./file0", 0777) = 0 [ 183.978587][ T8070] loop0: detected capacity change from 0 to 32768 [ 183.998537][ T8070] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8070) [ 184.015096][ T8070] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8070] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8070] chdir("./file0") = 0 [pid 8070] ioctl(4, LOOP_CLR_FD) = 0 [pid 8070] close(4) = 0 [pid 8070] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8069] <... futex resumed>) = 0 [pid 8070] <... futex resumed>) = 1 [ 184.024371][ T8070] BTRFS info (device loop0): force clearing of disk cache [ 184.031475][ T8070] BTRFS info (device loop0): setting nodatasum [ 184.037694][ T8070] BTRFS info (device loop0): allowing degraded mounts [ 184.044511][ T8070] BTRFS info (device loop0): enabling disk space caching [pid 8070] open("./file0", O_RDONLY [pid 8069] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8070] <... open resumed>) = 4 [pid 8069] <... futex resumed>) = 0 [pid 8070] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8069] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8070] <... futex resumed>) = 0 [pid 8069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8070] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8069] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8069] <... futex resumed>) = 0 [pid 8070] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8069] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8070] <... ioctl resumed>) = 0 [pid 8070] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8069] <... futex resumed>) = 0 [pid 8070] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8069] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8069] <... futex resumed>) = 0 [pid 8070] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8069] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8069] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8069] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8088 attached [pid 8088] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8069] <... clone3 resumed> => {parent_tid=[8088]}, 88) = 8088 [pid 8088] <... rseq resumed>) = 0 [pid 8069] rt_sigprocmask(SIG_SETMASK, [], [pid 8088] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8088] rt_sigprocmask(SIG_SETMASK, [], [pid 8069] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8088] open(".", O_RDONLY [pid 8069] <... futex resumed>) = 0 [pid 8088] <... open resumed>) = 5 [pid 8069] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8088] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8088] <... futex resumed>) = 0 [pid 8069] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8088] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8069] <... futex resumed>) = 0 [pid 8069] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8088] <... ioctl resumed>) = 0 [pid 8088] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8069] <... futex resumed>) = 0 [pid 8088] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8070] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8070] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8069] exit_group(0 [pid 8088] <... futex resumed>) = ? [pid 8069] <... exit_group resumed>) = ? [pid 8088] +++ exited with 0 +++ [pid 8070] +++ exited with 0 +++ [pid 8069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8069, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ad690) = 8089 ./strace-static-x86_64: Process 8089 attached [pid 8089] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8089] chdir("./151") = 0 [pid 8089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8089] setpgid(0, 0) = 0 [pid 8089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8089] write(3, "1000", 4) = 4 [pid 8089] close(3) = 0 [pid 8089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8089] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8089] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8089] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8090 attached [pid 8090] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8089] <... clone3 resumed> => {parent_tid=[8090]}, 88) = 8090 [pid 8090] <... rseq resumed>) = 0 [pid 8089] rt_sigprocmask(SIG_SETMASK, [], [pid 8090] set_robust_list(0x7f0bd5e299a0, 24 [pid 8089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8090] <... set_robust_list resumed>) = 0 [pid 8090] rt_sigprocmask(SIG_SETMASK, [], [pid 8089] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8089] <... futex resumed>) = 0 [pid 8090] memfd_create("syzkaller", 0 [pid 8089] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8090] <... memfd_create resumed>) = 3 [pid 8090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8090] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8090] close(3) = 0 [pid 8090] mkdir("./file0", 0777) = 0 [pid 8090] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8090] chdir("./file0") = 0 [pid 8090] ioctl(4, LOOP_CLR_FD) = 0 [ 184.581640][ T8090] loop0: detected capacity change from 0 to 32768 [ 184.591220][ T8090] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8090) [pid 8090] close(4) = 0 [pid 8090] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8089] <... futex resumed>) = 0 [pid 8090] <... futex resumed>) = 1 [pid 8089] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8090] open("./file0", O_RDONLY [pid 8089] <... futex resumed>) = 0 [pid 8090] <... open resumed>) = 4 [pid 8089] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8090] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8089] <... futex resumed>) = 0 [pid 8089] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8090] <... futex resumed>) = 1 [pid 8089] <... futex resumed>) = 0 [pid 8089] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8090] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8090] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8089] <... futex resumed>) = 0 [pid 8089] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8090] <... futex resumed>) = 1 [pid 8089] <... futex resumed>) = 0 [pid 8090] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8089] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8089] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8089] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8108]}, 88) = 8108 [pid 8089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8089] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8108 attached [pid 8108] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8089] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8108] <... rseq resumed>) = 0 [pid 8108] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8108] open(".", O_RDONLY) = 5 [pid 8108] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8089] <... futex resumed>) = 0 [pid 8108] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8089] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 184.675546][ T8090] _btrfs_printk: 27 callbacks suppressed [ 184.675562][ T8090] BTRFS info (device loop0): balance: start -d -m [ 184.689332][ T8090] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 184.712224][ T8090] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8089] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8108] <... ioctl resumed>) = 0 [pid 8108] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8089] <... futex resumed>) = 0 [pid 8108] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8090] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8090] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8090] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8089] exit_group(0 [pid 8108] <... futex resumed>) = ? [pid 8090] <... futex resumed>) = ? [pid 8089] <... exit_group resumed>) = ? [pid 8108] +++ exited with 0 +++ [pid 8090] +++ exited with 0 +++ [pid 8089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8089, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 184.789359][ T8090] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 184.810468][ T8090] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 184.828768][ T8090] BTRFS info (device loop0): balance: ended with status: 0 umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8109 attached , child_tidptr=0x5555570ad690) = 8109 [pid 8109] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8109] chdir("./152") = 0 [pid 8109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8109] setpgid(0, 0) = 0 [pid 8109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8109] write(3, "1000", 4) = 4 [pid 8109] close(3) = 0 [pid 8109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8109] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8109] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8109] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8109] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8110 attached [pid 8110] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8109] <... clone3 resumed> => {parent_tid=[8110]}, 88) = 8110 [pid 8110] <... rseq resumed>) = 0 [pid 8109] rt_sigprocmask(SIG_SETMASK, [], [pid 8110] set_robust_list(0x7f0bd5e299a0, 24 [pid 8109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8110] <... set_robust_list resumed>) = 0 [pid 8109] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8110] rt_sigprocmask(SIG_SETMASK, [], [pid 8109] <... futex resumed>) = 0 [pid 8110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8109] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8110] memfd_create("syzkaller", 0) = 3 [pid 8110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8110] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8110] close(3) = 0 [pid 8110] mkdir("./file0", 0777) = 0 [ 185.346396][ T8110] loop0: detected capacity change from 0 to 32768 [ 185.370486][ T8110] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8110) [ 185.387269][ T8110] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 185.396691][ T8110] BTRFS info (device loop0): force clearing of disk cache [ 185.403919][ T8110] BTRFS info (device loop0): setting nodatasum [ 185.410115][ T8110] BTRFS info (device loop0): allowing degraded mounts [ 185.417045][ T8110] BTRFS info (device loop0): enabling disk space caching [ 185.424105][ T8110] BTRFS info (device loop0): disk space caching is enabled [ 185.443103][ T8110] BTRFS info (device loop0): enabling ssd optimizations [ 185.450357][ T8110] BTRFS info (device loop0): auto enabling async discard [ 185.458322][ T8110] BTRFS info (device loop0): rebuilding free space tree [ 185.468991][ T8110] BTRFS info (device loop0): disabling free space tree [ 185.476032][ T8110] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 185.485767][ T8110] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8110] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8110] chdir("./file0") = 0 [pid 8110] ioctl(4, LOOP_CLR_FD) = 0 [pid 8110] close(4) = 0 [pid 8110] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8109] <... futex resumed>) = 0 [pid 8109] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8110] <... futex resumed>) = 1 [pid 8109] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8110] open("./file0", O_RDONLY) = 4 [pid 8110] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8109] <... futex resumed>) = 0 [pid 8109] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8110] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8109] <... futex resumed>) = 0 [pid 8110] <... ioctl resumed>) = 0 [ 185.498341][ T8110] BTRFS info (device loop0): checking UUID tree [pid 8109] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8110] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8109] <... futex resumed>) = 0 [pid 8110] <... futex resumed>) = 1 [pid 8109] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8110] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8109] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8109] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8109] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8128]}, 88) = 8128 [pid 8109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8109] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8109] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8128 attached [pid 8128] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8128] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8128] open(".", O_RDONLY) = 5 [pid 8128] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8109] <... futex resumed>) = 0 [ 185.566940][ T8110] BTRFS info (device loop0): balance: start -d -m [ 185.574719][ T8110] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 185.595362][ T8110] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8128] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8109] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8109] <... futex resumed>) = 0 [pid 8128] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8109] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8128] <... ioctl resumed>) = 0 [pid 8128] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8109] <... futex resumed>) = 0 [ 185.650751][ T8110] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8128] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8110] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8110] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8110] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8109] exit_group(0 [pid 8128] <... futex resumed>) = ? [pid 8128] +++ exited with 0 +++ [pid 8109] <... exit_group resumed>) = ? [pid 8110] <... futex resumed>) = ? [pid 8110] +++ exited with 0 +++ [pid 8109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8109, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- [ 185.697207][ T8110] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 185.714550][ T8110] BTRFS info (device loop0): balance: ended with status: 0 umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8129 attached [pid 8129] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8129] chdir("./153") = 0 [pid 8129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8129 [pid 8129] setpgid(0, 0) = 0 [pid 8129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8129] write(3, "1000", 4) = 4 [pid 8129] close(3) = 0 [pid 8129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8129] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8129] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8129] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8130 attached => {parent_tid=[8130]}, 88) = 8130 [pid 8130] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8130] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8130] rt_sigprocmask(SIG_SETMASK, [], [pid 8129] rt_sigprocmask(SIG_SETMASK, [], [pid 8130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8130] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8129] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8129] <... futex resumed>) = 0 [pid 8130] memfd_create("syzkaller", 0 [pid 8129] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8130] <... memfd_create resumed>) = 3 [pid 8130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8130] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8130] close(3) = 0 [pid 8130] mkdir("./file0", 0777) = 0 [ 186.226106][ T8130] loop0: detected capacity change from 0 to 32768 [ 186.246245][ T8130] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8130) [ 186.262046][ T8130] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 186.271420][ T8130] BTRFS info (device loop0): force clearing of disk cache [ 186.278713][ T8130] BTRFS info (device loop0): setting nodatasum [ 186.284930][ T8130] BTRFS info (device loop0): allowing degraded mounts [ 186.291690][ T8130] BTRFS info (device loop0): enabling disk space caching [ 186.298763][ T8130] BTRFS info (device loop0): disk space caching is enabled [ 186.318455][ T8130] BTRFS info (device loop0): enabling ssd optimizations [ 186.325462][ T8130] BTRFS info (device loop0): auto enabling async discard [ 186.333637][ T8130] BTRFS info (device loop0): rebuilding free space tree [ 186.344508][ T8130] BTRFS info (device loop0): disabling free space tree [ 186.351430][ T8130] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 186.361297][ T8130] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8130] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8130] chdir("./file0") = 0 [pid 8130] ioctl(4, LOOP_CLR_FD) = 0 [pid 8130] close(4) = 0 [pid 8130] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8129] <... futex resumed>) = 0 [pid 8130] <... futex resumed>) = 1 [pid 8129] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8130] open("./file0", O_RDONLY [pid 8129] <... futex resumed>) = 0 [pid 8130] <... open resumed>) = 4 [pid 8129] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8130] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8129] <... futex resumed>) = 0 [pid 8130] <... futex resumed>) = 1 [pid 8129] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8130] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8129] <... futex resumed>) = 0 [pid 8129] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8130] <... ioctl resumed>) = 0 [pid 8130] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8129] <... futex resumed>) = 0 [pid 8129] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8130] <... futex resumed>) = 1 [pid 8129] <... futex resumed>) = 0 [pid 8130] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 186.374425][ T8130] BTRFS info (device loop0): checking UUID tree [pid 8129] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8129] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8129] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8148 attached => {parent_tid=[8148]}, 88) = 8148 [ 186.401133][ T8130] BTRFS info (device loop0): balance: start -d -m [ 186.409162][ T8130] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 186.431710][ T8130] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8129] rt_sigprocmask(SIG_SETMASK, [], [pid 8148] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8148] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8148] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8129] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8148] <... futex resumed>) = 0 [pid 8129] <... futex resumed>) = 1 [pid 8148] open(".", O_RDONLY [pid 8129] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8148] <... open resumed>) = 5 [pid 8148] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8129] <... futex resumed>) = 0 [pid 8129] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8129] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8148] <... futex resumed>) = 1 [ 186.477998][ T8130] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8148] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 8129] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8148] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8148] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8130] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8130] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8130] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8129] exit_group(0 [pid 8148] <... futex resumed>) = ? [pid 8148] +++ exited with 0 +++ [pid 8130] <... futex resumed>) = ? [pid 8129] <... exit_group resumed>) = ? [pid 8130] +++ exited with 0 +++ [pid 8129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8129, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 186.533170][ T8130] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 186.559488][ T8130] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8149 attached , child_tidptr=0x5555570ad690) = 8149 [pid 8149] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8149] chdir("./154") = 0 [pid 8149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8149] setpgid(0, 0) = 0 [pid 8149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8149] write(3, "1000", 4) = 4 [pid 8149] close(3) = 0 [pid 8149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8149] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8149] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8149] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8150 attached [pid 8150] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8149] <... clone3 resumed> => {parent_tid=[8150]}, 88) = 8150 [pid 8149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8149] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8150] <... rseq resumed>) = 0 [pid 8149] <... futex resumed>) = 0 [pid 8150] set_robust_list(0x7f0bd5e299a0, 24 [pid 8149] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8150] <... set_robust_list resumed>) = 0 [pid 8150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8150] memfd_create("syzkaller", 0) = 3 [pid 8150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8150] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8150] close(3) = 0 [pid 8150] mkdir("./file0", 0777) = 0 [ 187.091077][ T8150] loop0: detected capacity change from 0 to 32768 [ 187.106155][ T8150] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8150) [ 187.121842][ T8150] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 187.131174][ T8150] BTRFS info (device loop0): force clearing of disk cache [ 187.138408][ T8150] BTRFS info (device loop0): setting nodatasum [ 187.144622][ T8150] BTRFS info (device loop0): allowing degraded mounts [ 187.151411][ T8150] BTRFS info (device loop0): enabling disk space caching [ 187.158520][ T8150] BTRFS info (device loop0): disk space caching is enabled [ 187.177670][ T8150] BTRFS info (device loop0): enabling ssd optimizations [ 187.184731][ T8150] BTRFS info (device loop0): auto enabling async discard [pid 8150] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8150] chdir("./file0") = 0 [pid 8150] ioctl(4, LOOP_CLR_FD) = 0 [pid 8150] close(4) = 0 [pid 8150] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8149] <... futex resumed>) = 0 [pid 8150] <... futex resumed>) = 1 [pid 8149] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8150] open("./file0", O_RDONLY) = 4 [pid 8150] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8149] <... futex resumed>) = 0 [pid 8150] <... futex resumed>) = 0 [pid 8149] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 8150] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8149] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8150] <... ioctl resumed>) = 0 [pid 8149] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 187.192626][ T8150] BTRFS info (device loop0): rebuilding free space tree [ 187.203751][ T8150] BTRFS info (device loop0): disabling free space tree [ 187.210751][ T8150] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 187.220431][ T8150] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 187.233181][ T8150] BTRFS info (device loop0): checking UUID tree [pid 8150] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8149] <... futex resumed>) = 0 [pid 8149] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8150] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8149] <... futex resumed>) = 0 [pid 8149] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8149] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8149] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8168 attached => {parent_tid=[8168]}, 88) = 8168 [pid 8168] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8149] rt_sigprocmask(SIG_SETMASK, [], [pid 8168] <... rseq resumed>) = 0 [pid 8149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8168] set_robust_list(0x7f0bd5e089a0, 24 [pid 8149] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8168] <... set_robust_list resumed>) = 0 [pid 8168] rt_sigprocmask(SIG_SETMASK, [], [pid 8149] <... futex resumed>) = 0 [pid 8168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8149] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8168] open(".", O_RDONLY) = 5 [pid 8168] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8149] <... futex resumed>) = 0 [pid 8168] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8149] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8149] <... futex resumed>) = 0 [pid 8168] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 187.275451][ T8150] BTRFS info (device loop0): balance: start -d -m [ 187.285609][ T8150] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 187.306635][ T8150] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8149] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8168] <... ioctl resumed>) = 0 [pid 8168] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8149] <... futex resumed>) = 0 [ 187.362549][ T8150] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 187.402241][ T8150] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8168] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8150] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8150] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8150] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8149] exit_group(0 [pid 8168] <... futex resumed>) = ? [pid 8150] <... futex resumed>) = ? [pid 8149] <... exit_group resumed>) = ? [pid 8168] +++ exited with 0 +++ [pid 8150] +++ exited with 0 +++ [pid 8149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8149, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 187.431018][ T8150] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8169 attached [pid 8169] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8169] chdir("./155") = 0 [pid 8169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8169] setpgid(0, 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8169 [pid 8169] <... setpgid resumed>) = 0 [pid 8169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8169] write(3, "1000", 4) = 4 [pid 8169] close(3) = 0 [pid 8169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8169] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8169] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8169] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8170 attached [pid 8170] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8169] <... clone3 resumed> => {parent_tid=[8170]}, 88) = 8170 [pid 8169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8169] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8169] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8170] <... rseq resumed>) = 0 [pid 8170] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8170] memfd_create("syzkaller", 0) = 3 [pid 8170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8170] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8170] close(3) = 0 [pid 8170] mkdir("./file0", 0777) = 0 [ 187.891358][ T8170] loop0: detected capacity change from 0 to 32768 [ 187.919351][ T8170] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8170) [ 187.934605][ T8170] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 187.943941][ T8170] BTRFS info (device loop0): force clearing of disk cache [ 187.951056][ T8170] BTRFS info (device loop0): setting nodatasum [ 187.957283][ T8170] BTRFS info (device loop0): allowing degraded mounts [ 187.964192][ T8170] BTRFS info (device loop0): enabling disk space caching [ 187.971220][ T8170] BTRFS info (device loop0): disk space caching is enabled [ 187.991095][ T8170] BTRFS info (device loop0): enabling ssd optimizations [ 187.998308][ T8170] BTRFS info (device loop0): auto enabling async discard [ 188.006886][ T8170] BTRFS info (device loop0): rebuilding free space tree [ 188.017942][ T8170] BTRFS info (device loop0): disabling free space tree [ 188.025193][ T8170] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 8170] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8170] chdir("./file0") = 0 [pid 8170] ioctl(4, LOOP_CLR_FD) = 0 [pid 8170] close(4) = 0 [pid 8170] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8169] <... futex resumed>) = 0 [pid 8170] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 8169] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8170] open("./file0", O_RDONLY [pid 8169] <... futex resumed>) = 0 [pid 8170] <... open resumed>) = 4 [pid 8169] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8170] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8169] <... futex resumed>) = 0 [pid 8169] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8169] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8170] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [ 188.034927][ T8170] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 188.047631][ T8170] BTRFS info (device loop0): checking UUID tree [pid 8170] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8169] <... futex resumed>) = 0 [pid 8169] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8170] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8169] <... futex resumed>) = 0 [pid 8169] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8169] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8169] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8188]}, 88) = 8188 [pid 8169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8169] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8169] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8188 attached [pid 8188] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8188] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8188] open(".", O_RDONLY) = 5 [pid 8188] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8169] <... futex resumed>) = 0 [pid 8188] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8169] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8188] <... futex resumed>) = 0 [pid 8169] <... futex resumed>) = 1 [pid 8188] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 188.106168][ T8170] BTRFS info (device loop0): balance: start -d -m [ 188.114897][ T8170] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 188.137151][ T8170] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8169] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8188] <... ioctl resumed>) = 0 [pid 8188] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8169] <... futex resumed>) = 0 [ 188.192898][ T8170] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8188] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8170] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8170] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8170] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8169] exit_group(0 [pid 8188] <... futex resumed>) = ? [pid 8188] +++ exited with 0 +++ [pid 8169] <... exit_group resumed>) = ? [pid 8170] <... futex resumed>) = ? [pid 8170] +++ exited with 0 +++ [pid 8169] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8169, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 188.233486][ T8170] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 188.250516][ T8170] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8189 attached [pid 8189] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8189] chdir("./156" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8189 [pid 8189] <... chdir resumed>) = 0 [pid 8189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8189] setpgid(0, 0) = 0 [pid 8189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8189] write(3, "1000", 4) = 4 [pid 8189] close(3) = 0 [pid 8189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8189] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8189] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8189] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8190 attached [pid 8190] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8189] <... clone3 resumed> => {parent_tid=[8190]}, 88) = 8190 [pid 8190] <... rseq resumed>) = 0 [pid 8190] set_robust_list(0x7f0bd5e299a0, 24 [pid 8189] rt_sigprocmask(SIG_SETMASK, [], [pid 8190] <... set_robust_list resumed>) = 0 [pid 8189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8190] rt_sigprocmask(SIG_SETMASK, [], [pid 8189] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8189] <... futex resumed>) = 0 [pid 8190] memfd_create("syzkaller", 0 [pid 8189] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8190] <... memfd_create resumed>) = 3 [pid 8190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8190] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8190] close(3) = 0 [pid 8190] mkdir("./file0", 0777) = 0 [ 188.802988][ T8190] loop0: detected capacity change from 0 to 32768 [ 188.817774][ T8190] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8190) [ 188.832789][ T8190] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 188.842172][ T8190] BTRFS info (device loop0): force clearing of disk cache [ 188.849354][ T8190] BTRFS info (device loop0): setting nodatasum [ 188.855560][ T8190] BTRFS info (device loop0): allowing degraded mounts [ 188.862310][ T8190] BTRFS info (device loop0): enabling disk space caching [ 188.869427][ T8190] BTRFS info (device loop0): disk space caching is enabled [ 188.888507][ T8190] BTRFS info (device loop0): enabling ssd optimizations [ 188.895511][ T8190] BTRFS info (device loop0): auto enabling async discard [pid 8190] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8190] chdir("./file0") = 0 [pid 8190] ioctl(4, LOOP_CLR_FD) = 0 [pid 8190] close(4) = 0 [pid 8190] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 188.903311][ T8190] BTRFS info (device loop0): rebuilding free space tree [ 188.915149][ T8190] BTRFS info (device loop0): disabling free space tree [ 188.922042][ T8190] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 188.931759][ T8190] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 188.944615][ T8190] BTRFS info (device loop0): checking UUID tree [pid 8190] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8189] <... futex resumed>) = 0 [pid 8189] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8190] <... futex resumed>) = 0 [pid 8189] <... futex resumed>) = 1 [pid 8189] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8190] open("./file0", O_RDONLY) = 4 [pid 8190] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8189] <... futex resumed>) = 0 [pid 8189] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8189] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8190] <... futex resumed>) = 1 [pid 8190] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8190] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8189] <... futex resumed>) = 0 [pid 8189] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8190] <... futex resumed>) = 1 [pid 8189] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8190] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8189] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8189] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8189] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8208 attached [pid 8208] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8189] <... clone3 resumed> => {parent_tid=[8208]}, 88) = 8208 [pid 8208] <... rseq resumed>) = 0 [pid 8189] rt_sigprocmask(SIG_SETMASK, [], [pid 8208] set_robust_list(0x7f0bd5e089a0, 24 [pid 8189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8208] <... set_robust_list resumed>) = 0 [pid 8189] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8208] rt_sigprocmask(SIG_SETMASK, [], [pid 8189] <... futex resumed>) = 0 [pid 8208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8189] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8208] open(".", O_RDONLY) = 5 [pid 8208] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8189] <... futex resumed>) = 0 [pid 8208] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8189] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8189] <... futex resumed>) = 0 [pid 8208] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 189.007674][ T8190] BTRFS info (device loop0): balance: start -d -m [ 189.016135][ T8190] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 189.046601][ T8190] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8189] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8208] <... ioctl resumed>) = 0 [pid 8208] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8189] <... futex resumed>) = 0 [pid 8208] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8190] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8190] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8190] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8189] exit_group(0 [pid 8208] <... futex resumed>) = ? [pid 8190] <... futex resumed>) = ? [pid 8189] <... exit_group resumed>) = ? [pid 8208] +++ exited with 0 +++ [pid 8190] +++ exited with 0 +++ [pid 8189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8189, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 [ 189.110058][ T8190] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 189.141063][ T8190] BTRFS info (device loop0): found 1 extents, stage: update data pointers umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8209 attached [pid 8209] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8209] chdir("./157") = 0 [pid 8209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8209 [pid 8209] setpgid(0, 0) = 0 [pid 8209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8209] write(3, "1000", 4) = 4 [pid 8209] close(3) = 0 [pid 8209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8209] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8209] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8209] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8210 attached [pid 8210] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8209] <... clone3 resumed> => {parent_tid=[8210]}, 88) = 8210 [pid 8210] set_robust_list(0x7f0bd5e299a0, 24 [pid 8209] rt_sigprocmask(SIG_SETMASK, [], [pid 8210] <... set_robust_list resumed>) = 0 [pid 8209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8209] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8210] memfd_create("syzkaller", 0 [pid 8209] <... futex resumed>) = 0 [pid 8209] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8210] <... memfd_create resumed>) = 3 [pid 8210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8210] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8210] close(3) = 0 [pid 8210] mkdir("./file0", 0777) = 0 [pid 8210] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 189.623140][ T8210] loop0: detected capacity change from 0 to 32768 [ 189.642768][ T8210] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8210) [pid 8210] chdir("./file0") = 0 [pid 8210] ioctl(4, LOOP_CLR_FD) = 0 [pid 8210] close(4) = 0 [pid 8210] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8209] <... futex resumed>) = 0 [pid 8210] open("./file0", O_RDONLY [pid 8209] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8210] <... open resumed>) = 4 [pid 8209] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8210] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8209] <... futex resumed>) = 0 [pid 8209] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8210] <... futex resumed>) = 1 [pid 8209] <... futex resumed>) = 0 [pid 8210] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8209] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8210] <... ioctl resumed>) = 0 [pid 8210] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8209] <... futex resumed>) = 0 [pid 8210] <... futex resumed>) = 1 [pid 8209] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8209] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 189.745291][ T8210] _btrfs_printk: 14 callbacks suppressed [ 189.745307][ T8210] BTRFS info (device loop0): balance: start -d -m [ 189.759523][ T8210] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 8210] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8209] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8209] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8209] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8228 attached [pid 8228] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8209] <... clone3 resumed> => {parent_tid=[8228]}, 88) = 8228 [pid 8228] <... rseq resumed>) = 0 [pid 8228] set_robust_list(0x7f0bd5e089a0, 24 [pid 8209] rt_sigprocmask(SIG_SETMASK, [], [pid 8228] <... set_robust_list resumed>) = 0 [pid 8209] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 189.793045][ T8210] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8228] rt_sigprocmask(SIG_SETMASK, [], [pid 8209] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8209] <... futex resumed>) = 0 [pid 8228] open(".", O_RDONLY) = 5 [pid 8228] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8228] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8209] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 8209] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8228] <... futex resumed>) = 0 [pid 8228] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8209] <... futex resumed>) = 1 [pid 8209] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8228] <... ioctl resumed>) = 0 [pid 8228] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8209] <... futex resumed>) = 0 [ 189.842928][ T8210] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 189.879807][ T8210] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8228] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8210] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8210] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8210] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8209] exit_group(0 [pid 8228] <... futex resumed>) = ? [pid 8210] <... futex resumed>) = ? [pid 8228] +++ exited with 0 +++ [pid 8210] +++ exited with 0 +++ [pid 8209] <... exit_group resumed>) = ? [pid 8209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8209, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 189.898114][ T8210] BTRFS info (device loop0): balance: ended with status: 0 unlink("./157/binderfs") = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8229 attached , child_tidptr=0x5555570ad690) = 8229 [pid 8229] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8229] chdir("./158") = 0 [pid 8229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8229] setpgid(0, 0) = 0 [pid 8229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8229] write(3, "1000", 4) = 4 [pid 8229] close(3) = 0 [pid 8229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8229] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8229] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8229] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8229] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8230 attached [pid 8230] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8229] <... clone3 resumed> => {parent_tid=[8230]}, 88) = 8230 [pid 8230] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8229] rt_sigprocmask(SIG_SETMASK, [], [pid 8230] rt_sigprocmask(SIG_SETMASK, [], [pid 8229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8229] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8229] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8230] memfd_create("syzkaller", 0) = 3 [pid 8230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8230] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8230] close(3) = 0 [pid 8230] mkdir("./file0", 0777) = 0 [ 190.378660][ T8230] loop0: detected capacity change from 0 to 32768 [ 190.393185][ T8230] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8230) [ 190.408206][ T8230] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 190.417545][ T8230] BTRFS info (device loop0): force clearing of disk cache [ 190.424727][ T8230] BTRFS info (device loop0): setting nodatasum [ 190.430874][ T8230] BTRFS info (device loop0): allowing degraded mounts [ 190.437684][ T8230] BTRFS info (device loop0): enabling disk space caching [ 190.444791][ T8230] BTRFS info (device loop0): disk space caching is enabled [ 190.464367][ T8230] BTRFS info (device loop0): enabling ssd optimizations [ 190.471362][ T8230] BTRFS info (device loop0): auto enabling async discard [pid 8230] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8230] chdir("./file0") = 0 [pid 8230] ioctl(4, LOOP_CLR_FD) = 0 [pid 8230] close(4) = 0 [pid 8230] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8229] <... futex resumed>) = 0 [pid 8230] open("./file0", O_RDONLY [pid 8229] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8230] <... open resumed>) = 4 [pid 8229] <... futex resumed>) = 0 [pid 8229] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 190.479708][ T8230] BTRFS info (device loop0): rebuilding free space tree [ 190.490830][ T8230] BTRFS info (device loop0): disabling free space tree [ 190.498117][ T8230] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 190.507796][ T8230] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 190.521137][ T8230] BTRFS info (device loop0): checking UUID tree [pid 8230] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8230] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8229] <... futex resumed>) = 0 [pid 8229] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8230] <... futex resumed>) = 0 [pid 8229] <... futex resumed>) = 1 [pid 8230] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8229] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8230] <... ioctl resumed>) = 0 [pid 8230] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8229] <... futex resumed>) = 0 [pid 8230] <... futex resumed>) = 1 [pid 8229] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8230] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8229] <... futex resumed>) = 0 [pid 8229] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8229] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8229] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8248]}, 88) = 8248 [pid 8229] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8248 attached NULL, 8) = 0 [pid 8229] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8229] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8248] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8248] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8248] open(".", O_RDONLY) = 5 [pid 8248] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8229] <... futex resumed>) = 0 [ 190.578645][ T8230] BTRFS info (device loop0): balance: start -d -m [ 190.587954][ T8230] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 190.609788][ T8230] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8248] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 8229] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8248] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8229] <... futex resumed>) = 0 [pid 8229] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8248] <... ioctl resumed>) = 0 [pid 8248] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8229] <... futex resumed>) = 0 [ 190.650994][ T8230] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8248] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8230] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8230] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8230] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8229] exit_group(0 [pid 8248] <... futex resumed>) = ? [pid 8230] <... futex resumed>) = ? [pid 8248] +++ exited with 0 +++ [pid 8230] +++ exited with 0 +++ [pid 8229] <... exit_group resumed>) = ? [pid 8229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8229, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 190.695284][ T8230] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 190.712967][ T8230] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8249 attached , child_tidptr=0x5555570ad690) = 8249 [pid 8249] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8249] chdir("./159") = 0 [pid 8249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8249] setpgid(0, 0) = 0 [pid 8249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8249] write(3, "1000", 4) = 4 [pid 8249] close(3) = 0 [pid 8249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8249] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8249] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8249] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8250 attached [pid 8250] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8249] <... clone3 resumed> => {parent_tid=[8250]}, 88) = 8250 [pid 8250] <... rseq resumed>) = 0 [pid 8250] set_robust_list(0x7f0bd5e299a0, 24 [pid 8249] rt_sigprocmask(SIG_SETMASK, [], [pid 8250] <... set_robust_list resumed>) = 0 [pid 8249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8250] rt_sigprocmask(SIG_SETMASK, [], [pid 8249] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8249] <... futex resumed>) = 0 [pid 8250] memfd_create("syzkaller", 0 [pid 8249] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8250] <... memfd_create resumed>) = 3 [pid 8250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8250] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8250] close(3) = 0 [pid 8250] mkdir("./file0", 0777) = 0 [ 191.308988][ T8250] loop0: detected capacity change from 0 to 32768 [ 191.324828][ T8250] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8250) [ 191.340898][ T8250] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 191.350223][ T8250] BTRFS info (device loop0): force clearing of disk cache [ 191.357383][ T8250] BTRFS info (device loop0): setting nodatasum [ 191.363574][ T8250] BTRFS info (device loop0): allowing degraded mounts [ 191.370412][ T8250] BTRFS info (device loop0): enabling disk space caching [ 191.377474][ T8250] BTRFS info (device loop0): disk space caching is enabled [ 191.397896][ T8250] BTRFS info (device loop0): enabling ssd optimizations [ 191.405010][ T8250] BTRFS info (device loop0): auto enabling async discard [ 191.412663][ T8250] BTRFS info (device loop0): rebuilding free space tree [ 191.424288][ T8250] BTRFS info (device loop0): disabling free space tree [ 191.431244][ T8250] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 191.441011][ T8250] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8250] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8250] chdir("./file0") = 0 [pid 8250] ioctl(4, LOOP_CLR_FD) = 0 [pid 8250] close(4) = 0 [pid 8250] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8249] <... futex resumed>) = 0 [pid 8250] open("./file0", O_RDONLY [pid 8249] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8250] <... open resumed>) = 4 [pid 8249] <... futex resumed>) = 0 [ 191.453743][ T8250] BTRFS info (device loop0): checking UUID tree [pid 8249] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8250] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8249] <... futex resumed>) = 0 [pid 8250] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8249] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8249] <... futex resumed>) = 0 [pid 8250] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8249] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8250] <... ioctl resumed>) = 0 [pid 8250] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8250] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8249] <... futex resumed>) = 0 [pid 8249] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8250] <... futex resumed>) = 0 [pid 8249] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8250] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8249] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8249] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8249] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8268]}, 88) = 8268 ./strace-static-x86_64: Process 8268 attached [pid 8268] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8268] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8249] rt_sigprocmask(SIG_SETMASK, [], [pid 8268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8268] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8249] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8268] <... futex resumed>) = 0 [pid 8249] <... futex resumed>) = 1 [pid 8268] open(".", O_RDONLY [pid 8249] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8268] <... open resumed>) = 5 [ 191.546085][ T8250] BTRFS info (device loop0): balance: start -d -m [ 191.554817][ T8250] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 191.584430][ T8250] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8268] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8249] <... futex resumed>) = 0 [pid 8268] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8249] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8249] <... futex resumed>) = 0 [pid 8268] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8249] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8268] <... ioctl resumed>) = 0 [pid 8268] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8249] <... futex resumed>) = 0 [ 191.636927][ T8250] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 191.667922][ T8250] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8268] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8250] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8250] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8249] exit_group(0 [pid 8250] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8268] <... futex resumed>) = ? [pid 8250] <... futex resumed>) = ? [pid 8268] +++ exited with 0 +++ [pid 8250] +++ exited with 0 +++ [pid 8249] <... exit_group resumed>) = ? [pid 8249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8249, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 191.685157][ T8250] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8269 attached , child_tidptr=0x5555570ad690) = 8269 [pid 8269] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8269] chdir("./160") = 0 [pid 8269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8269] setpgid(0, 0) = 0 [pid 8269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8269] write(3, "1000", 4) = 4 [pid 8269] close(3) = 0 [pid 8269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8269] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8269] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8269] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8269] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8270 attached [pid 8270] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8269] <... clone3 resumed> => {parent_tid=[8270]}, 88) = 8270 [pid 8270] <... rseq resumed>) = 0 [pid 8270] set_robust_list(0x7f0bd5e299a0, 24 [pid 8269] rt_sigprocmask(SIG_SETMASK, [], [pid 8270] <... set_robust_list resumed>) = 0 [pid 8269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8270] rt_sigprocmask(SIG_SETMASK, [], [pid 8269] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8269] <... futex resumed>) = 0 [pid 8270] memfd_create("syzkaller", 0 [pid 8269] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8270] <... memfd_create resumed>) = 3 [pid 8270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8270] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8270] close(3) = 0 [pid 8270] mkdir("./file0", 0777) = 0 [ 192.169077][ T8270] loop0: detected capacity change from 0 to 32768 [ 192.196065][ T8270] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8270) [ 192.211954][ T8270] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 192.221304][ T8270] BTRFS info (device loop0): force clearing of disk cache [ 192.228471][ T8270] BTRFS info (device loop0): setting nodatasum [ 192.234740][ T8270] BTRFS info (device loop0): allowing degraded mounts [ 192.241524][ T8270] BTRFS info (device loop0): enabling disk space caching [ 192.248645][ T8270] BTRFS info (device loop0): disk space caching is enabled [ 192.267397][ T8270] BTRFS info (device loop0): enabling ssd optimizations [ 192.274509][ T8270] BTRFS info (device loop0): auto enabling async discard [ 192.282233][ T8270] BTRFS info (device loop0): rebuilding free space tree [ 192.293496][ T8270] BTRFS info (device loop0): disabling free space tree [ 192.300938][ T8270] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 8270] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8270] chdir("./file0") = 0 [pid 8270] ioctl(4, LOOP_CLR_FD) = 0 [pid 8270] close(4) = 0 [pid 8270] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8269] <... futex resumed>) = 0 [pid 8270] <... futex resumed>) = 1 [pid 8269] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8270] open("./file0", O_RDONLY [pid 8269] <... futex resumed>) = 0 [pid 8270] <... open resumed>) = 4 [pid 8269] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8270] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8269] <... futex resumed>) = 0 [pid 8270] <... futex resumed>) = 1 [pid 8269] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8270] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8269] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8270] <... ioctl resumed>) = 0 [pid 8270] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8270] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8269] <... futex resumed>) = 0 [pid 8269] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8270] <... futex resumed>) = 0 [pid 8269] <... futex resumed>) = 1 [pid 8269] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 192.311046][ T8270] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 192.324502][ T8270] BTRFS info (device loop0): checking UUID tree [pid 8270] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8269] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8269] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8269] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8288 attached => {parent_tid=[8288]}, 88) = 8288 [pid 8288] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8269] rt_sigprocmask(SIG_SETMASK, [], [pid 8288] <... rseq resumed>) = 0 [pid 8269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8269] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8288] set_robust_list(0x7f0bd5e089a0, 24 [pid 8269] <... futex resumed>) = 0 [pid 8288] <... set_robust_list resumed>) = 0 [pid 8269] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8288] open(".", O_RDONLY) = 5 [pid 8288] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8269] <... futex resumed>) = 0 [pid 8288] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8269] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8269] <... futex resumed>) = 0 [pid 8288] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 192.377613][ T8270] BTRFS info (device loop0): balance: start -d -m [ 192.385514][ T8270] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 192.405687][ T8270] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8269] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8288] <... ioctl resumed>) = 0 [pid 8288] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8269] <... futex resumed>) = 0 [ 192.479360][ T8270] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 192.509039][ T8270] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8288] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8270] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8270] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8270] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8269] exit_group(0 [pid 8288] <... futex resumed>) = ? [pid 8270] <... futex resumed>) = ? [pid 8269] <... exit_group resumed>) = ? [pid 8288] +++ exited with 0 +++ [pid 8270] +++ exited with 0 +++ [pid 8269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8269, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 [ 192.526619][ T8270] BTRFS info (device loop0): balance: ended with status: 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8289 attached [pid 8289] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8289] chdir("./161") = 0 [pid 8289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8289 [pid 8289] setpgid(0, 0) = 0 [pid 8289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8289] write(3, "1000", 4) = 4 [pid 8289] close(3) = 0 [pid 8289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8289] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8289] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8289] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8290 attached => {parent_tid=[8290]}, 88) = 8290 [pid 8290] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8289] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8289] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8290] <... rseq resumed>) = 0 [pid 8290] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8290] memfd_create("syzkaller", 0) = 3 [pid 8290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8290] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8290] close(3) = 0 [pid 8290] mkdir("./file0", 0777) = 0 [ 193.020218][ T8290] loop0: detected capacity change from 0 to 32768 [ 193.035607][ T8290] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8290) [ 193.051738][ T8290] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 193.061073][ T8290] BTRFS info (device loop0): force clearing of disk cache [ 193.068244][ T8290] BTRFS info (device loop0): setting nodatasum [ 193.074472][ T8290] BTRFS info (device loop0): allowing degraded mounts [ 193.081251][ T8290] BTRFS info (device loop0): enabling disk space caching [ 193.088410][ T8290] BTRFS info (device loop0): disk space caching is enabled [ 193.107745][ T8290] BTRFS info (device loop0): enabling ssd optimizations [pid 8290] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8290] chdir("./file0") = 0 [pid 8290] ioctl(4, LOOP_CLR_FD) = 0 [pid 8290] close(4) = 0 [ 193.114882][ T8290] BTRFS info (device loop0): auto enabling async discard [ 193.122768][ T8290] BTRFS info (device loop0): rebuilding free space tree [ 193.134034][ T8290] BTRFS info (device loop0): disabling free space tree [ 193.140924][ T8290] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 193.150615][ T8290] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 193.162955][ T8290] BTRFS info (device loop0): checking UUID tree [pid 8290] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8289] <... futex resumed>) = 0 [pid 8290] open("./file0", O_RDONLY [pid 8289] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8290] <... open resumed>) = 4 [pid 8289] <... futex resumed>) = 0 [pid 8289] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8290] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8289] <... futex resumed>) = 0 [pid 8289] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8289] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8290] <... futex resumed>) = 1 [pid 8290] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8290] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8290] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8289] <... futex resumed>) = 0 [pid 8289] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8290] <... futex resumed>) = 0 [pid 8290] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8289] <... futex resumed>) = 1 [ 193.248066][ T8290] BTRFS info (device loop0): balance: start -d -m [ 193.255972][ T8290] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 193.278485][ T8290] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8289] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8289] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8289] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8308]}, 88) = 8308 [pid 8289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8289] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8289] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8308 attached [pid 8308] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8308] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8308] open(".", O_RDONLY) = 5 [pid 8308] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8289] <... futex resumed>) = 0 [pid 8289] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8308] <... futex resumed>) = 1 [pid 8289] <... futex resumed>) = 0 [pid 8308] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8289] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8308] <... ioctl resumed>) = 0 [pid 8308] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8289] <... futex resumed>) = 0 [pid 8308] <... futex resumed>) = 1 [ 193.327993][ T8290] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 193.367014][ T8290] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8308] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8290] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8290] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8290] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8289] exit_group(0 [pid 8308] <... futex resumed>) = ? [pid 8289] <... exit_group resumed>) = ? [pid 8308] +++ exited with 0 +++ [pid 8290] <... futex resumed>) = ? [pid 8290] +++ exited with 0 +++ [pid 8289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8289, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 193.385281][ T8290] BTRFS info (device loop0): balance: ended with status: 0 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8309 attached , child_tidptr=0x5555570ad690) = 8309 [pid 8309] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8309] chdir("./162") = 0 [pid 8309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8309] setpgid(0, 0) = 0 [pid 8309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8309] write(3, "1000", 4) = 4 [pid 8309] close(3) = 0 [pid 8309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8309] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8309] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8309] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8310 attached => {parent_tid=[8310]}, 88) = 8310 [pid 8310] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8309] rt_sigprocmask(SIG_SETMASK, [], [pid 8310] <... rseq resumed>) = 0 [pid 8310] set_robust_list(0x7f0bd5e299a0, 24 [pid 8309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8310] <... set_robust_list resumed>) = 0 [pid 8309] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8310] rt_sigprocmask(SIG_SETMASK, [], [pid 8309] <... futex resumed>) = 0 [pid 8310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8309] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8310] memfd_create("syzkaller", 0) = 3 [pid 8310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8310] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8310] close(3) = 0 [pid 8310] mkdir("./file0", 0777) = 0 [ 193.851168][ T8310] loop0: detected capacity change from 0 to 32768 [ 193.865874][ T8310] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8310) [ 193.880703][ T8310] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 193.890651][ T8310] BTRFS info (device loop0): force clearing of disk cache [ 193.897874][ T8310] BTRFS info (device loop0): setting nodatasum [ 193.904175][ T8310] BTRFS info (device loop0): allowing degraded mounts [ 193.910960][ T8310] BTRFS info (device loop0): enabling disk space caching [ 193.918316][ T8310] BTRFS info (device loop0): disk space caching is enabled [ 193.938169][ T8310] BTRFS info (device loop0): enabling ssd optimizations [pid 8310] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8310] chdir("./file0") = 0 [pid 8310] ioctl(4, LOOP_CLR_FD) = 0 [ 193.945228][ T8310] BTRFS info (device loop0): auto enabling async discard [ 193.953068][ T8310] BTRFS info (device loop0): rebuilding free space tree [ 193.964579][ T8310] BTRFS info (device loop0): disabling free space tree [ 193.971497][ T8310] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 193.981181][ T8310] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 193.993758][ T8310] BTRFS info (device loop0): checking UUID tree [pid 8310] close(4) = 0 [pid 8310] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8310] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8309] <... futex resumed>) = 0 [pid 8309] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8309] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8310] <... futex resumed>) = 0 [pid 8310] open("./file0", O_RDONLY) = 4 [pid 8310] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8309] <... futex resumed>) = 0 [pid 8310] <... futex resumed>) = 1 [pid 8309] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8310] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8309] <... futex resumed>) = 0 [pid 8310] <... ioctl resumed>) = 0 [pid 8309] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8310] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8309] <... futex resumed>) = 0 [pid 8310] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 8309] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8310] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8309] <... futex resumed>) = 0 [pid 8309] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8309] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8309] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8328]}, 88) = 8328 ./strace-static-x86_64: Process 8328 attached [pid 8309] rt_sigprocmask(SIG_SETMASK, [], [pid 8328] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8328] <... rseq resumed>) = 0 [pid 8309] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8328] set_robust_list(0x7f0bd5e089a0, 24 [pid 8309] <... futex resumed>) = 0 [pid 8309] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8328] <... set_robust_list resumed>) = 0 [ 194.080262][ T8310] BTRFS info (device loop0): balance: start -d -m [ 194.089020][ T8310] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 194.113662][ T8310] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8328] open(".", O_RDONLY) = 5 [pid 8328] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8309] <... futex resumed>) = 0 [pid 8328] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8309] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8309] <... futex resumed>) = 0 [pid 8328] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 194.155481][ T8310] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8309] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8328] <... ioctl resumed>) = 0 [pid 8328] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8309] <... futex resumed>) = 0 [pid 8328] <... futex resumed>) = 1 [pid 8328] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8310] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8310] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8310] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8309] exit_group(0 [pid 8328] <... futex resumed>) = ? [pid 8310] <... futex resumed>) = ? [pid 8328] +++ exited with 0 +++ [pid 8310] +++ exited with 0 +++ [pid 8309] <... exit_group resumed>) = ? [pid 8309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8309, si_uid=0, si_status=0, si_utime=0, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 194.200276][ T8310] BTRFS info (device loop0): found 1 extents, stage: update data pointers newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ad690) = 8329 ./strace-static-x86_64: Process 8329 attached [pid 8329] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8329] chdir("./163") = 0 [pid 8329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8329] setpgid(0, 0) = 0 [pid 8329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8329] write(3, "1000", 4) = 4 [pid 8329] close(3) = 0 [pid 8329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8329] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8329] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8329] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8330 attached [pid 8330] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8329] <... clone3 resumed> => {parent_tid=[8330]}, 88) = 8330 [pid 8330] <... rseq resumed>) = 0 [pid 8330] set_robust_list(0x7f0bd5e299a0, 24 [pid 8329] rt_sigprocmask(SIG_SETMASK, [], [pid 8330] <... set_robust_list resumed>) = 0 [pid 8329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8330] rt_sigprocmask(SIG_SETMASK, [], [pid 8329] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8329] <... futex resumed>) = 0 [pid 8330] memfd_create("syzkaller", 0 [pid 8329] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8330] <... memfd_create resumed>) = 3 [pid 8330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8330] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8330] close(3) = 0 [pid 8330] mkdir("./file0", 0777) = 0 [ 194.877893][ T8330] loop0: detected capacity change from 0 to 32768 [ 194.891924][ T8330] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8330) [ 194.907839][ T8330] _btrfs_printk: 1 callbacks suppressed [ 194.907876][ T8330] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 194.922740][ T8330] BTRFS info (device loop0): force clearing of disk cache [ 194.929930][ T8330] BTRFS info (device loop0): setting nodatasum [ 194.936205][ T8330] BTRFS info (device loop0): allowing degraded mounts [ 194.943002][ T8330] BTRFS info (device loop0): enabling disk space caching [ 194.950082][ T8330] BTRFS info (device loop0): disk space caching is enabled [ 194.971041][ T8330] BTRFS info (device loop0): enabling ssd optimizations [ 194.978381][ T8330] BTRFS info (device loop0): auto enabling async discard [ 194.986498][ T8330] BTRFS info (device loop0): rebuilding free space tree [ 194.997834][ T8330] BTRFS info (device loop0): disabling free space tree [ 195.004847][ T8330] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 195.014847][ T8330] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8330] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8330] chdir("./file0") = 0 [pid 8330] ioctl(4, LOOP_CLR_FD) = 0 [pid 8330] close(4) = 0 [pid 8330] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8329] <... futex resumed>) = 0 [pid 8330] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 195.027498][ T8330] BTRFS info (device loop0): checking UUID tree [pid 8329] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8330] <... futex resumed>) = 0 [pid 8329] <... futex resumed>) = 1 [pid 8330] open("./file0", O_RDONLY [pid 8329] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8330] <... open resumed>) = 4 [pid 8330] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8329] <... futex resumed>) = 0 [pid 8330] <... futex resumed>) = 1 [pid 8329] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8330] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8329] <... futex resumed>) = 0 [pid 8330] <... ioctl resumed>) = 0 [pid 8329] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8330] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8329] <... futex resumed>) = 0 [pid 8329] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8329] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8330] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8329] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8329] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 8329] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8329] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8348 attached => {parent_tid=[8348]}, 88) = 8348 [pid 8348] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8329] rt_sigprocmask(SIG_SETMASK, [], [pid 8348] <... rseq resumed>) = 0 [pid 8329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8348] set_robust_list(0x7f0bd5e089a0, 24 [pid 8329] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8348] <... set_robust_list resumed>) = 0 [pid 8329] <... futex resumed>) = 0 [pid 8348] rt_sigprocmask(SIG_SETMASK, [], [pid 8329] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8348] open(".", O_RDONLY) = 5 [pid 8348] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8329] <... futex resumed>) = 0 [pid 8348] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8329] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8329] <... futex resumed>) = 0 [pid 8348] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 195.092048][ T8330] BTRFS info (device loop0): balance: start -d -m [ 195.101263][ T8330] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 195.125581][ T8330] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8329] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8348] <... ioctl resumed>) = 0 [pid 8348] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8329] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8348] <... futex resumed>) = 0 [pid 8348] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8330] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8330] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8330] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8329] exit_group(0 [pid 8348] <... futex resumed>) = ? [pid 8330] <... futex resumed>) = ? [pid 8329] <... exit_group resumed>) = ? [pid 8348] +++ exited with 0 +++ [pid 8330] +++ exited with 0 +++ [pid 8329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8329, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- [ 195.224723][ T8330] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 195.245987][ T8330] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 195.263391][ T8330] BTRFS info (device loop0): balance: ended with status: 0 umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8349 attached , child_tidptr=0x5555570ad690) = 8349 [pid 8349] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8349] chdir("./164") = 0 [pid 8349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8349] setpgid(0, 0) = 0 [pid 8349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8349] write(3, "1000", 4) = 4 [pid 8349] close(3) = 0 [pid 8349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8349] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8349] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8349] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8350 attached [pid 8350] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8349] <... clone3 resumed> => {parent_tid=[8350]}, 88) = 8350 [pid 8349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8350] <... rseq resumed>) = 0 [pid 8349] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8349] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8350] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8350] memfd_create("syzkaller", 0) = 3 [pid 8350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8350] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8350] close(3) = 0 [pid 8350] mkdir("./file0", 0777) = 0 [ 195.806281][ T8350] loop0: detected capacity change from 0 to 32768 [ 195.821718][ T8350] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8350) [ 195.837813][ T8350] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 195.847225][ T8350] BTRFS info (device loop0): force clearing of disk cache [ 195.854400][ T8350] BTRFS info (device loop0): setting nodatasum [ 195.860558][ T8350] BTRFS info (device loop0): allowing degraded mounts [ 195.867376][ T8350] BTRFS info (device loop0): enabling disk space caching [ 195.874904][ T8350] BTRFS info (device loop0): disk space caching is enabled [ 195.893062][ T8350] BTRFS info (device loop0): enabling ssd optimizations [pid 8350] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8350] chdir("./file0") = 0 [pid 8350] ioctl(4, LOOP_CLR_FD) = 0 [pid 8350] close(4) = 0 [pid 8350] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8349] <... futex resumed>) = 0 [pid 8350] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8349] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8349] <... futex resumed>) = 0 [pid 8350] open("./file0", O_RDONLY [pid 8349] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8350] <... open resumed>) = 4 [pid 8350] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8349] <... futex resumed>) = 0 [pid 8349] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8350] <... futex resumed>) = 1 [pid 8349] <... futex resumed>) = 0 [ 195.900166][ T8350] BTRFS info (device loop0): auto enabling async discard [ 195.908272][ T8350] BTRFS info (device loop0): rebuilding free space tree [ 195.920597][ T8350] BTRFS info (device loop0): disabling free space tree [ 195.927655][ T8350] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 195.937389][ T8350] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 195.950060][ T8350] BTRFS info (device loop0): checking UUID tree [pid 8350] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8349] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8350] <... ioctl resumed>) = 0 [pid 8350] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8350] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8349] <... futex resumed>) = 0 [pid 8349] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8350] <... futex resumed>) = 0 [pid 8349] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8350] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8349] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8349] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8349] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8368]}, 88) = 8368 [pid 8349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8349] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8349] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8368 attached [pid 8368] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8368] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8368] open(".", O_RDONLY) = 5 [pid 8368] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8349] <... futex resumed>) = 0 [pid 8368] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8349] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8349] <... futex resumed>) = 0 [pid 8368] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 196.015639][ T8350] BTRFS info (device loop0): balance: start -d -m [ 196.025200][ T8350] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 196.045455][ T8350] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8349] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8368] <... ioctl resumed>) = 0 [pid 8368] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8349] <... futex resumed>) = 0 [ 196.107250][ T8350] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 196.143746][ T8350] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8368] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8350] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8350] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8349] exit_group(0 [pid 8350] <... futex resumed>) = 0 [pid 8368] <... futex resumed>) = ? [pid 8349] <... exit_group resumed>) = ? [pid 8350] +++ exited with 0 +++ [pid 8368] +++ exited with 0 +++ [pid 8349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8349, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 196.161385][ T8350] BTRFS info (device loop0): balance: ended with status: 0 unlink("./164/binderfs") = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8369 attached , child_tidptr=0x5555570ad690) = 8369 [pid 8369] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8369] chdir("./165") = 0 [pid 8369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8369] setpgid(0, 0) = 0 [pid 8369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8369] write(3, "1000", 4) = 4 [pid 8369] close(3) = 0 [pid 8369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8369] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8369] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8369] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8370 attached => {parent_tid=[8370]}, 88) = 8370 [pid 8370] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8370] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8369] rt_sigprocmask(SIG_SETMASK, [], [pid 8370] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8369] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8370] <... futex resumed>) = 0 [pid 8369] <... futex resumed>) = 1 [pid 8370] memfd_create("syzkaller", 0 [pid 8369] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8370] <... memfd_create resumed>) = 3 [pid 8370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8370] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8370] close(3) = 0 [pid 8370] mkdir("./file0", 0777) = 0 [ 196.673266][ T8370] loop0: detected capacity change from 0 to 32768 [ 196.692904][ T8370] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8370) [ 196.708965][ T8370] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 196.718338][ T8370] BTRFS info (device loop0): force clearing of disk cache [ 196.725565][ T8370] BTRFS info (device loop0): setting nodatasum [ 196.731747][ T8370] BTRFS info (device loop0): allowing degraded mounts [ 196.738584][ T8370] BTRFS info (device loop0): enabling disk space caching [ 196.745661][ T8370] BTRFS info (device loop0): disk space caching is enabled [ 196.764509][ T8370] BTRFS info (device loop0): enabling ssd optimizations [ 196.771477][ T8370] BTRFS info (device loop0): auto enabling async discard [ 196.779464][ T8370] BTRFS info (device loop0): rebuilding free space tree [ 196.790485][ T8370] BTRFS info (device loop0): disabling free space tree [ 196.797458][ T8370] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 196.807181][ T8370] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8370] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8370] chdir("./file0") = 0 [pid 8370] ioctl(4, LOOP_CLR_FD) = 0 [pid 8370] close(4) = 0 [pid 8370] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8370] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8369] <... futex resumed>) = 0 [pid 8369] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8370] <... futex resumed>) = 0 [pid 8369] <... futex resumed>) = 1 [pid 8370] open("./file0", O_RDONLY [pid 8369] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8370] <... open resumed>) = 4 [ 196.819862][ T8370] BTRFS info (device loop0): checking UUID tree [pid 8370] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8369] <... futex resumed>) = 0 [pid 8370] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8369] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8369] <... futex resumed>) = 0 [pid 8370] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8369] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8370] <... ioctl resumed>) = 0 [pid 8370] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8370] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8369] <... futex resumed>) = 0 [pid 8369] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8370] <... futex resumed>) = 0 [pid 8369] <... futex resumed>) = 1 [pid 8370] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8369] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8369] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8369] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8388 attached [pid 8388] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8369] <... clone3 resumed> => {parent_tid=[8388]}, 88) = 8388 [pid 8388] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8369] rt_sigprocmask(SIG_SETMASK, [], [pid 8388] rt_sigprocmask(SIG_SETMASK, [], [pid 8369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8369] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8388] open(".", O_RDONLY [pid 8369] <... futex resumed>) = 0 [pid 8388] <... open resumed>) = 5 [pid 8369] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8388] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8388] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 8369] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8388] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8369] <... futex resumed>) = 0 [ 196.900555][ T8370] BTRFS info (device loop0): balance: start -d -m [ 196.910062][ T8370] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 196.936610][ T8370] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8369] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8388] <... ioctl resumed>) = 0 [pid 8388] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8369] <... futex resumed>) = 0 [pid 8388] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8370] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8370] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8369] exit_group(0 [pid 8370] <... futex resumed>) = 0 [pid 8388] <... futex resumed>) = ? [pid 8388] +++ exited with 0 +++ [pid 8369] <... exit_group resumed>) = ? [ 196.990245][ T8370] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 197.010959][ T8370] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 197.029596][ T8370] BTRFS info (device loop0): balance: ended with status: 0 [pid 8370] +++ exited with 0 +++ [pid 8369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8369, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8389 attached , child_tidptr=0x5555570ad690) = 8389 [pid 8389] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8389] chdir("./166") = 0 [pid 8389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8389] setpgid(0, 0) = 0 [pid 8389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8389] write(3, "1000", 4) = 4 [pid 8389] close(3) = 0 [pid 8389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8389] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8389] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8389] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8390 attached [pid 8390] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8389] <... clone3 resumed> => {parent_tid=[8390]}, 88) = 8390 [pid 8390] <... rseq resumed>) = 0 [pid 8390] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8389] rt_sigprocmask(SIG_SETMASK, [], [pid 8390] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8389] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8390] <... futex resumed>) = 0 [pid 8389] <... futex resumed>) = 1 [pid 8390] memfd_create("syzkaller", 0 [pid 8389] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8390] <... memfd_create resumed>) = 3 [pid 8390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8390] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8390] close(3) = 0 [pid 8390] mkdir("./file0", 0777) = 0 [ 197.590229][ T8390] loop0: detected capacity change from 0 to 32768 [ 197.599798][ T8390] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8390) [ 197.615081][ T8390] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 197.624628][ T8390] BTRFS info (device loop0): force clearing of disk cache [ 197.631775][ T8390] BTRFS info (device loop0): setting nodatasum [ 197.638113][ T8390] BTRFS info (device loop0): allowing degraded mounts [ 197.644983][ T8390] BTRFS info (device loop0): enabling disk space caching [ 197.652028][ T8390] BTRFS info (device loop0): disk space caching is enabled [ 197.671639][ T8390] BTRFS info (device loop0): enabling ssd optimizations [ 197.678979][ T8390] BTRFS info (device loop0): auto enabling async discard [pid 8390] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8390] chdir("./file0") = 0 [pid 8390] ioctl(4, LOOP_CLR_FD) = 0 [pid 8390] close(4) = 0 [pid 8390] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8389] <... futex resumed>) = 0 [pid 8389] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8390] open("./file0", O_RDONLY [pid 8389] <... futex resumed>) = 0 [pid 8390] <... open resumed>) = 4 [ 197.687183][ T8390] BTRFS info (device loop0): rebuilding free space tree [ 197.698183][ T8390] BTRFS info (device loop0): disabling free space tree [ 197.705368][ T8390] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 197.715050][ T8390] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 197.728312][ T8390] BTRFS info (device loop0): checking UUID tree [pid 8389] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8390] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8389] <... futex resumed>) = 0 [pid 8389] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8390] <... futex resumed>) = 1 [pid 8389] <... futex resumed>) = 0 [pid 8390] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8389] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8390] <... ioctl resumed>) = 0 [pid 8390] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8389] <... futex resumed>) = 0 [pid 8390] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8389] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8389] <... futex resumed>) = 0 [pid 8390] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8389] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8389] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8389] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8408 attached [pid 8408] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8389] <... clone3 resumed> => {parent_tid=[8408]}, 88) = 8408 [pid 8408] <... rseq resumed>) = 0 [pid 8408] set_robust_list(0x7f0bd5e089a0, 24 [pid 8389] rt_sigprocmask(SIG_SETMASK, [], [pid 8408] <... set_robust_list resumed>) = 0 [pid 8389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8408] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8389] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8389] <... futex resumed>) = 0 [pid 8408] open(".", O_RDONLY) = 5 [pid 8389] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8408] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8408] <... futex resumed>) = 0 [pid 8408] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8389] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8408] <... futex resumed>) = 0 [pid 8408] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 197.770435][ T8390] BTRFS info (device loop0): balance: start -d -m [ 197.785224][ T8390] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 197.808978][ T8390] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8389] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8408] <... ioctl resumed>) = 0 [pid 8408] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8389] <... futex resumed>) = 0 [ 197.878684][ T8390] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 197.912042][ T8390] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8408] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8390] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8390] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8389] exit_group(0 [pid 8408] <... futex resumed>) = ? [pid 8390] <... futex resumed>) = ? [pid 8408] +++ exited with 0 +++ [pid 8389] <... exit_group resumed>) = ? [pid 8390] +++ exited with 0 +++ [pid 8389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8389, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 197.934742][ T8390] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8409 attached , child_tidptr=0x5555570ad690) = 8409 [pid 8409] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8409] chdir("./167") = 0 [pid 8409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8409] setpgid(0, 0) = 0 [pid 8409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8409] write(3, "1000", 4) = 4 [pid 8409] close(3) = 0 [pid 8409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8409] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8409] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8409] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8410 attached => {parent_tid=[8410]}, 88) = 8410 [pid 8410] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8410] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8410] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8409] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8410] <... futex resumed>) = 0 [pid 8410] memfd_create("syzkaller", 0 [pid 8409] <... futex resumed>) = 1 [pid 8409] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8410] <... memfd_create resumed>) = 3 [pid 8410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8410] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8410] close(3) = 0 [pid 8410] mkdir("./file0", 0777) = 0 [ 198.423375][ T8410] loop0: detected capacity change from 0 to 32768 [ 198.438360][ T8410] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8410) [ 198.453525][ T8410] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 198.462860][ T8410] BTRFS info (device loop0): force clearing of disk cache [ 198.470083][ T8410] BTRFS info (device loop0): setting nodatasum [ 198.476431][ T8410] BTRFS info (device loop0): allowing degraded mounts [ 198.483241][ T8410] BTRFS info (device loop0): enabling disk space caching [ 198.490348][ T8410] BTRFS info (device loop0): disk space caching is enabled [ 198.509165][ T8410] BTRFS info (device loop0): enabling ssd optimizations [ 198.516210][ T8410] BTRFS info (device loop0): auto enabling async discard [pid 8410] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8410] chdir("./file0") = 0 [pid 8410] ioctl(4, LOOP_CLR_FD) = 0 [pid 8410] close(4) = 0 [ 198.524839][ T8410] BTRFS info (device loop0): rebuilding free space tree [ 198.535897][ T8410] BTRFS info (device loop0): disabling free space tree [ 198.542816][ T8410] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 198.552615][ T8410] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 198.565170][ T8410] BTRFS info (device loop0): checking UUID tree [pid 8410] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8410] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8409] <... futex resumed>) = 0 [pid 8409] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8410] <... futex resumed>) = 0 [pid 8409] <... futex resumed>) = 1 [pid 8410] open("./file0", O_RDONLY [pid 8409] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8410] <... open resumed>) = 4 [pid 8410] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8409] <... futex resumed>) = 0 [pid 8410] <... futex resumed>) = 1 [pid 8410] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8409] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8410] <... ioctl resumed>) = 0 [pid 8409] <... futex resumed>) = 0 [pid 8409] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8410] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8410] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8409] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8409] <... futex resumed>) = 0 [pid 8410] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8409] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8409] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8409] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8428 attached => {parent_tid=[8428]}, 88) = 8428 [ 198.638733][ T8410] BTRFS info (device loop0): balance: start -d -m [ 198.647555][ T8410] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 198.669651][ T8410] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8428] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8409] rt_sigprocmask(SIG_SETMASK, [], [pid 8428] <... rseq resumed>) = 0 [pid 8409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8409] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8409] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8428] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8428] open(".", O_RDONLY) = 5 [pid 8428] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8409] <... futex resumed>) = 0 [pid 8428] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8409] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8409] <... futex resumed>) = 0 [pid 8428] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8409] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8428] <... ioctl resumed>) = 0 [pid 8428] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8409] <... futex resumed>) = 0 [ 198.711603][ T8410] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8428] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8410] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8410] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8410] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8409] exit_group(0 [pid 8428] <... futex resumed>) = ? [pid 8410] <... futex resumed>) = ? [pid 8409] <... exit_group resumed>) = ? [pid 8428] +++ exited with 0 +++ [pid 8410] +++ exited with 0 +++ [pid 8409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8409, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 198.763922][ T8410] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 198.786377][ T8410] BTRFS info (device loop0): balance: ended with status: 0 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8429 attached , child_tidptr=0x5555570ad690) = 8429 [pid 8429] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8429] chdir("./168") = 0 [pid 8429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8429] setpgid(0, 0) = 0 [pid 8429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8429] write(3, "1000", 4) = 4 [pid 8429] close(3) = 0 [pid 8429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8429] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8429] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8429] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8430 attached [pid 8430] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8429] <... clone3 resumed> => {parent_tid=[8430]}, 88) = 8430 [pid 8430] <... rseq resumed>) = 0 [pid 8429] rt_sigprocmask(SIG_SETMASK, [], [pid 8430] set_robust_list(0x7f0bd5e299a0, 24 [pid 8429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8430] <... set_robust_list resumed>) = 0 [pid 8429] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] rt_sigprocmask(SIG_SETMASK, [], [pid 8429] <... futex resumed>) = 0 [pid 8430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8430] memfd_create("syzkaller", 0 [pid 8429] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8430] <... memfd_create resumed>) = 3 [pid 8430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8430] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8430] close(3) = 0 [pid 8430] mkdir("./file0", 0777) = 0 [ 199.318956][ T8430] loop0: detected capacity change from 0 to 32768 [ 199.332522][ T8430] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8430) [ 199.348747][ T8430] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 199.358085][ T8430] BTRFS info (device loop0): force clearing of disk cache [pid 8430] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8430] chdir("./file0") = 0 [ 199.365264][ T8430] BTRFS info (device loop0): setting nodatasum [ 199.371443][ T8430] BTRFS info (device loop0): allowing degraded mounts [ 199.378260][ T8430] BTRFS info (device loop0): enabling disk space caching [pid 8430] ioctl(4, LOOP_CLR_FD) = 0 [pid 8430] close(4) = 0 [pid 8430] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8429] <... futex resumed>) = 0 [pid 8430] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8429] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8429] <... futex resumed>) = 0 [pid 8430] open("./file0", O_RDONLY [pid 8429] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8430] <... open resumed>) = 4 [pid 8430] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8429] <... futex resumed>) = 0 [pid 8430] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8429] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8429] <... futex resumed>) = 0 [pid 8430] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8429] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8430] <... ioctl resumed>) = 0 [pid 8430] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8429] <... futex resumed>) = 0 [pid 8430] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8429] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8429] <... futex resumed>) = 0 [pid 8430] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8429] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8429] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8429] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8448]}, 88) = 8448 [pid 8429] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8448 attached [pid 8448] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8448] <... rseq resumed>) = 0 [pid 8429] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8448] set_robust_list(0x7f0bd5e089a0, 24 [pid 8429] <... futex resumed>) = 0 [pid 8448] <... set_robust_list resumed>) = 0 [pid 8429] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8448] open(".", O_RDONLY) = 5 [pid 8448] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8429] <... futex resumed>) = 0 [pid 8448] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8429] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8429] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8448] <... ioctl resumed>) = 0 [pid 8448] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8429] <... futex resumed>) = 0 [pid 8448] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8430] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8430] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8430] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8429] exit_group(0 [pid 8448] <... futex resumed>) = ? [pid 8430] <... futex resumed>) = ? [pid 8429] <... exit_group resumed>) = ? [pid 8448] +++ exited with 0 +++ [pid 8430] +++ exited with 0 +++ [pid 8429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8429, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8449 attached [pid 8449] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8449] chdir("./169") = 0 [pid 8449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8449 [pid 8449] setpgid(0, 0) = 0 [pid 8449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8449] write(3, "1000", 4) = 4 [pid 8449] close(3) = 0 [pid 8449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8449] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8449] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8449] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8449] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8450 attached => {parent_tid=[8450]}, 88) = 8450 [pid 8450] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8449] rt_sigprocmask(SIG_SETMASK, [], [pid 8450] <... rseq resumed>) = 0 [pid 8449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8449] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8450] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8449] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8450] memfd_create("syzkaller", 0) = 3 [pid 8450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8450] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8450] close(3) = 0 [pid 8450] mkdir("./file0", 0777) = 0 [ 200.108063][ T8450] loop0: detected capacity change from 0 to 32768 [ 200.122962][ T8450] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8450) [ 200.138751][ T8450] _btrfs_printk: 14 callbacks suppressed [ 200.138761][ T8450] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 200.153751][ T8450] BTRFS info (device loop0): force clearing of disk cache [ 200.160909][ T8450] BTRFS info (device loop0): setting nodatasum [ 200.167115][ T8450] BTRFS info (device loop0): allowing degraded mounts [ 200.173922][ T8450] BTRFS info (device loop0): enabling disk space caching [ 200.180958][ T8450] BTRFS info (device loop0): disk space caching is enabled [ 200.202902][ T8450] BTRFS info (device loop0): enabling ssd optimizations [ 200.210006][ T8450] BTRFS info (device loop0): auto enabling async discard [ 200.218084][ T8450] BTRFS info (device loop0): rebuilding free space tree [ 200.229389][ T8450] BTRFS info (device loop0): disabling free space tree [ 200.236361][ T8450] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 200.246068][ T8450] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8450] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8450] chdir("./file0") = 0 [pid 8450] ioctl(4, LOOP_CLR_FD) = 0 [pid 8450] close(4) = 0 [pid 8450] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8449] <... futex resumed>) = 0 [pid 8450] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8449] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8449] <... futex resumed>) = 0 [pid 8449] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8450] open("./file0", O_RDONLY) = 4 [pid 8450] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8450] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8449] <... futex resumed>) = 0 [pid 8449] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 200.258777][ T8450] BTRFS info (device loop0): checking UUID tree [pid 8449] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8450] <... futex resumed>) = 0 [pid 8450] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8450] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8450] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8449] <... futex resumed>) = 0 [pid 8449] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8450] <... futex resumed>) = 0 [pid 8449] <... futex resumed>) = 1 [pid 8450] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8449] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8449] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8449] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8468]}, 88) = 8468 [pid 8449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8449] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8468 attached [pid 8468] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8468] set_robust_list(0x7f0bd5e089a0, 24 [pid 8449] <... futex resumed>) = 0 [pid 8468] <... set_robust_list resumed>) = 0 [pid 8468] rt_sigprocmask(SIG_SETMASK, [], [pid 8449] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8468] open(".", O_RDONLY) = 5 [pid 8468] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8468] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8449] <... futex resumed>) = 0 [pid 8468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8449] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8468] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8449] <... futex resumed>) = 0 [ 200.356925][ T8450] BTRFS info (device loop0): balance: start -d -m [ 200.366499][ T8450] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 200.392934][ T8450] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8449] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8468] <... ioctl resumed>) = 0 [pid 8468] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8449] <... futex resumed>) = 0 [pid 8468] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8450] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8450] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8450] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8449] exit_group(0 [pid 8468] <... futex resumed>) = ? [pid 8450] <... futex resumed>) = ? [pid 8449] <... exit_group resumed>) = ? [pid 8468] +++ exited with 0 +++ [pid 8450] +++ exited with 0 +++ [pid 8449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8449, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 200.453504][ T8450] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 200.475046][ T8450] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 200.492540][ T8450] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8469 attached [pid 8469] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8469] chdir("./170") = 0 [pid 8469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8469 [pid 8469] setpgid(0, 0) = 0 [pid 8469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8469] write(3, "1000", 4) = 4 [pid 8469] close(3) = 0 [pid 8469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8469] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8469] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8469] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8470 attached [pid 8470] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8469] <... clone3 resumed> => {parent_tid=[8470]}, 88) = 8470 [pid 8470] <... rseq resumed>) = 0 [pid 8469] rt_sigprocmask(SIG_SETMASK, [], [pid 8470] set_robust_list(0x7f0bd5e299a0, 24 [pid 8469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8470] <... set_robust_list resumed>) = 0 [pid 8470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8470] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8469] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8470] <... futex resumed>) = 0 [pid 8469] <... futex resumed>) = 1 [pid 8469] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8470] memfd_create("syzkaller", 0) = 3 [pid 8470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8470] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8470] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8470] close(3) = 0 [pid 8470] mkdir("./file0", 0777) = 0 [ 200.919811][ T8470] loop0: detected capacity change from 0 to 32768 [ 200.934640][ T8470] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8470) [ 200.949707][ T8470] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 200.959059][ T8470] BTRFS info (device loop0): force clearing of disk cache [ 200.966324][ T8470] BTRFS info (device loop0): setting nodatasum [ 200.972507][ T8470] BTRFS info (device loop0): allowing degraded mounts [ 200.979371][ T8470] BTRFS info (device loop0): enabling disk space caching [ 200.986496][ T8470] BTRFS info (device loop0): disk space caching is enabled [ 201.005506][ T8470] BTRFS info (device loop0): enabling ssd optimizations [ 201.012475][ T8470] BTRFS info (device loop0): auto enabling async discard [pid 8470] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8470] chdir("./file0") = 0 [pid 8470] ioctl(4, LOOP_CLR_FD) = 0 [pid 8470] close(4) = 0 [pid 8470] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8469] <... futex resumed>) = 0 [pid 8470] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8469] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8469] <... futex resumed>) = 0 [pid 8470] open("./file0", O_RDONLY [pid 8469] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8470] <... open resumed>) = 4 [pid 8470] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8469] <... futex resumed>) = 0 [pid 8470] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8469] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8469] <... futex resumed>) = 0 [pid 8470] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8469] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8470] <... ioctl resumed>) = 0 [pid 8470] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8469] <... futex resumed>) = 0 [pid 8470] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8469] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8469] <... futex resumed>) = 0 [pid 8470] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 201.021258][ T8470] BTRFS info (device loop0): rebuilding free space tree [ 201.032211][ T8470] BTRFS info (device loop0): disabling free space tree [ 201.039270][ T8470] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 201.049085][ T8470] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 201.062146][ T8470] BTRFS info (device loop0): checking UUID tree [pid 8469] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8469] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [ 201.093308][ T8470] BTRFS info (device loop0): balance: start -d -m [ 201.101664][ T8470] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 201.124520][ T8470] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8469] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8488]}, 88) = 8488 [pid 8469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8488 attached [pid 8469] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8488] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8469] <... futex resumed>) = 0 [pid 8488] <... rseq resumed>) = 0 [pid 8469] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8488] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8488] open(".", O_RDONLY) = 5 [pid 8488] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8469] <... futex resumed>) = 0 [pid 8469] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8469] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 201.187498][ T8470] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8488] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 8469] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8488] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8488] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8470] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8470] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8470] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8469] exit_group(0 [pid 8488] <... futex resumed>) = ? [pid 8488] +++ exited with 0 +++ [pid 8470] <... futex resumed>) = ? [pid 8469] <... exit_group resumed>) = ? [pid 8470] +++ exited with 0 +++ [pid 8469] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8469, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 [ 201.238583][ T8470] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 201.257132][ T8470] BTRFS info (device loop0): balance: ended with status: 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8489 attached [pid 8489] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8489] chdir("./171") = 0 [pid 8489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8489 [pid 8489] setpgid(0, 0) = 0 [pid 8489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8489] write(3, "1000", 4) = 4 [pid 8489] close(3) = 0 [pid 8489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8489] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8489] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8489] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8490 attached [pid 8490] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8489] <... clone3 resumed> => {parent_tid=[8490]}, 88) = 8490 [pid 8490] <... rseq resumed>) = 0 [pid 8489] rt_sigprocmask(SIG_SETMASK, [], [pid 8490] set_robust_list(0x7f0bd5e299a0, 24 [pid 8489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8490] <... set_robust_list resumed>) = 0 [pid 8489] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8489] <... futex resumed>) = 0 [pid 8490] memfd_create("syzkaller", 0 [pid 8489] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8490] <... memfd_create resumed>) = 3 [pid 8490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8490] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8490] close(3) = 0 [pid 8490] mkdir("./file0", 0777) = 0 [ 201.731071][ T8490] loop0: detected capacity change from 0 to 32768 [ 201.750402][ T8490] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8490) [ 201.766244][ T8490] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 201.775514][ T8490] BTRFS info (device loop0): force clearing of disk cache [ 201.782622][ T8490] BTRFS info (device loop0): setting nodatasum [ 201.788805][ T8490] BTRFS info (device loop0): allowing degraded mounts [ 201.795596][ T8490] BTRFS info (device loop0): enabling disk space caching [ 201.802605][ T8490] BTRFS info (device loop0): disk space caching is enabled [ 201.821374][ T8490] BTRFS info (device loop0): enabling ssd optimizations [ 201.828483][ T8490] BTRFS info (device loop0): auto enabling async discard [ 201.836436][ T8490] BTRFS info (device loop0): rebuilding free space tree [ 201.847615][ T8490] BTRFS info (device loop0): disabling free space tree [ 201.854631][ T8490] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 201.864694][ T8490] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8490] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8490] chdir("./file0") = 0 [pid 8490] ioctl(4, LOOP_CLR_FD) = 0 [pid 8490] close(4) = 0 [pid 8490] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8490] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8489] <... futex resumed>) = 0 [pid 8489] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8490] <... futex resumed>) = 0 [pid 8489] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8490] open("./file0", O_RDONLY) = 4 [ 201.877330][ T8490] BTRFS info (device loop0): checking UUID tree [pid 8490] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8489] <... futex resumed>) = 0 [pid 8490] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8489] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8490] <... futex resumed>) = 0 [pid 8489] <... futex resumed>) = 1 [pid 8490] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8489] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8490] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8489] <... futex resumed>) = 0 [pid 8490] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8489] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8489] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8489] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8489] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8508]}, 88) = 8508 [pid 8489] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8508 attached [ 201.952740][ T8490] BTRFS info (device loop0): balance: start -d -m [ 201.961490][ T8490] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 201.987195][ T8490] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8508] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8508] <... rseq resumed>) = 0 [pid 8508] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8508] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8489] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8508] <... futex resumed>) = 0 [pid 8508] open(".", O_RDONLY) = 5 [pid 8508] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8508] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8489] <... futex resumed>) = 1 [pid 8489] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 8489] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8508] <... futex resumed>) = 0 [pid 8489] <... futex resumed>) = 1 [pid 8508] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8489] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8508] <... ioctl resumed>) = 0 [pid 8508] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8489] <... futex resumed>) = 0 [ 202.031866][ T8490] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 202.059892][ T8490] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8508] <... futex resumed>) = 1 [pid 8508] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8490] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8490] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8489] exit_group(0 [pid 8490] <... futex resumed>) = ? [pid 8489] <... exit_group resumed>) = ? [pid 8490] +++ exited with 0 +++ [pid 8508] <... futex resumed>) = ? [pid 8508] +++ exited with 0 +++ [pid 8489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8489, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 202.081953][ T8490] BTRFS info (device loop0): balance: ended with status: 0 unlink("./171/binderfs") = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8509 attached , child_tidptr=0x5555570ad690) = 8509 [pid 8509] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8509] chdir("./172") = 0 [pid 8509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8509] setpgid(0, 0) = 0 [pid 8509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8509] write(3, "1000", 4) = 4 [pid 8509] close(3) = 0 [pid 8509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8509] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8509] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8509] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8509] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8509] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8510 attached [pid 8510] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8510] set_robust_list(0x7f0bd5e299a0, 24 [pid 8509] <... clone3 resumed> => {parent_tid=[8510]}, 88) = 8510 [pid 8510] <... set_robust_list resumed>) = 0 [pid 8509] rt_sigprocmask(SIG_SETMASK, [], [pid 8510] rt_sigprocmask(SIG_SETMASK, [], [pid 8509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8509] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8510] memfd_create("syzkaller", 0 [pid 8509] <... futex resumed>) = 0 [pid 8509] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8510] <... memfd_create resumed>) = 3 [pid 8510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8510] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8510] close(3) = 0 [pid 8510] mkdir("./file0", 0777) = 0 [ 202.612234][ T8510] loop0: detected capacity change from 0 to 32768 [ 202.627646][ T8510] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8510) [ 202.642933][ T8510] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 202.652372][ T8510] BTRFS info (device loop0): force clearing of disk cache [ 202.659637][ T8510] BTRFS info (device loop0): setting nodatasum [ 202.665891][ T8510] BTRFS info (device loop0): allowing degraded mounts [ 202.672683][ T8510] BTRFS info (device loop0): enabling disk space caching [ 202.679832][ T8510] BTRFS info (device loop0): disk space caching is enabled [ 202.698383][ T8510] BTRFS info (device loop0): enabling ssd optimizations [ 202.705500][ T8510] BTRFS info (device loop0): auto enabling async discard [pid 8510] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8510] chdir("./file0") = 0 [pid 8510] ioctl(4, LOOP_CLR_FD) = 0 [pid 8510] close(4) = 0 [ 202.713356][ T8510] BTRFS info (device loop0): rebuilding free space tree [ 202.724911][ T8510] BTRFS info (device loop0): disabling free space tree [ 202.731801][ T8510] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 202.741899][ T8510] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 202.755559][ T8510] BTRFS info (device loop0): checking UUID tree [pid 8510] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8509] <... futex resumed>) = 0 [pid 8509] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8510] open("./file0", O_RDONLY [pid 8509] <... futex resumed>) = 0 [pid 8510] <... open resumed>) = 4 [pid 8509] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8510] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8510] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8509] <... futex resumed>) = 0 [pid 8509] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8510] <... futex resumed>) = 0 [pid 8510] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8510] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8509] <... futex resumed>) = 1 [pid 8510] <... futex resumed>) = 0 [pid 8509] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8510] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8509] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8510] <... futex resumed>) = 0 [pid 8509] <... futex resumed>) = 1 [pid 8510] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8509] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8509] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8509] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8509] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8528]}, 88) = 8528 [pid 8509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8509] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8509] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8528 attached [pid 8528] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8528] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8528] open(".", O_RDONLY) = 5 [pid 8528] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8509] <... futex resumed>) = 0 [pid 8528] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8509] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8528] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8509] <... futex resumed>) = 0 [ 202.848420][ T8510] BTRFS info (device loop0): balance: start -d -m [ 202.857904][ T8510] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 202.886162][ T8510] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8509] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8528] <... ioctl resumed>) = 0 [pid 8528] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8509] <... futex resumed>) = 0 [pid 8528] <... futex resumed>) = 1 [pid 8528] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8510] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8510] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8510] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8509] exit_group(0 [pid 8510] <... futex resumed>) = ? [pid 8510] +++ exited with 0 +++ [pid 8509] <... exit_group resumed>) = ? [pid 8528] <... futex resumed>) = ? [pid 8528] +++ exited with 0 +++ [pid 8509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8509, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 202.938415][ T8510] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 202.959499][ T8510] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 202.977281][ T8510] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8529 attached , child_tidptr=0x5555570ad690) = 8529 [pid 8529] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8529] chdir("./173") = 0 [pid 8529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8529] setpgid(0, 0) = 0 [pid 8529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8529] write(3, "1000", 4) = 4 [pid 8529] close(3) = 0 [pid 8529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8529] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8529] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8529] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8530 attached => {parent_tid=[8530]}, 88) = 8530 [pid 8529] rt_sigprocmask(SIG_SETMASK, [], [pid 8530] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8529] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8530] <... rseq resumed>) = 0 [pid 8530] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8530] memfd_create("syzkaller", 0) = 3 [pid 8529] <... futex resumed>) = 0 [pid 8530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 8529] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8530] <... mmap resumed>) = 0x7f0bcda09000 [pid 8530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8530] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8530] close(3) = 0 [pid 8530] mkdir("./file0", 0777) = 0 [ 203.500124][ T8530] loop0: detected capacity change from 0 to 32768 [ 203.514237][ T8530] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8530) [ 203.529325][ T8530] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 203.538647][ T8530] BTRFS info (device loop0): force clearing of disk cache [ 203.545816][ T8530] BTRFS info (device loop0): setting nodatasum [ 203.551961][ T8530] BTRFS info (device loop0): allowing degraded mounts [ 203.558764][ T8530] BTRFS info (device loop0): enabling disk space caching [ 203.565831][ T8530] BTRFS info (device loop0): disk space caching is enabled [ 203.585068][ T8530] BTRFS info (device loop0): enabling ssd optimizations [ 203.592039][ T8530] BTRFS info (device loop0): auto enabling async discard [pid 8530] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8530] chdir("./file0") = 0 [pid 8530] ioctl(4, LOOP_CLR_FD) = 0 [pid 8530] close(4) = 0 [ 203.600001][ T8530] BTRFS info (device loop0): rebuilding free space tree [ 203.611242][ T8530] BTRFS info (device loop0): disabling free space tree [ 203.618269][ T8530] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 203.627943][ T8530] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 203.640447][ T8530] BTRFS info (device loop0): checking UUID tree [pid 8530] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8529] <... futex resumed>) = 0 [pid 8530] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8529] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8529] <... futex resumed>) = 0 [pid 8530] open("./file0", O_RDONLY [pid 8529] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8530] <... open resumed>) = 4 [pid 8530] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8530] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8529] <... futex resumed>) = 0 [pid 8529] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8530] <... futex resumed>) = 0 [pid 8529] <... futex resumed>) = 1 [pid 8529] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8530] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8530] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8529] <... futex resumed>) = 0 [pid 8530] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8529] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8529] <... futex resumed>) = 0 [pid 8530] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8529] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8529] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8529] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8548 attached [pid 8548] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8529] <... clone3 resumed> => {parent_tid=[8548]}, 88) = 8548 [pid 8529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8548] <... rseq resumed>) = 0 [pid 8548] set_robust_list(0x7f0bd5e089a0, 24 [pid 8529] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8548] <... set_robust_list resumed>) = 0 [pid 8529] <... futex resumed>) = 0 [pid 8548] rt_sigprocmask(SIG_SETMASK, [], [pid 8529] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8548] open(".", O_RDONLY) = 5 [ 203.753210][ T8530] BTRFS info (device loop0): balance: start -d -m [ 203.763067][ T8530] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 203.786871][ T8530] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8548] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8548] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8529] <... futex resumed>) = 0 [pid 8548] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8529] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8548] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8529] <... futex resumed>) = 0 [pid 8529] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8548] <... ioctl resumed>) = 0 [pid 8548] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8529] <... futex resumed>) = 0 [pid 8548] <... futex resumed>) = 1 [ 203.821469][ T8530] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 203.855526][ T8530] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8548] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8530] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8530] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8530] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8529] exit_group(0 [pid 8548] <... futex resumed>) = ? [pid 8530] <... futex resumed>) = ? [pid 8530] +++ exited with 0 +++ [pid 8529] <... exit_group resumed>) = ? [pid 8548] +++ exited with 0 +++ [pid 8529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8529, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 203.872438][ T8530] BTRFS info (device loop0): balance: ended with status: 0 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8549 attached , child_tidptr=0x5555570ad690) = 8549 [pid 8549] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8549] chdir("./174") = 0 [pid 8549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8549] setpgid(0, 0) = 0 [pid 8549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8549] write(3, "1000", 4) = 4 [pid 8549] close(3) = 0 [pid 8549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8549] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8549] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8549] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8549] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8550 attached [pid 8550] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8549] <... clone3 resumed> => {parent_tid=[8550]}, 88) = 8550 [pid 8550] <... rseq resumed>) = 0 [pid 8549] rt_sigprocmask(SIG_SETMASK, [], [pid 8550] set_robust_list(0x7f0bd5e299a0, 24 [pid 8549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8550] <... set_robust_list resumed>) = 0 [pid 8549] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8550] rt_sigprocmask(SIG_SETMASK, [], [pid 8549] <... futex resumed>) = 0 [pid 8550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8549] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8550] memfd_create("syzkaller", 0) = 3 [pid 8550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8550] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8550] close(3) = 0 [pid 8550] mkdir("./file0", 0777) = 0 [ 204.340565][ T8550] loop0: detected capacity change from 0 to 32768 [ 204.354495][ T8550] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8550) [ 204.370824][ T8550] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 204.380219][ T8550] BTRFS info (device loop0): force clearing of disk cache [pid 8550] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8550] chdir("./file0") = 0 [pid 8550] ioctl(4, LOOP_CLR_FD) = 0 [ 204.387436][ T8550] BTRFS info (device loop0): setting nodatasum [ 204.393685][ T8550] BTRFS info (device loop0): allowing degraded mounts [ 204.400524][ T8550] BTRFS info (device loop0): enabling disk space caching [pid 8550] close(4) = 0 [pid 8550] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8550] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8549] <... futex resumed>) = 0 [pid 8549] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8550] <... futex resumed>) = 0 [pid 8549] <... futex resumed>) = 1 [pid 8550] open("./file0", O_RDONLY [pid 8549] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8550] <... open resumed>) = 4 [pid 8550] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8549] <... futex resumed>) = 0 [pid 8550] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8549] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8549] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8550] <... ioctl resumed>) = 0 [pid 8550] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8549] <... futex resumed>) = 0 [pid 8550] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8549] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8550] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8549] <... futex resumed>) = 0 [pid 8550] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8549] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8549] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8549] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8568 attached => {parent_tid=[8568]}, 88) = 8568 [pid 8568] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8549] rt_sigprocmask(SIG_SETMASK, [], [pid 8568] <... rseq resumed>) = 0 [pid 8549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8549] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8568] set_robust_list(0x7f0bd5e089a0, 24 [pid 8549] <... futex resumed>) = 0 [pid 8568] <... set_robust_list resumed>) = 0 [pid 8549] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8568] open(".", O_RDONLY) = 5 [pid 8568] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8549] <... futex resumed>) = 0 [pid 8568] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8549] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8568] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8549] <... futex resumed>) = 0 [pid 8568] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8549] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8568] <... ioctl resumed>) = 0 [pid 8568] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8549] <... futex resumed>) = 0 [pid 8568] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8550] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8550] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8549] exit_group(0 [pid 8568] <... futex resumed>) = ? [pid 8549] <... exit_group resumed>) = ? [pid 8568] +++ exited with 0 +++ [pid 8550] +++ exited with 0 +++ [pid 8549] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8549, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8569 attached , child_tidptr=0x5555570ad690) = 8569 [pid 8569] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8569] chdir("./175") = 0 [pid 8569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8569] setpgid(0, 0) = 0 [pid 8569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8569] write(3, "1000", 4) = 4 [pid 8569] close(3) = 0 [pid 8569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8569] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8569] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8569] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8570 attached => {parent_tid=[8570]}, 88) = 8570 [pid 8569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8570] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8569] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8570] set_robust_list(0x7f0bd5e299a0, 24 [pid 8569] <... futex resumed>) = 0 [pid 8570] <... set_robust_list resumed>) = 0 [pid 8569] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8570] memfd_create("syzkaller", 0) = 3 [pid 8570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8570] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8570] close(3) = 0 [pid 8570] mkdir("./file0", 0777) = 0 [ 205.101892][ T8570] loop0: detected capacity change from 0 to 32768 [ 205.125683][ T8570] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8570) [ 205.154095][ T8570] _btrfs_printk: 20 callbacks suppressed [ 205.154107][ T8570] BTRFS info (device loop0): enabling ssd optimizations [ 205.166753][ T8570] BTRFS info (device loop0): auto enabling async discard [ 205.175074][ T8570] BTRFS info (device loop0): rebuilding free space tree [ 205.186269][ T8570] BTRFS info (device loop0): disabling free space tree [ 205.193176][ T8570] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 8570] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8570] chdir("./file0") = 0 [pid 8570] ioctl(4, LOOP_CLR_FD) = 0 [pid 8570] close(4) = 0 [pid 8570] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8570] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8569] <... futex resumed>) = 0 [pid 8570] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 205.202960][ T8570] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 205.215849][ T8570] BTRFS info (device loop0): checking UUID tree [pid 8569] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8570] open("./file0", O_RDONLY [pid 8569] <... futex resumed>) = 0 [pid 8570] <... open resumed>) = 4 [pid 8569] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8570] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8569] <... futex resumed>) = 0 [pid 8569] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8570] <... futex resumed>) = 1 [pid 8569] <... futex resumed>) = 0 [pid 8570] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8569] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8570] <... ioctl resumed>) = 0 [pid 8570] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8570] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8569] <... futex resumed>) = 0 [pid 8569] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8570] <... futex resumed>) = 0 [pid 8569] <... futex resumed>) = 1 [pid 8570] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8569] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8569] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8569] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8588]}, 88) = 8588 [pid 8569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8569] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 8588 attached [pid 8569] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8588] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8588] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8588] open(".", O_RDONLY) = 5 [pid 8588] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8569] <... futex resumed>) = 0 [pid 8569] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8588] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8569] <... futex resumed>) = 0 [ 205.298799][ T8570] BTRFS info (device loop0): balance: start -d -m [ 205.306741][ T8570] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 205.329607][ T8570] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8569] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8588] <... ioctl resumed>) = 0 [pid 8588] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8569] <... futex resumed>) = 0 [pid 8588] <... futex resumed>) = 1 [pid 8588] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8570] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8570] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8570] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8569] exit_group(0 [pid 8588] <... futex resumed>) = ? [pid 8569] <... exit_group resumed>) = ? [pid 8588] +++ exited with 0 +++ [pid 8570] <... futex resumed>) = ? [pid 8570] +++ exited with 0 +++ [pid 8569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8569, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 205.389831][ T8570] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 205.412071][ T8570] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 205.429761][ T8570] BTRFS info (device loop0): balance: ended with status: 0 umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8589 attached , child_tidptr=0x5555570ad690) = 8589 [pid 8589] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8589] chdir("./176") = 0 [pid 8589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8589] setpgid(0, 0) = 0 [pid 8589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8589] write(3, "1000", 4) = 4 [pid 8589] close(3) = 0 [pid 8589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8589] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8589] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8589] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8589] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8589] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8590 attached [pid 8590] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8589] <... clone3 resumed> => {parent_tid=[8590]}, 88) = 8590 [pid 8590] set_robust_list(0x7f0bd5e299a0, 24 [pid 8589] rt_sigprocmask(SIG_SETMASK, [], [pid 8590] <... set_robust_list resumed>) = 0 [pid 8589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8590] rt_sigprocmask(SIG_SETMASK, [], [pid 8589] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8589] <... futex resumed>) = 0 [pid 8590] memfd_create("syzkaller", 0 [pid 8589] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8590] <... memfd_create resumed>) = 3 [pid 8590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8590] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8590] close(3) = 0 [pid 8590] mkdir("./file0", 0777) = 0 [ 206.027865][ T8590] loop0: detected capacity change from 0 to 32768 [ 206.037654][ T8590] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8590) [ 206.052604][ T8590] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 206.061998][ T8590] BTRFS info (device loop0): force clearing of disk cache [ 206.069163][ T8590] BTRFS info (device loop0): setting nodatasum [ 206.075353][ T8590] BTRFS info (device loop0): allowing degraded mounts [ 206.082130][ T8590] BTRFS info (device loop0): enabling disk space caching [ 206.089198][ T8590] BTRFS info (device loop0): disk space caching is enabled [ 206.108679][ T8590] BTRFS info (device loop0): enabling ssd optimizations [ 206.115851][ T8590] BTRFS info (device loop0): auto enabling async discard [pid 8590] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8590] chdir("./file0") = 0 [pid 8590] ioctl(4, LOOP_CLR_FD) = 0 [pid 8590] close(4) = 0 [pid 8590] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8589] <... futex resumed>) = 0 [pid 8589] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8590] open("./file0", O_RDONLY [pid 8589] <... futex resumed>) = 0 [pid 8590] <... open resumed>) = 4 [ 206.123956][ T8590] BTRFS info (device loop0): rebuilding free space tree [ 206.134635][ T8590] BTRFS info (device loop0): disabling free space tree [ 206.141784][ T8590] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 206.151880][ T8590] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 206.164479][ T8590] BTRFS info (device loop0): checking UUID tree [pid 8589] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8590] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8590] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8589] <... futex resumed>) = 0 [pid 8589] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8590] <... futex resumed>) = 0 [pid 8589] <... futex resumed>) = 1 [pid 8590] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8589] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8590] <... ioctl resumed>) = 0 [pid 8590] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8589] <... futex resumed>) = 0 [pid 8589] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8590] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8589] <... futex resumed>) = 0 [pid 8589] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8589] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8589] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8589] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8608 attached [pid 8608] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8608] set_robust_list(0x7f0bd5e089a0, 24 [pid 8589] <... clone3 resumed> => {parent_tid=[8608]}, 88) = 8608 [pid 8608] <... set_robust_list resumed>) = 0 [pid 8608] rt_sigprocmask(SIG_SETMASK, [], [pid 8589] rt_sigprocmask(SIG_SETMASK, [], [pid 8608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8608] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8589] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8608] <... futex resumed>) = 0 [pid 8589] <... futex resumed>) = 1 [pid 8608] open(".", O_RDONLY [pid 8589] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8608] <... open resumed>) = 5 [pid 8608] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8589] <... futex resumed>) = 0 [pid 8608] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8589] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8589] <... futex resumed>) = 0 [pid 8608] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 206.242562][ T8590] BTRFS info (device loop0): balance: start -d -m [ 206.253199][ T8590] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 206.277053][ T8590] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8589] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8608] <... ioctl resumed>) = 0 [pid 8608] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8589] <... futex resumed>) = 0 [pid 8608] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8590] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8590] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8590] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8589] exit_group(0 [pid 8590] <... futex resumed>) = ? [pid 8589] <... exit_group resumed>) = ? [pid 8608] <... futex resumed>) = ? [pid 8590] +++ exited with 0 +++ [pid 8608] +++ exited with 0 +++ [pid 8589] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8589, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 206.351252][ T8590] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 206.371542][ T8590] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 206.389297][ T8590] BTRFS info (device loop0): balance: ended with status: 0 umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8609 attached , child_tidptr=0x5555570ad690) = 8609 [pid 8609] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8609] chdir("./177") = 0 [pid 8609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8609] setpgid(0, 0) = 0 [pid 8609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8609] write(3, "1000", 4) = 4 [pid 8609] close(3) = 0 [pid 8609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8609] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8609] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8609] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8609] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8610 attached [pid 8610] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8609] <... clone3 resumed> => {parent_tid=[8610]}, 88) = 8610 [pid 8610] set_robust_list(0x7f0bd5e299a0, 24 [pid 8609] rt_sigprocmask(SIG_SETMASK, [], [pid 8610] <... set_robust_list resumed>) = 0 [pid 8609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8610] rt_sigprocmask(SIG_SETMASK, [], [pid 8609] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8610] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8609] <... futex resumed>) = 0 [pid 8610] memfd_create("syzkaller", 0 [pid 8609] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8610] <... memfd_create resumed>) = 3 [pid 8610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8610] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8610] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8610] close(3) = 0 [pid 8610] mkdir("./file0", 0777) = 0 [ 206.836171][ T8610] loop0: detected capacity change from 0 to 32768 [ 206.845783][ T8610] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8610) [ 206.861590][ T8610] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 206.871138][ T8610] BTRFS info (device loop0): force clearing of disk cache [ 206.878601][ T8610] BTRFS info (device loop0): setting nodatasum [ 206.884838][ T8610] BTRFS info (device loop0): allowing degraded mounts [ 206.891639][ T8610] BTRFS info (device loop0): enabling disk space caching [ 206.898785][ T8610] BTRFS info (device loop0): disk space caching is enabled [ 206.918722][ T8610] BTRFS info (device loop0): enabling ssd optimizations [ 206.925739][ T8610] BTRFS info (device loop0): auto enabling async discard [pid 8610] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8610] chdir("./file0") = 0 [pid 8610] ioctl(4, LOOP_CLR_FD) = 0 [pid 8610] close(4) = 0 [pid 8610] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8609] <... futex resumed>) = 0 [pid 8610] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8609] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8609] <... futex resumed>) = 0 [ 206.933507][ T8610] BTRFS info (device loop0): rebuilding free space tree [ 206.944565][ T8610] BTRFS info (device loop0): disabling free space tree [ 206.951460][ T8610] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 206.961142][ T8610] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 206.973771][ T8610] BTRFS info (device loop0): checking UUID tree [pid 8609] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8610] open("./file0", O_RDONLY) = 4 [pid 8610] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8609] <... futex resumed>) = 0 [pid 8609] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8610] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8609] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8610] <... ioctl resumed>) = 0 [pid 8610] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8609] <... futex resumed>) = 0 [pid 8609] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8610] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8609] <... futex resumed>) = 0 [pid 8609] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8609] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8609] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8628 attached [pid 8628] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8609] <... clone3 resumed> => {parent_tid=[8628]}, 88) = 8628 [pid 8628] <... rseq resumed>) = 0 [pid 8609] rt_sigprocmask(SIG_SETMASK, [], [pid 8628] set_robust_list(0x7f0bd5e089a0, 24 [pid 8609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8628] <... set_robust_list resumed>) = 0 [pid 8609] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8609] <... futex resumed>) = 0 [pid 8628] open(".", O_RDONLY [pid 8609] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8628] <... open resumed>) = 5 [pid 8628] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8609] <... futex resumed>) = 0 [pid 8628] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8609] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8609] <... futex resumed>) = 0 [pid 8628] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 207.038032][ T8610] BTRFS info (device loop0): balance: start -d -m [ 207.046749][ T8610] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 207.070987][ T8610] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8609] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8628] <... ioctl resumed>) = 0 [pid 8609] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8628] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 207.132430][ T8610] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 207.161692][ T8610] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8628] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8610] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8610] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8610] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8609] exit_group(0 [pid 8628] <... futex resumed>) = ? [pid 8610] <... futex resumed>) = ? [pid 8609] <... exit_group resumed>) = ? [pid 8628] +++ exited with 0 +++ [pid 8610] +++ exited with 0 +++ [pid 8609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8609, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 207.179665][ T8610] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8629 attached , child_tidptr=0x5555570ad690) = 8629 [pid 8629] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8629] chdir("./178") = 0 [pid 8629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8629] setpgid(0, 0) = 0 [pid 8629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8629] write(3, "1000", 4) = 4 [pid 8629] close(3) = 0 [pid 8629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8629] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8629] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8629] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8629] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8629] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8629] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8630 attached [pid 8630] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8629] <... clone3 resumed> => {parent_tid=[8630]}, 88) = 8630 [pid 8630] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8629] rt_sigprocmask(SIG_SETMASK, [], [pid 8630] rt_sigprocmask(SIG_SETMASK, [], [pid 8629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8629] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8630] memfd_create("syzkaller", 0 [pid 8629] <... futex resumed>) = 0 [pid 8629] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8630] <... memfd_create resumed>) = 3 [pid 8630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8630] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8630] close(3) = 0 [pid 8630] mkdir("./file0", 0777) = 0 [ 207.738785][ T8630] loop0: detected capacity change from 0 to 32768 [ 207.758918][ T8630] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8630) [ 207.775145][ T8630] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 207.784428][ T8630] BTRFS info (device loop0): force clearing of disk cache [ 207.791529][ T8630] BTRFS info (device loop0): setting nodatasum [ 207.797801][ T8630] BTRFS info (device loop0): allowing degraded mounts [ 207.804701][ T8630] BTRFS info (device loop0): enabling disk space caching [ 207.811738][ T8630] BTRFS info (device loop0): disk space caching is enabled [ 207.832893][ T8630] BTRFS info (device loop0): enabling ssd optimizations [ 207.840003][ T8630] BTRFS info (device loop0): auto enabling async discard [ 207.848034][ T8630] BTRFS info (device loop0): rebuilding free space tree [ 207.858784][ T8630] BTRFS info (device loop0): disabling free space tree [ 207.865944][ T8630] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 207.875835][ T8630] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8630] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8630] chdir("./file0") = 0 [pid 8630] ioctl(4, LOOP_CLR_FD) = 0 [pid 8630] close(4) = 0 [pid 8630] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8629] <... futex resumed>) = 0 [pid 8630] open("./file0", O_RDONLY [pid 8629] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8630] <... open resumed>) = 4 [pid 8629] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8630] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8629] <... futex resumed>) = 0 [pid 8630] <... futex resumed>) = 1 [pid 8629] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8630] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8629] <... futex resumed>) = 0 [pid 8630] <... ioctl resumed>) = 0 [ 207.889014][ T8630] BTRFS info (device loop0): checking UUID tree [pid 8629] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8630] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8629] <... futex resumed>) = 0 [pid 8630] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8629] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8630] <... futex resumed>) = 0 [pid 8629] <... futex resumed>) = 1 [pid 8630] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8629] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8629] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8629] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8629] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8629] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8648 attached => {parent_tid=[8648]}, 88) = 8648 [pid 8648] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8629] rt_sigprocmask(SIG_SETMASK, [], [pid 8648] <... rseq resumed>) = 0 [pid 8629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8648] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8629] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8629] <... futex resumed>) = 0 [pid 8629] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8648] open(".", O_RDONLY) = 5 [ 207.985038][ T8630] BTRFS info (device loop0): balance: start -d -m [ 207.995203][ T8630] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 208.018185][ T8630] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8648] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8629] <... futex resumed>) = 0 [pid 8648] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8629] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8648] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8648] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8629] <... futex resumed>) = 0 [pid 8629] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8648] <... ioctl resumed>) = 0 [pid 8648] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8648] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8629] <... futex resumed>) = 0 [ 208.055605][ T8630] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 208.088577][ T8630] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8630] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8630] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8629] exit_group(0 [pid 8648] <... futex resumed>) = ? [pid 8630] <... futex resumed>) = ? [pid 8629] <... exit_group resumed>) = ? [pid 8648] +++ exited with 0 +++ [pid 8630] +++ exited with 0 +++ [pid 8629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8629, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=33 /* 0.33 s */} --- umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 208.106678][ T8630] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8649 attached [pid 8649] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8649] chdir("./179") = 0 [pid 8649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8649 [pid 8649] setpgid(0, 0) = 0 [pid 8649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8649] write(3, "1000", 4) = 4 [pid 8649] close(3) = 0 [pid 8649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8649] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8649] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8649] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8650 attached [pid 8650] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8649] <... clone3 resumed> => {parent_tid=[8650]}, 88) = 8650 [pid 8650] set_robust_list(0x7f0bd5e299a0, 24 [pid 8649] rt_sigprocmask(SIG_SETMASK, [], [pid 8650] <... set_robust_list resumed>) = 0 [pid 8649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8650] rt_sigprocmask(SIG_SETMASK, [], [pid 8649] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8649] <... futex resumed>) = 0 [pid 8650] memfd_create("syzkaller", 0 [pid 8649] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8650] <... memfd_create resumed>) = 3 [pid 8650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8650] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8650] close(3) = 0 [pid 8650] mkdir("./file0", 0777) = 0 [ 208.677548][ T8650] loop0: detected capacity change from 0 to 32768 [ 208.692687][ T8650] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8650) [ 208.708851][ T8650] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 208.718181][ T8650] BTRFS info (device loop0): force clearing of disk cache [ 208.725337][ T8650] BTRFS info (device loop0): setting nodatasum [ 208.731481][ T8650] BTRFS info (device loop0): allowing degraded mounts [ 208.738557][ T8650] BTRFS info (device loop0): enabling disk space caching [ 208.745739][ T8650] BTRFS info (device loop0): disk space caching is enabled [ 208.763865][ T8650] BTRFS info (device loop0): enabling ssd optimizations [ 208.770834][ T8650] BTRFS info (device loop0): auto enabling async discard [pid 8650] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8650] chdir("./file0") = 0 [pid 8650] ioctl(4, LOOP_CLR_FD) = 0 [pid 8650] close(4) = 0 [pid 8650] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8649] <... futex resumed>) = 0 [pid 8650] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8649] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8650] <... futex resumed>) = 0 [pid 8649] <... futex resumed>) = 1 [pid 8650] open("./file0", O_RDONLY [pid 8649] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8650] <... open resumed>) = 4 [pid 8650] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8650] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8649] <... futex resumed>) = 0 [pid 8649] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8650] <... futex resumed>) = 0 [pid 8649] <... futex resumed>) = 1 [pid 8650] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8649] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8650] <... ioctl resumed>) = 0 [ 208.778887][ T8650] BTRFS info (device loop0): rebuilding free space tree [ 208.789610][ T8650] BTRFS info (device loop0): disabling free space tree [ 208.796574][ T8650] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 208.806274][ T8650] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 208.818882][ T8650] BTRFS info (device loop0): checking UUID tree [pid 8650] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8649] <... futex resumed>) = 0 [pid 8650] <... futex resumed>) = 1 [pid 8649] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8650] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8649] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8649] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8649] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8668]}, 88) = 8668 [pid 8649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 8668 attached [pid 8668] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8649] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8668] <... rseq resumed>) = 0 [pid 8668] set_robust_list(0x7f0bd5e089a0, 24 [pid 8649] <... futex resumed>) = 0 [pid 8649] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8668] <... set_robust_list resumed>) = 0 [pid 8668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8668] open(".", O_RDONLY) = 5 [pid 8668] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8649] <... futex resumed>) = 0 [pid 8649] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8668] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8649] <... futex resumed>) = 0 [ 208.875319][ T8650] BTRFS info (device loop0): balance: start -d -m [ 208.885998][ T8650] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 208.907585][ T8650] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8649] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8668] <... ioctl resumed>) = 0 [pid 8668] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8649] <... futex resumed>) = 0 [ 208.967345][ T8650] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 209.001630][ T8650] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8668] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8650] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8650] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8649] exit_group(0 [pid 8668] <... futex resumed>) = ? [pid 8649] <... exit_group resumed>) = ? [pid 8668] +++ exited with 0 +++ [pid 8650] +++ exited with 0 +++ [pid 8649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8649, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 [ 209.021309][ T8650] BTRFS info (device loop0): balance: ended with status: 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8669 attached , child_tidptr=0x5555570ad690) = 8669 [pid 8669] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8669] chdir("./180") = 0 [pid 8669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8669] setpgid(0, 0) = 0 [pid 8669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8669] write(3, "1000", 4) = 4 [pid 8669] close(3) = 0 [pid 8669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8669] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8669] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8669] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8669] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8670 attached => {parent_tid=[8670]}, 88) = 8670 [pid 8669] rt_sigprocmask(SIG_SETMASK, [], [pid 8670] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8670] <... rseq resumed>) = 0 [pid 8669] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8670] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8669] <... futex resumed>) = 0 [pid 8670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8669] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8670] memfd_create("syzkaller", 0) = 3 [pid 8670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8670] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8670] close(3) = 0 [pid 8670] mkdir("./file0", 0777) = 0 [ 209.466206][ T8670] loop0: detected capacity change from 0 to 32768 [ 209.480169][ T8670] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8670) [ 209.495466][ T8670] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 209.504752][ T8670] BTRFS info (device loop0): force clearing of disk cache [ 209.511859][ T8670] BTRFS info (device loop0): setting nodatasum [ 209.518138][ T8670] BTRFS info (device loop0): allowing degraded mounts [ 209.525788][ T8670] BTRFS info (device loop0): enabling disk space caching [ 209.533096][ T8670] BTRFS info (device loop0): disk space caching is enabled [ 209.553701][ T8670] BTRFS info (device loop0): enabling ssd optimizations [pid 8670] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8670] chdir("./file0") = 0 [pid 8670] ioctl(4, LOOP_CLR_FD) = 0 [pid 8670] close(4) = 0 [pid 8670] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8669] <... futex resumed>) = 0 [pid 8670] open("./file0", O_RDONLY [pid 8669] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8670] <... open resumed>) = 4 [pid 8669] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8670] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8669] <... futex resumed>) = 0 [pid 8670] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8669] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8670] <... ioctl resumed>) = 0 [pid 8669] <... futex resumed>) = 0 [ 209.560992][ T8670] BTRFS info (device loop0): auto enabling async discard [ 209.570766][ T8670] BTRFS info (device loop0): rebuilding free space tree [ 209.581565][ T8670] BTRFS info (device loop0): disabling free space tree [ 209.588555][ T8670] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 8669] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8670] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8670] <... futex resumed>) = 0 [pid 8669] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8670] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8669] <... futex resumed>) = 0 [pid 8669] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8669] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8669] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8687 attached [pid 8687] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8669] <... clone3 resumed> => {parent_tid=[8687]}, 88) = 8687 [pid 8669] rt_sigprocmask(SIG_SETMASK, [], [pid 8687] <... rseq resumed>) = 0 [pid 8670] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8687] set_robust_list(0x7f0bd5e089a0, 24 [pid 8670] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8669] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8687] <... set_robust_list resumed>) = 0 [pid 8687] rt_sigprocmask(SIG_SETMASK, [], [pid 8669] <... futex resumed>) = 0 [pid 8687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8687] open(".", O_RDONLY [pid 8670] <... futex resumed>) = 0 [pid 8669] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8687] <... open resumed>) = 5 [pid 8670] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8687] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8669] <... futex resumed>) = 0 [pid 8669] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8687] <... futex resumed>) = 1 [pid 8670] <... futex resumed>) = 0 [pid 8669] <... futex resumed>) = 1 [pid 8687] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8670] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8669] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8670] <... ioctl resumed>) = 0 [pid 8670] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8669] <... futex resumed>) = 0 [pid 8670] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8669] exit_group(0 [pid 8687] <... futex resumed>) = ? [pid 8669] <... exit_group resumed>) = ? [pid 8670] <... futex resumed>) = ? [pid 8670] +++ exited with 0 +++ [pid 8687] +++ exited with 0 +++ [pid 8669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8669, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8688 attached [pid 8688] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8688] chdir("./181") = 0 [pid 8688] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8688 [pid 8688] <... prctl resumed>) = 0 [pid 8688] setpgid(0, 0) = 0 [pid 8688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8688] write(3, "1000", 4) = 4 [pid 8688] close(3) = 0 [pid 8688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8688] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8688] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8688] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8688] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8689 attached [pid 8689] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8688] <... clone3 resumed> => {parent_tid=[8689]}, 88) = 8689 [pid 8689] set_robust_list(0x7f0bd5e299a0, 24 [pid 8688] rt_sigprocmask(SIG_SETMASK, [], [pid 8689] <... set_robust_list resumed>) = 0 [pid 8688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8689] rt_sigprocmask(SIG_SETMASK, [], [pid 8688] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8688] <... futex resumed>) = 0 [pid 8689] memfd_create("syzkaller", 0 [pid 8688] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8689] <... memfd_create resumed>) = 3 [pid 8689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8689] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8689] close(3) = 0 [pid 8689] mkdir("./file0", 0777) = 0 [ 210.244872][ T8689] loop0: detected capacity change from 0 to 32768 [ 210.261289][ T8689] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8689) [ 210.276753][ T8689] _btrfs_printk: 8 callbacks suppressed [ 210.276768][ T8689] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 210.291608][ T8689] BTRFS info (device loop0): force clearing of disk cache [ 210.298808][ T8689] BTRFS info (device loop0): setting nodatasum [ 210.305022][ T8689] BTRFS info (device loop0): allowing degraded mounts [ 210.311803][ T8689] BTRFS info (device loop0): enabling disk space caching [ 210.318875][ T8689] BTRFS info (device loop0): disk space caching is enabled [ 210.338258][ T8689] BTRFS info (device loop0): enabling ssd optimizations [ 210.345274][ T8689] BTRFS info (device loop0): auto enabling async discard [ 210.353084][ T8689] BTRFS info (device loop0): rebuilding free space tree [ 210.364454][ T8689] BTRFS info (device loop0): disabling free space tree [ 210.371344][ T8689] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 210.381022][ T8689] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8689] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8689] chdir("./file0") = 0 [pid 8689] ioctl(4, LOOP_CLR_FD) = 0 [ 210.393615][ T8689] BTRFS info (device loop0): checking UUID tree [pid 8689] close(4) = 0 [pid 8689] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8688] <... futex resumed>) = 0 [pid 8689] <... futex resumed>) = 1 [pid 8688] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8689] open("./file0", O_RDONLY [pid 8688] <... futex resumed>) = 0 [pid 8688] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8689] <... open resumed>) = 4 [pid 8689] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8688] <... futex resumed>) = 0 [pid 8688] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8689] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8688] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8689] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8688] <... futex resumed>) = 0 [pid 8689] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8688] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8689] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8689] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8688] <... futex resumed>) = 0 [pid 8688] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8688] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8688] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8707 attached => {parent_tid=[8707]}, 88) = 8707 [pid 8688] rt_sigprocmask(SIG_SETMASK, [], [pid 8707] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8707] set_robust_list(0x7f0bd5e089a0, 24 [pid 8688] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8707] <... set_robust_list resumed>) = 0 [pid 8688] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8707] open(".", O_RDONLY) = 5 [pid 8707] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8688] <... futex resumed>) = 0 [pid 8688] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8707] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8688] <... futex resumed>) = 0 [ 210.455549][ T8689] BTRFS info (device loop0): balance: start -d -m [ 210.463355][ T8689] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 210.484253][ T8689] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8688] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8707] <... ioctl resumed>) = 0 [pid 8707] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8707] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8688] <... futex resumed>) = 0 [ 210.563432][ T8689] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 210.596224][ T8689] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8689] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8689] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8688] exit_group(0 [pid 8707] <... futex resumed>) = ? [pid 8689] <... futex resumed>) = ? [pid 8688] <... exit_group resumed>) = ? [pid 8707] +++ exited with 0 +++ [pid 8689] +++ exited with 0 +++ [pid 8688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8688, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 210.613566][ T8689] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8708 attached , child_tidptr=0x5555570ad690) = 8708 [pid 8708] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8708] chdir("./182") = 0 [pid 8708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8708] setpgid(0, 0) = 0 [pid 8708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8708] write(3, "1000", 4) = 4 [pid 8708] close(3) = 0 [pid 8708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8708] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8708] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8708] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8709 attached [pid 8709] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8708] <... clone3 resumed> => {parent_tid=[8709]}, 88) = 8709 [pid 8709] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8708] rt_sigprocmask(SIG_SETMASK, [], [pid 8709] rt_sigprocmask(SIG_SETMASK, [], [pid 8708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8708] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8709] memfd_create("syzkaller", 0 [pid 8708] <... futex resumed>) = 0 [pid 8708] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8709] <... memfd_create resumed>) = 3 [pid 8709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8709] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8709] close(3) = 0 [pid 8709] mkdir("./file0", 0777) = 0 [ 211.119950][ T8709] loop0: detected capacity change from 0 to 32768 [ 211.139786][ T8709] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8709) [ 211.155892][ T8709] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 211.165175][ T8709] BTRFS info (device loop0): force clearing of disk cache [ 211.172278][ T8709] BTRFS info (device loop0): setting nodatasum [ 211.178494][ T8709] BTRFS info (device loop0): allowing degraded mounts [ 211.185369][ T8709] BTRFS info (device loop0): enabling disk space caching [ 211.192382][ T8709] BTRFS info (device loop0): disk space caching is enabled [ 211.211226][ T8709] BTRFS info (device loop0): enabling ssd optimizations [ 211.218253][ T8709] BTRFS info (device loop0): auto enabling async discard [ 211.226191][ T8709] BTRFS info (device loop0): rebuilding free space tree [ 211.238633][ T8709] BTRFS info (device loop0): disabling free space tree [ 211.245778][ T8709] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 211.255485][ T8709] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8709] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8709] chdir("./file0") = 0 [pid 8709] ioctl(4, LOOP_CLR_FD) = 0 [pid 8709] close(4) = 0 [pid 8709] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8708] <... futex resumed>) = 0 [pid 8709] open("./file0", O_RDONLY [pid 8708] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8709] <... open resumed>) = 4 [pid 8708] <... futex resumed>) = 0 [pid 8708] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8709] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8709] <... futex resumed>) = 0 [pid 8708] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8709] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8708] <... futex resumed>) = 0 [ 211.268140][ T8709] BTRFS info (device loop0): checking UUID tree [pid 8709] <... ioctl resumed>) = 0 [pid 8708] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8709] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8708] <... futex resumed>) = 0 [pid 8709] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8708] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8708] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8708] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8708] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8727]}, 88) = 8727 [pid 8708] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8727 attached NULL, 8) = 0 [pid 8727] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8708] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8727] <... rseq resumed>) = 0 [pid 8708] <... futex resumed>) = 0 [pid 8708] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8727] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8727] open(".", O_RDONLY) = 5 [ 211.317883][ T8709] BTRFS info (device loop0): balance: start -d -m [ 211.326786][ T8709] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 211.351084][ T8709] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8727] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8708] <... futex resumed>) = 0 [pid 8708] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8708] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8727] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 8727] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8727] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8708] <... futex resumed>) = 0 [ 211.398476][ T8709] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8709] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8709] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8708] exit_group(0 [pid 8709] <... futex resumed>) = 0 [pid 8727] <... futex resumed>) = ? [pid 8727] +++ exited with 0 +++ [pid 8709] +++ exited with 0 +++ [pid 8708] <... exit_group resumed>) = ? [pid 8708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8708, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 211.455235][ T8709] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 211.472498][ T8709] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8728 attached [pid 8728] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8728] chdir("./183" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8728 [pid 8728] <... chdir resumed>) = 0 [pid 8728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8728] setpgid(0, 0) = 0 [pid 8728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8728] write(3, "1000", 4) = 4 [pid 8728] close(3) = 0 [pid 8728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8728] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8728] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8728] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8728] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8729 attached [pid 8729] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8728] <... clone3 resumed> => {parent_tid=[8729]}, 88) = 8729 [pid 8729] set_robust_list(0x7f0bd5e299a0, 24 [pid 8728] rt_sigprocmask(SIG_SETMASK, [], [pid 8729] <... set_robust_list resumed>) = 0 [pid 8728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8728] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8729] memfd_create("syzkaller", 0 [pid 8728] <... futex resumed>) = 0 [pid 8728] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8729] <... memfd_create resumed>) = 3 [pid 8729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8729] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8729] close(3) = 0 [pid 8729] mkdir("./file0", 0777) = 0 [ 211.951372][ T8729] loop0: detected capacity change from 0 to 32768 [ 211.967465][ T8729] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8729) [ 211.982322][ T8729] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 211.991645][ T8729] BTRFS info (device loop0): force clearing of disk cache [ 211.998955][ T8729] BTRFS info (device loop0): setting nodatasum [ 212.005474][ T8729] BTRFS info (device loop0): allowing degraded mounts [ 212.012279][ T8729] BTRFS info (device loop0): enabling disk space caching [ 212.019431][ T8729] BTRFS info (device loop0): disk space caching is enabled [ 212.037833][ T8729] BTRFS info (device loop0): enabling ssd optimizations [ 212.044916][ T8729] BTRFS info (device loop0): auto enabling async discard [pid 8729] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8729] chdir("./file0") = 0 [pid 8729] ioctl(4, LOOP_CLR_FD) = 0 [ 212.052827][ T8729] BTRFS info (device loop0): rebuilding free space tree [ 212.065309][ T8729] BTRFS info (device loop0): disabling free space tree [ 212.072378][ T8729] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 212.082071][ T8729] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 212.094631][ T8729] BTRFS info (device loop0): checking UUID tree [pid 8729] close(4) = 0 [pid 8729] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8728] <... futex resumed>) = 0 [pid 8729] <... futex resumed>) = 1 [pid 8728] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8729] open("./file0", O_RDONLY [pid 8728] <... futex resumed>) = 0 [pid 8729] <... open resumed>) = 4 [pid 8728] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8729] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8728] <... futex resumed>) = 0 [pid 8728] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8729] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8728] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8729] <... ioctl resumed>) = 0 [pid 8729] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8728] <... futex resumed>) = 0 [pid 8728] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8729] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8728] <... futex resumed>) = 0 [pid 8728] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8728] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8728] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8747]}, 88) = 8747 [pid 8728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8728] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8728] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8747 attached [pid 8747] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8747] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 212.161645][ T8729] BTRFS info (device loop0): balance: start -d -m [ 212.175589][ T8729] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 212.198459][ T8729] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8747] open(".", O_RDONLY) = 5 [pid 8747] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8728] <... futex resumed>) = 0 [pid 8728] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8747] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8728] <... futex resumed>) = 0 [pid 8728] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8747] <... ioctl resumed>) = 0 [pid 8747] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8728] <... futex resumed>) = 0 [ 212.242182][ T8729] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8747] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8729] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8729] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8729] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8728] exit_group(0 [pid 8747] <... futex resumed>) = ? [pid 8729] <... futex resumed>) = ? [pid 8728] <... exit_group resumed>) = ? [pid 8747] +++ exited with 0 +++ [pid 8729] +++ exited with 0 +++ [pid 8728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8728, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 212.293015][ T8729] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 212.317613][ T8729] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8748 attached [pid 8748] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8748] chdir("./184" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8748 [pid 8748] <... chdir resumed>) = 0 [pid 8748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8748] setpgid(0, 0) = 0 [pid 8748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8748] write(3, "1000", 4) = 4 [pid 8748] close(3) = 0 [pid 8748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8748] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8748] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8748] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8748] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8749 attached => {parent_tid=[8749]}, 88) = 8749 [pid 8749] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8748] rt_sigprocmask(SIG_SETMASK, [], [pid 8749] <... rseq resumed>) = 0 [pid 8748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8749] set_robust_list(0x7f0bd5e299a0, 24 [pid 8748] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8749] <... set_robust_list resumed>) = 0 [pid 8748] <... futex resumed>) = 0 [pid 8749] rt_sigprocmask(SIG_SETMASK, [], [pid 8748] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8749] memfd_create("syzkaller", 0) = 3 [pid 8749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8749] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8749] close(3) = 0 [pid 8749] mkdir("./file0", 0777) = 0 [ 212.817100][ T8749] loop0: detected capacity change from 0 to 32768 [ 212.836899][ T8749] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8749) [ 212.852391][ T8749] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 212.861875][ T8749] BTRFS info (device loop0): force clearing of disk cache [ 212.869065][ T8749] BTRFS info (device loop0): setting nodatasum [ 212.875412][ T8749] BTRFS info (device loop0): allowing degraded mounts [ 212.882160][ T8749] BTRFS info (device loop0): enabling disk space caching [ 212.889245][ T8749] BTRFS info (device loop0): disk space caching is enabled [ 212.909149][ T8749] BTRFS info (device loop0): enabling ssd optimizations [ 212.916267][ T8749] BTRFS info (device loop0): auto enabling async discard [ 212.924287][ T8749] BTRFS info (device loop0): rebuilding free space tree [ 212.935258][ T8749] BTRFS info (device loop0): disabling free space tree [ 212.942174][ T8749] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 212.951861][ T8749] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8749] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8749] chdir("./file0") = 0 [pid 8749] ioctl(4, LOOP_CLR_FD) = 0 [pid 8749] close(4) = 0 [pid 8749] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8748] <... futex resumed>) = 0 [pid 8749] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8748] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8748] <... futex resumed>) = 0 [pid 8749] open("./file0", O_RDONLY [pid 8748] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8749] <... open resumed>) = 4 [pid 8749] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8748] <... futex resumed>) = 0 [pid 8749] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8748] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8748] <... futex resumed>) = 0 [pid 8749] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8748] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8749] <... ioctl resumed>) = 0 [ 212.964895][ T8749] BTRFS info (device loop0): checking UUID tree [pid 8749] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8748] <... futex resumed>) = 0 [pid 8749] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8748] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 213.023667][ T8749] BTRFS info (device loop0): balance: start -d -m [ 213.032883][ T8749] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 213.055208][ T8749] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8748] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8748] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8748] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8767]}, 88) = 8767 [pid 8748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8748] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8748] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8767 attached [pid 8767] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8767] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8767] open(".", O_RDONLY) = 5 [pid 8767] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8748] <... futex resumed>) = 0 [pid 8767] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8748] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8748] <... futex resumed>) = 0 [pid 8767] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 213.096694][ T8749] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8748] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8767] <... ioctl resumed>) = 0 [pid 8767] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8748] <... futex resumed>) = 0 [pid 8767] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8749] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8749] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8749] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8748] exit_group(0 [pid 8767] <... futex resumed>) = ? [pid 8748] <... exit_group resumed>) = ? [pid 8767] +++ exited with 0 +++ [pid 8749] <... futex resumed>) = ? [pid 8749] +++ exited with 0 +++ [pid 8748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8748, si_uid=0, si_status=0, si_utime=0, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 213.151645][ T8749] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 213.176736][ T8749] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8768 attached , child_tidptr=0x5555570ad690) = 8768 [pid 8768] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8768] chdir("./185") = 0 [pid 8768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8768] setpgid(0, 0) = 0 [pid 8768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8768] write(3, "1000", 4) = 4 [pid 8768] close(3) = 0 [pid 8768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8768] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8768] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8768] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8768] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8769 attached [pid 8769] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8768] <... clone3 resumed> => {parent_tid=[8769]}, 88) = 8769 [pid 8769] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8768] rt_sigprocmask(SIG_SETMASK, [], [pid 8769] rt_sigprocmask(SIG_SETMASK, [], [pid 8768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8769] memfd_create("syzkaller", 0 [pid 8768] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8768] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8769] <... memfd_create resumed>) = 3 [pid 8769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8769] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8769] close(3) = 0 [pid 8769] mkdir("./file0", 0777) = 0 [ 213.708791][ T8769] loop0: detected capacity change from 0 to 32768 [ 213.724945][ T8769] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8769) [ 213.740473][ T8769] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 213.749785][ T8769] BTRFS info (device loop0): force clearing of disk cache [ 213.756980][ T8769] BTRFS info (device loop0): setting nodatasum [ 213.763147][ T8769] BTRFS info (device loop0): allowing degraded mounts [ 213.769985][ T8769] BTRFS info (device loop0): enabling disk space caching [ 213.777065][ T8769] BTRFS info (device loop0): disk space caching is enabled [ 213.797362][ T8769] BTRFS info (device loop0): enabling ssd optimizations [pid 8769] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8769] chdir("./file0") = 0 [pid 8769] ioctl(4, LOOP_CLR_FD) = 0 [pid 8769] close(4) = 0 [pid 8769] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8768] <... futex resumed>) = 0 [pid 8769] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8768] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8768] <... futex resumed>) = 0 [pid 8769] open("./file0", O_RDONLY [pid 8768] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8769] <... open resumed>) = 4 [ 213.804393][ T8769] BTRFS info (device loop0): auto enabling async discard [ 213.812065][ T8769] BTRFS info (device loop0): rebuilding free space tree [ 213.823001][ T8769] BTRFS info (device loop0): disabling free space tree [ 213.830019][ T8769] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 213.839724][ T8769] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 213.852510][ T8769] BTRFS info (device loop0): checking UUID tree [pid 8769] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8768] <... futex resumed>) = 0 [pid 8769] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 8768] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8769] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8768] <... futex resumed>) = 0 [pid 8769] <... ioctl resumed>) = 0 [pid 8768] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8769] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8768] <... futex resumed>) = 0 [pid 8769] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8768] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8768] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8768] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8768] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8787 attached => {parent_tid=[8787]}, 88) = 8787 [pid 8768] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8768] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8768] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8787] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8787] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8787] open(".", O_RDONLY) = 5 [pid 8787] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8768] <... futex resumed>) = 0 [pid 8787] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8768] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8768] <... futex resumed>) = 0 [pid 8787] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 213.903477][ T8769] BTRFS info (device loop0): balance: start -d -m [ 213.913346][ T8769] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 213.934473][ T8769] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8768] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8787] <... ioctl resumed>) = 0 [pid 8787] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8787] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8768] <... futex resumed>) = 0 [ 213.994345][ T8769] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 214.031116][ T8769] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8769] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8769] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8768] exit_group(0 [pid 8787] <... futex resumed>) = ? [pid 8769] <... futex resumed>) = ? [pid 8768] <... exit_group resumed>) = ? [pid 8787] +++ exited with 0 +++ [pid 8769] +++ exited with 0 +++ [pid 8768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8768, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 214.054542][ T8769] BTRFS info (device loop0): balance: ended with status: 0 unlink("./185/binderfs") = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8788 attached , child_tidptr=0x5555570ad690) = 8788 [pid 8788] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8788] chdir("./186") = 0 [pid 8788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8788] setpgid(0, 0) = 0 [pid 8788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8788] write(3, "1000", 4) = 4 [pid 8788] close(3) = 0 [pid 8788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8788] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8788] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8788] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8788] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8789 attached [pid 8789] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8788] <... clone3 resumed> => {parent_tid=[8789]}, 88) = 8789 [pid 8789] set_robust_list(0x7f0bd5e299a0, 24 [pid 8788] rt_sigprocmask(SIG_SETMASK, [], [pid 8789] <... set_robust_list resumed>) = 0 [pid 8788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8788] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8789] memfd_create("syzkaller", 0 [pid 8788] <... futex resumed>) = 0 [pid 8788] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8789] <... memfd_create resumed>) = 3 [pid 8789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8789] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8789] close(3) = 0 [pid 8789] mkdir("./file0", 0777) = 0 [ 214.529146][ T8789] loop0: detected capacity change from 0 to 32768 [ 214.538678][ T8789] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8789) [ 214.554911][ T8789] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 214.564192][ T8789] BTRFS info (device loop0): force clearing of disk cache [ 214.571294][ T8789] BTRFS info (device loop0): setting nodatasum [pid 8789] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8789] chdir("./file0") = 0 [pid 8789] ioctl(4, LOOP_CLR_FD) = 0 [pid 8789] close(4) = 0 [ 214.577871][ T8789] BTRFS info (device loop0): allowing degraded mounts [ 214.584912][ T8789] BTRFS info (device loop0): enabling disk space caching [pid 8789] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8788] <... futex resumed>) = 0 [pid 8789] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8788] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8788] <... futex resumed>) = 0 [pid 8789] open("./file0", O_RDONLY [pid 8788] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8789] <... open resumed>) = 4 [pid 8789] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8788] <... futex resumed>) = 0 [pid 8788] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8788] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8789] <... futex resumed>) = 1 [pid 8789] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8789] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8788] <... futex resumed>) = 0 [pid 8788] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8789] <... futex resumed>) = 1 [pid 8788] <... futex resumed>) = 0 [pid 8788] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8789] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8788] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8788] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8788] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8807]}, 88) = 8807 [pid 8788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8788] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8807 attached [pid 8807] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8788] <... futex resumed>) = 0 [pid 8807] set_robust_list(0x7f0bd5e089a0, 24 [pid 8788] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8807] <... set_robust_list resumed>) = 0 [pid 8807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8807] open(".", O_RDONLY) = 5 [pid 8807] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8807] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8788] <... futex resumed>) = 0 [pid 8788] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8807] <... futex resumed>) = 0 [pid 8807] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8788] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8807] <... ioctl resumed>) = 0 [pid 8807] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8788] <... futex resumed>) = 0 [pid 8807] <... futex resumed>) = 1 [pid 8789] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8807] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8789] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8789] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8788] exit_group(0 [pid 8807] <... futex resumed>) = ? [pid 8789] <... futex resumed>) = ? [pid 8788] <... exit_group resumed>) = ? [pid 8807] +++ exited with 0 +++ [pid 8789] +++ exited with 0 +++ [pid 8788] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8788, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8808 attached , child_tidptr=0x5555570ad690) = 8808 [pid 8808] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8808] chdir("./187") = 0 [pid 8808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8808] setpgid(0, 0) = 0 [pid 8808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8808] write(3, "1000", 4) = 4 [pid 8808] close(3) = 0 [pid 8808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8808] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8808] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8808] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8808] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8808] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8809 attached [pid 8809] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8808] <... clone3 resumed> => {parent_tid=[8809]}, 88) = 8809 [pid 8809] <... rseq resumed>) = 0 [pid 8808] rt_sigprocmask(SIG_SETMASK, [], [pid 8809] set_robust_list(0x7f0bd5e299a0, 24 [pid 8808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8809] <... set_robust_list resumed>) = 0 [pid 8808] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8809] rt_sigprocmask(SIG_SETMASK, [], [pid 8808] <... futex resumed>) = 0 [pid 8809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8808] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8809] memfd_create("syzkaller", 0) = 3 [pid 8809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8809] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8809] close(3) = 0 [pid 8809] mkdir("./file0", 0777) = 0 [ 215.365095][ T8809] loop0: detected capacity change from 0 to 32768 [ 215.385100][ T8809] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8809) [ 215.401343][ T8809] _btrfs_printk: 14 callbacks suppressed [ 215.401359][ T8809] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 215.416330][ T8809] BTRFS info (device loop0): force clearing of disk cache [ 215.423450][ T8809] BTRFS info (device loop0): setting nodatasum [ 215.429709][ T8809] BTRFS info (device loop0): allowing degraded mounts [ 215.436695][ T8809] BTRFS info (device loop0): enabling disk space caching [ 215.443779][ T8809] BTRFS info (device loop0): disk space caching is enabled [ 215.463672][ T8809] BTRFS info (device loop0): enabling ssd optimizations [ 215.470751][ T8809] BTRFS info (device loop0): auto enabling async discard [ 215.478902][ T8809] BTRFS info (device loop0): rebuilding free space tree [ 215.490191][ T8809] BTRFS info (device loop0): disabling free space tree [ 215.497408][ T8809] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 8809] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8809] chdir("./file0") = 0 [pid 8809] ioctl(4, LOOP_CLR_FD) = 0 [pid 8809] close(4) = 0 [pid 8809] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8808] <... futex resumed>) = 0 [pid 8809] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8808] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8809] <... futex resumed>) = 0 [pid 8808] <... futex resumed>) = 1 [pid 8809] open("./file0", O_RDONLY [pid 8808] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8809] <... open resumed>) = 4 [pid 8809] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8809] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8808] <... futex resumed>) = 0 [pid 8808] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8809] <... futex resumed>) = 0 [pid 8808] <... futex resumed>) = 1 [pid 8809] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8808] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8809] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8808] <... futex resumed>) = 0 [pid 8809] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8808] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8809] <... futex resumed>) = 0 [pid 8808] <... futex resumed>) = 1 [pid 8808] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 215.507302][ T8809] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 215.520196][ T8809] BTRFS info (device loop0): checking UUID tree [ 215.577028][ T8809] BTRFS info (device loop0): balance: start -d -m [ 215.585036][ T8809] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 8809] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8808] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8808] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8808] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8808] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8808] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8808] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8827]}, 88) = 8827 [pid 8808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8808] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8808] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8827 attached [pid 8827] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8827] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8827] open(".", O_RDONLY) = 5 [pid 8827] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8808] <... futex resumed>) = 0 [pid 8808] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8808] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8827] <... futex resumed>) = 1 [ 215.619882][ T8809] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8827] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 8827] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8808] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8827] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8809] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8809] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8808] exit_group(0 [pid 8827] <... futex resumed>) = ? [pid 8809] <... futex resumed>) = ? [pid 8808] <... exit_group resumed>) = ? [pid 8827] +++ exited with 0 +++ [pid 8809] +++ exited with 0 +++ [pid 8808] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8808, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 215.687986][ T8809] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 215.709035][ T8809] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 215.725571][ T8809] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8828 attached , child_tidptr=0x5555570ad690) = 8828 [pid 8828] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8828] chdir("./188") = 0 [pid 8828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8828] setpgid(0, 0) = 0 [pid 8828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8828] write(3, "1000", 4) = 4 [pid 8828] close(3) = 0 [pid 8828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8828] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8828] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8828] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8828] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8829 attached [pid 8829] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8829] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 8829] rt_sigprocmask(SIG_SETMASK, [], [pid 8828] <... clone3 resumed> => {parent_tid=[8829]}, 88) = 8829 [pid 8829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8829] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8828] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8829] <... futex resumed>) = 0 [pid 8828] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8829] memfd_create("syzkaller", 0) = 3 [pid 8829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8829] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8829] close(3) = 0 [pid 8829] mkdir("./file0", 0777) = 0 [ 216.285664][ T8829] loop0: detected capacity change from 0 to 32768 [ 216.298856][ T8829] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8829) [ 216.315326][ T8829] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 216.324669][ T8829] BTRFS info (device loop0): force clearing of disk cache [ 216.331791][ T8829] BTRFS info (device loop0): setting nodatasum [ 216.337989][ T8829] BTRFS info (device loop0): allowing degraded mounts [ 216.344815][ T8829] BTRFS info (device loop0): enabling disk space caching [ 216.351840][ T8829] BTRFS info (device loop0): disk space caching is enabled [ 216.371461][ T8829] BTRFS info (device loop0): enabling ssd optimizations [ 216.378545][ T8829] BTRFS info (device loop0): auto enabling async discard [pid 8829] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8829] chdir("./file0") = 0 [pid 8829] ioctl(4, LOOP_CLR_FD) = 0 [pid 8829] close(4) = 0 [pid 8829] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8828] <... futex resumed>) = 0 [pid 8829] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8828] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8828] <... futex resumed>) = 0 [pid 8829] open("./file0", O_RDONLY [pid 8828] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8829] <... open resumed>) = 4 [pid 8829] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8828] <... futex resumed>) = 0 [pid 8829] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8828] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8828] <... futex resumed>) = 0 [pid 8829] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8828] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8829] <... ioctl resumed>) = 0 [pid 8829] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8828] <... futex resumed>) = 0 [pid 8828] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8829] <... futex resumed>) = 1 [pid 8828] <... futex resumed>) = 0 [pid 8829] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 216.386540][ T8829] BTRFS info (device loop0): rebuilding free space tree [ 216.397655][ T8829] BTRFS info (device loop0): disabling free space tree [ 216.404624][ T8829] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 216.414393][ T8829] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 216.427035][ T8829] BTRFS info (device loop0): checking UUID tree [pid 8828] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8828] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8828] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8847 attached => {parent_tid=[8847]}, 88) = 8847 [pid 8847] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8828] rt_sigprocmask(SIG_SETMASK, [], [pid 8847] <... rseq resumed>) = 0 [pid 8847] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8847] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8828] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8847] <... futex resumed>) = 0 [pid 8828] <... futex resumed>) = 1 [pid 8847] open(".", O_RDONLY [pid 8828] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8847] <... open resumed>) = 5 [pid 8847] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8847] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8828] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8847] <... futex resumed>) = 0 [pid 8828] <... futex resumed>) = 1 [pid 8847] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 216.458067][ T8829] BTRFS info (device loop0): balance: start -d -m [ 216.471348][ T8829] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 216.493314][ T8829] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8828] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8847] <... ioctl resumed>) = 0 [pid 8847] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8847] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8828] <... futex resumed>) = 0 [ 216.572904][ T8829] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8829] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8829] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8828] exit_group(0 [pid 8829] <... futex resumed>) = ? [pid 8847] <... futex resumed>) = ? [pid 8828] <... exit_group resumed>) = ? [pid 8847] +++ exited with 0 +++ [pid 8829] +++ exited with 0 +++ [pid 8828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8828, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 [ 216.613753][ T8829] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 216.633564][ T8829] BTRFS info (device loop0): balance: ended with status: 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8848 attached , child_tidptr=0x5555570ad690) = 8848 [pid 8848] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8848] chdir("./189") = 0 [pid 8848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8848] setpgid(0, 0) = 0 [pid 8848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8848] write(3, "1000", 4) = 4 [pid 8848] close(3) = 0 [pid 8848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8848] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8848] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8848] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8849 attached [pid 8849] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8848] <... clone3 resumed> => {parent_tid=[8849]}, 88) = 8849 [pid 8849] set_robust_list(0x7f0bd5e299a0, 24 [pid 8848] rt_sigprocmask(SIG_SETMASK, [], [pid 8849] <... set_robust_list resumed>) = 0 [pid 8849] rt_sigprocmask(SIG_SETMASK, [], [pid 8848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8848] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8849] memfd_create("syzkaller", 0 [pid 8848] <... futex resumed>) = 0 [pid 8848] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8849] <... memfd_create resumed>) = 3 [pid 8849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8849] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8849] close(3) = 0 [pid 8849] mkdir("./file0", 0777) = 0 [ 217.140247][ T8849] loop0: detected capacity change from 0 to 32768 [ 217.155147][ T8849] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8849) [ 217.170654][ T8849] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 217.180209][ T8849] BTRFS info (device loop0): force clearing of disk cache [ 217.187398][ T8849] BTRFS info (device loop0): setting nodatasum [ 217.193658][ T8849] BTRFS info (device loop0): allowing degraded mounts [ 217.200896][ T8849] BTRFS info (device loop0): enabling disk space caching [ 217.208080][ T8849] BTRFS info (device loop0): disk space caching is enabled [ 217.228324][ T8849] BTRFS info (device loop0): enabling ssd optimizations [ 217.235450][ T8849] BTRFS info (device loop0): auto enabling async discard [ 217.243421][ T8849] BTRFS info (device loop0): rebuilding free space tree [ 217.254883][ T8849] BTRFS info (device loop0): disabling free space tree [ 217.261802][ T8849] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 217.272046][ T8849] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8849] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8849] chdir("./file0") = 0 [pid 8849] ioctl(4, LOOP_CLR_FD) = 0 [pid 8849] close(4) = 0 [pid 8849] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8848] <... futex resumed>) = 0 [pid 8849] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8848] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8848] <... futex resumed>) = 0 [pid 8849] open("./file0", O_RDONLY [pid 8848] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8849] <... open resumed>) = 4 [pid 8849] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8848] <... futex resumed>) = 0 [pid 8849] <... futex resumed>) = 1 [pid 8848] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8849] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8848] <... futex resumed>) = 0 [pid 8849] <... ioctl resumed>) = 0 [pid 8848] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8849] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8849] <... futex resumed>) = 0 [pid 8848] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8849] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8848] <... futex resumed>) = 0 [ 217.285099][ T8849] BTRFS info (device loop0): checking UUID tree [pid 8848] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8848] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8848] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8867]}, 88) = 8867 [pid 8848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8848] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8848] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8867 attached [pid 8867] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8867] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8867] open(".", O_RDONLY) = 5 [pid 8867] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8848] <... futex resumed>) = 0 [pid 8848] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8848] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 217.334845][ T8849] BTRFS info (device loop0): balance: start -d -m [ 217.344324][ T8849] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 217.367133][ T8849] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8867] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 8848] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8867] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 217.427298][ T8849] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8867] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8849] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8849] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8849] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8848] exit_group(0 [pid 8867] <... futex resumed>) = ? [pid 8867] +++ exited with 0 +++ [pid 8849] <... futex resumed>) = ? [pid 8848] <... exit_group resumed>) = ? [pid 8849] +++ exited with 0 +++ [pid 8848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8848, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 217.475920][ T8849] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 217.495317][ T8849] BTRFS info (device loop0): balance: ended with status: 0 umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8868 attached , child_tidptr=0x5555570ad690) = 8868 [pid 8868] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8868] chdir("./190") = 0 [pid 8868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8868] setpgid(0, 0) = 0 [pid 8868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8868] write(3, "1000", 4) = 4 [pid 8868] close(3) = 0 [pid 8868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8868] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8868] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8868] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8869 attached => {parent_tid=[8869]}, 88) = 8869 [pid 8868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8868] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8869] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8868] <... futex resumed>) = 0 [pid 8869] set_robust_list(0x7f0bd5e299a0, 24 [pid 8868] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8869] <... set_robust_list resumed>) = 0 [pid 8869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8869] memfd_create("syzkaller", 0) = 3 [pid 8869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8869] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8869] close(3) = 0 [pid 8869] mkdir("./file0", 0777) = 0 [ 218.041387][ T8869] loop0: detected capacity change from 0 to 32768 [ 218.051495][ T8869] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8869) [ 218.067903][ T8869] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 218.077353][ T8869] BTRFS info (device loop0): force clearing of disk cache [ 218.084569][ T8869] BTRFS info (device loop0): setting nodatasum [ 218.090827][ T8869] BTRFS info (device loop0): allowing degraded mounts [ 218.097646][ T8869] BTRFS info (device loop0): enabling disk space caching [ 218.104734][ T8869] BTRFS info (device loop0): disk space caching is enabled [ 218.123205][ T8869] BTRFS info (device loop0): enabling ssd optimizations [ 218.130232][ T8869] BTRFS info (device loop0): auto enabling async discard [pid 8869] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8869] chdir("./file0") = 0 [pid 8869] ioctl(4, LOOP_CLR_FD) = 0 [pid 8869] close(4) = 0 [pid 8869] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8868] <... futex resumed>) = 0 [pid 8868] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8869] open("./file0", O_RDONLY [pid 8868] <... futex resumed>) = 0 [pid 8869] <... open resumed>) = 4 [ 218.138414][ T8869] BTRFS info (device loop0): rebuilding free space tree [ 218.149424][ T8869] BTRFS info (device loop0): disabling free space tree [ 218.156380][ T8869] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 218.166111][ T8869] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 218.178775][ T8869] BTRFS info (device loop0): checking UUID tree [pid 8868] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8869] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8868] <... futex resumed>) = 0 [pid 8869] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8868] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8869] <... ioctl resumed>) = 0 [pid 8868] <... futex resumed>) = 0 [pid 8869] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8868] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8869] <... futex resumed>) = 0 [pid 8868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8869] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8868] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8868] <... futex resumed>) = 0 [pid 8869] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8868] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8868] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8868] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8887 attached => {parent_tid=[8887]}, 88) = 8887 [pid 8887] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8868] rt_sigprocmask(SIG_SETMASK, [], [pid 8887] set_robust_list(0x7f0bd5e089a0, 24 [pid 8868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8887] <... set_robust_list resumed>) = 0 [pid 8868] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8887] rt_sigprocmask(SIG_SETMASK, [], [pid 8868] <... futex resumed>) = 0 [pid 8887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8868] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8887] open(".", O_RDONLY) = 5 [pid 8887] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8868] <... futex resumed>) = 0 [pid 8887] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8868] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8868] <... futex resumed>) = 0 [pid 8887] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 218.242911][ T8869] BTRFS info (device loop0): balance: start -d -m [ 218.252507][ T8869] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 218.275037][ T8869] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8868] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8887] <... ioctl resumed>) = 0 [pid 8887] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8868] <... futex resumed>) = 0 [ 218.341768][ T8869] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 218.376491][ T8869] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8887] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8869] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8869] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8869] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8868] exit_group(0 [pid 8887] <... futex resumed>) = ? [pid 8868] <... exit_group resumed>) = ? [pid 8869] <... futex resumed>) = ? [pid 8887] +++ exited with 0 +++ [pid 8869] +++ exited with 0 +++ [pid 8868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8868, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 218.393671][ T8869] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8888 attached , child_tidptr=0x5555570ad690) = 8888 [pid 8888] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8888] chdir("./191") = 0 [pid 8888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8888] setpgid(0, 0) = 0 [pid 8888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8888] write(3, "1000", 4) = 4 [pid 8888] close(3) = 0 [pid 8888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8888] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8888] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8888] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8888] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8889 attached => {parent_tid=[8889]}, 88) = 8889 [pid 8888] rt_sigprocmask(SIG_SETMASK, [], [pid 8889] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8889] <... rseq resumed>) = 0 [pid 8888] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8889] set_robust_list(0x7f0bd5e299a0, 24 [pid 8888] <... futex resumed>) = 0 [pid 8889] <... set_robust_list resumed>) = 0 [pid 8888] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8889] memfd_create("syzkaller", 0) = 3 [pid 8889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8889] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8889] close(3) = 0 [pid 8889] mkdir("./file0", 0777) = 0 [ 218.906601][ T8889] loop0: detected capacity change from 0 to 32768 [ 218.926703][ T8889] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8889) [ 218.941760][ T8889] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 218.951140][ T8889] BTRFS info (device loop0): force clearing of disk cache [ 218.958340][ T8889] BTRFS info (device loop0): setting nodatasum [ 218.964565][ T8889] BTRFS info (device loop0): allowing degraded mounts [ 218.971358][ T8889] BTRFS info (device loop0): enabling disk space caching [ 218.978465][ T8889] BTRFS info (device loop0): disk space caching is enabled [ 218.997820][ T8889] BTRFS info (device loop0): enabling ssd optimizations [ 219.004873][ T8889] BTRFS info (device loop0): auto enabling async discard [ 219.012746][ T8889] BTRFS info (device loop0): rebuilding free space tree [ 219.024080][ T8889] BTRFS info (device loop0): disabling free space tree [ 219.031024][ T8889] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 219.040774][ T8889] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8889] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8889] chdir("./file0") = 0 [pid 8889] ioctl(4, LOOP_CLR_FD) = 0 [pid 8889] close(4) = 0 [pid 8889] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8888] <... futex resumed>) = 0 [ 219.053603][ T8889] BTRFS info (device loop0): checking UUID tree [pid 8888] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8889] open("./file0", O_RDONLY [pid 8888] <... futex resumed>) = 0 [pid 8889] <... open resumed>) = 4 [pid 8888] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8889] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8888] <... futex resumed>) = 0 [pid 8888] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8889] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 8889] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8888] <... futex resumed>) = 0 [pid 8889] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8888] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 8888] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8889] <... futex resumed>) = 0 [pid 8889] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8888] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8888] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8888] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8907]}, 88) = 8907 ./strace-static-x86_64: Process 8907 attached [pid 8888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8888] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8888] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8907] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8907] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8907] open(".", O_RDONLY) = 5 [pid 8907] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8888] <... futex resumed>) = 0 [pid 8907] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8888] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 219.128536][ T8889] BTRFS info (device loop0): balance: start -d -m [ 219.136478][ T8889] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 219.163503][ T8889] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8888] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8907] <... ioctl resumed>) = 0 [pid 8907] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8888] <... futex resumed>) = 0 [pid 8907] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8889] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8889] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8889] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8888] exit_group(0) = ? [ 219.238750][ T8889] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 219.259914][ T8889] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 219.278715][ T8889] BTRFS info (device loop0): balance: ended with status: 0 [pid 8907] <... futex resumed>) = ? [pid 8889] <... futex resumed>) = ? [pid 8907] +++ exited with 0 +++ [pid 8889] +++ exited with 0 +++ [pid 8888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8888, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8908 attached , child_tidptr=0x5555570ad690) = 8908 [pid 8908] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8908] chdir("./192") = 0 [pid 8908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8908] setpgid(0, 0) = 0 [pid 8908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8908] write(3, "1000", 4) = 4 [pid 8908] close(3) = 0 [pid 8908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8908] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8908] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8908] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8908] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8909 attached [pid 8909] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8908] <... clone3 resumed> => {parent_tid=[8909]}, 88) = 8909 [pid 8909] <... rseq resumed>) = 0 [pid 8908] rt_sigprocmask(SIG_SETMASK, [], [pid 8909] set_robust_list(0x7f0bd5e299a0, 24 [pid 8908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8909] <... set_robust_list resumed>) = 0 [pid 8908] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8909] rt_sigprocmask(SIG_SETMASK, [], [pid 8908] <... futex resumed>) = 0 [pid 8909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8908] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8909] memfd_create("syzkaller", 0) = 3 [pid 8909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8909] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8909] close(3) = 0 [pid 8909] mkdir("./file0", 0777) = 0 [ 219.856048][ T8909] loop0: detected capacity change from 0 to 32768 [ 219.875996][ T8909] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8909) [ 219.892264][ T8909] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 8909] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8909] chdir("./file0") = 0 [pid 8909] ioctl(4, LOOP_CLR_FD) = 0 [pid 8909] close(4) = 0 [pid 8909] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 219.901689][ T8909] BTRFS info (device loop0): force clearing of disk cache [ 219.908841][ T8909] BTRFS info (device loop0): setting nodatasum [ 219.915062][ T8909] BTRFS info (device loop0): allowing degraded mounts [ 219.921831][ T8909] BTRFS info (device loop0): enabling disk space caching [pid 8909] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8908] <... futex resumed>) = 0 [pid 8908] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8909] <... futex resumed>) = 0 [pid 8908] <... futex resumed>) = 1 [pid 8909] open("./file0", O_RDONLY [pid 8908] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8909] <... open resumed>) = 4 [pid 8909] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8908] <... futex resumed>) = 0 [pid 8909] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8908] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8909] <... ioctl resumed>) = 0 [pid 8908] <... futex resumed>) = 0 [pid 8908] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8909] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8908] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8908] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8909] <... futex resumed>) = 0 [pid 8909] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8908] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8908] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8908] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8927]}, 88) = 8927 [pid 8908] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8908] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8908] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 8927 attached [pid 8927] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8927] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8927] open(".", O_RDONLY [pid 8909] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8927] <... open resumed>) = 5 [pid 8909] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8927] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8909] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8927] <... futex resumed>) = 1 [pid 8908] <... futex resumed>) = 0 [pid 8927] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8908] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8909] <... futex resumed>) = 0 [pid 8908] <... futex resumed>) = 1 [pid 8909] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8908] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8909] <... ioctl resumed>) = 0 [pid 8909] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8908] <... futex resumed>) = 0 [pid 8909] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8908] exit_group(0 [pid 8927] <... futex resumed>) = ? [pid 8909] <... futex resumed>) = ? [pid 8908] <... exit_group resumed>) = ? [pid 8927] +++ exited with 0 +++ [pid 8909] +++ exited with 0 +++ [pid 8908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8908, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8928 attached [pid 8928] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8928] chdir("./193" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8928 [pid 8928] <... chdir resumed>) = 0 [pid 8928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8928] setpgid(0, 0) = 0 [pid 8928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8928] write(3, "1000", 4) = 4 [pid 8928] close(3) = 0 [pid 8928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8928] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8928] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8928] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8928] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8928] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8928] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8929 attached [pid 8929] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8928] <... clone3 resumed> => {parent_tid=[8929]}, 88) = 8929 [pid 8929] <... rseq resumed>) = 0 [pid 8928] rt_sigprocmask(SIG_SETMASK, [], [pid 8929] set_robust_list(0x7f0bd5e299a0, 24 [pid 8928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8929] <... set_robust_list resumed>) = 0 [pid 8928] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8928] <... futex resumed>) = 0 [pid 8929] memfd_create("syzkaller", 0 [pid 8928] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8929] <... memfd_create resumed>) = 3 [pid 8929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8929] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8929] close(3) = 0 [pid 8929] mkdir("./file0", 0777) = 0 [ 220.649353][ T8929] loop0: detected capacity change from 0 to 32768 [ 220.664258][ T8929] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8929) [ 220.680088][ T8929] _btrfs_printk: 14 callbacks suppressed [ 220.680104][ T8929] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 220.695112][ T8929] BTRFS info (device loop0): force clearing of disk cache [ 220.702218][ T8929] BTRFS info (device loop0): setting nodatasum [ 220.708422][ T8929] BTRFS info (device loop0): allowing degraded mounts [ 220.715281][ T8929] BTRFS info (device loop0): enabling disk space caching [ 220.722312][ T8929] BTRFS info (device loop0): disk space caching is enabled [ 220.742284][ T8929] BTRFS info (device loop0): enabling ssd optimizations [ 220.749485][ T8929] BTRFS info (device loop0): auto enabling async discard [ 220.757508][ T8929] BTRFS info (device loop0): rebuilding free space tree [ 220.768628][ T8929] BTRFS info (device loop0): disabling free space tree [ 220.775825][ T8929] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 220.785781][ T8929] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8929] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8929] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8929] chdir("./file0") = 0 [pid 8929] ioctl(4, LOOP_CLR_FD) = 0 [ 220.798351][ T8929] BTRFS info (device loop0): checking UUID tree [pid 8929] close(4) = 0 [pid 8929] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8928] <... futex resumed>) = 0 [pid 8929] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8928] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8928] <... futex resumed>) = 0 [pid 8929] open("./file0", O_RDONLY [pid 8928] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8929] <... open resumed>) = 4 [pid 8929] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8929] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8928] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8929] <... futex resumed>) = 0 [pid 8929] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8928] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8929] <... ioctl resumed>) = 0 [pid 8929] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8929] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8928] <... futex resumed>) = 0 [pid 8928] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8929] <... futex resumed>) = 0 [pid 8929] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8928] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8928] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8928] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8928] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8928] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8947]}, 88) = 8947 [pid 8928] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 8947 attached NULL, 8) = 0 [pid 8947] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 8928] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8947] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8928] <... futex resumed>) = 0 [pid 8947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8947] open(".", O_RDONLY) = 5 [pid 8947] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8947] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8928] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 8928] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8947] <... futex resumed>) = 0 [pid 8928] <... futex resumed>) = 1 [pid 8947] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 220.878846][ T8929] BTRFS info (device loop0): balance: start -d -m [ 220.889663][ T8929] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 220.916031][ T8929] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8928] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8947] <... ioctl resumed>) = 0 [pid 8928] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 8947] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8947] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8929] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8929] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8929] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8928] exit_group(0 [pid 8947] <... futex resumed>) = ? [pid 8929] <... futex resumed>) = ? [pid 8928] <... exit_group resumed>) = ? [pid 8947] +++ exited with 0 +++ [pid 8929] +++ exited with 0 +++ [pid 8928] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8928, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- [ 220.992501][ T8929] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 221.014744][ T8929] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 221.032015][ T8929] BTRFS info (device loop0): balance: ended with status: 0 umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8949 attached , child_tidptr=0x5555570ad690) = 8949 [pid 8949] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8949] chdir("./194") = 0 [pid 8949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8949] setpgid(0, 0) = 0 [pid 8949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8949] write(3, "1000", 4) = 4 [pid 8949] close(3) = 0 [pid 8949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8949] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8949] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8949] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8949] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8950 attached [pid 8950] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8949] <... clone3 resumed> => {parent_tid=[8950]}, 88) = 8950 [pid 8950] set_robust_list(0x7f0bd5e299a0, 24 [pid 8949] rt_sigprocmask(SIG_SETMASK, [], [pid 8950] <... set_robust_list resumed>) = 0 [pid 8949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8950] rt_sigprocmask(SIG_SETMASK, [], [pid 8949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8950] memfd_create("syzkaller", 0 [pid 8949] <... futex resumed>) = 0 [pid 8949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8950] <... memfd_create resumed>) = 3 [pid 8950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8950] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8950] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8950] close(3) = 0 [pid 8950] mkdir("./file0", 0777) = 0 [ 221.541560][ T8950] loop0: detected capacity change from 0 to 32768 [ 221.561825][ T8950] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8950) [ 221.576810][ T8950] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 221.586129][ T8950] BTRFS info (device loop0): force clearing of disk cache [ 221.593251][ T8950] BTRFS info (device loop0): setting nodatasum [ 221.599499][ T8950] BTRFS info (device loop0): allowing degraded mounts [ 221.606307][ T8950] BTRFS info (device loop0): enabling disk space caching [ 221.613323][ T8950] BTRFS info (device loop0): disk space caching is enabled [ 221.631545][ T8950] BTRFS info (device loop0): enabling ssd optimizations [ 221.638597][ T8950] BTRFS info (device loop0): auto enabling async discard [ 221.647118][ T8950] BTRFS info (device loop0): rebuilding free space tree [ 221.658258][ T8950] BTRFS info (device loop0): disabling free space tree [ 221.665427][ T8950] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 221.675207][ T8950] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 8950] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8950] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8950] chdir("./file0") = 0 [pid 8950] ioctl(4, LOOP_CLR_FD) = 0 [pid 8950] close(4) = 0 [ 221.687849][ T8950] BTRFS info (device loop0): checking UUID tree [pid 8950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8949] <... futex resumed>) = 0 [pid 8950] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8949] <... futex resumed>) = 0 [pid 8950] open("./file0", O_RDONLY [pid 8949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8950] <... open resumed>) = 4 [pid 8950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8949] <... futex resumed>) = 0 [pid 8950] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8949] <... futex resumed>) = 0 [pid 8950] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8950] <... ioctl resumed>) = 0 [pid 8950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8950] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8949] <... futex resumed>) = 0 [pid 8949] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8950] <... futex resumed>) = 0 [pid 8949] <... futex resumed>) = 1 [pid 8950] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8949] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8949] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8949] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[8968]}, 88) = 8968 [pid 8949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8949] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 8968 attached ) = 0 [pid 8968] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8949] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8968] <... rseq resumed>) = 0 [pid 8968] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 8968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8968] open(".", O_RDONLY) = 5 [pid 8968] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8949] <... futex resumed>) = 0 [pid 8949] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8949] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8968] <... futex resumed>) = 1 [ 221.776664][ T8950] BTRFS info (device loop0): balance: start -d -m [ 221.788018][ T8950] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 221.815137][ T8950] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8968] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 8968] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8968] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8949] <... futex resumed>) = 0 [ 221.859269][ T8950] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 221.891102][ T8950] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 8950] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8950] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8949] exit_group(0 [pid 8950] <... futex resumed>) = 0 [pid 8968] <... futex resumed>) = ? [pid 8949] <... exit_group resumed>) = ? [pid 8968] +++ exited with 0 +++ [pid 8950] +++ exited with 0 +++ [pid 8949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8949, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/binderfs") = 0 [ 221.908284][ T8950] BTRFS info (device loop0): balance: ended with status: 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8970 attached , child_tidptr=0x5555570ad690) = 8970 [pid 8970] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8970] chdir("./195") = 0 [pid 8970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8970] setpgid(0, 0) = 0 [pid 8970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8970] write(3, "1000", 4) = 4 [pid 8970] close(3) = 0 [pid 8970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8970] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8970] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8970] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8971 attached [pid 8971] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 8970] <... clone3 resumed> => {parent_tid=[8971]}, 88) = 8971 [pid 8971] <... rseq resumed>) = 0 [pid 8970] rt_sigprocmask(SIG_SETMASK, [], [pid 8971] set_robust_list(0x7f0bd5e299a0, 24 [pid 8970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8971] <... set_robust_list resumed>) = 0 [pid 8970] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8970] <... futex resumed>) = 0 [pid 8971] memfd_create("syzkaller", 0 [pid 8970] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8971] <... memfd_create resumed>) = 3 [pid 8971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8971] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8971] close(3) = 0 [pid 8971] mkdir("./file0", 0777) = 0 [ 222.398744][ T8971] loop0: detected capacity change from 0 to 32768 [ 222.413735][ T8971] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8971) [ 222.429383][ T8971] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 222.438704][ T8971] BTRFS info (device loop0): force clearing of disk cache [ 222.445892][ T8971] BTRFS info (device loop0): setting nodatasum [ 222.452081][ T8971] BTRFS info (device loop0): allowing degraded mounts [ 222.458943][ T8971] BTRFS info (device loop0): enabling disk space caching [ 222.466056][ T8971] BTRFS info (device loop0): disk space caching is enabled [ 222.485833][ T8971] BTRFS info (device loop0): enabling ssd optimizations [pid 8971] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8971] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8971] chdir("./file0") = 0 [pid 8971] ioctl(4, LOOP_CLR_FD) = 0 [pid 8971] close(4) = 0 [pid 8971] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8971] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8970] <... futex resumed>) = 0 [pid 8970] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8971] <... futex resumed>) = 0 [pid 8970] <... futex resumed>) = 1 [pid 8971] open("./file0", O_RDONLY [pid 8970] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8971] <... open resumed>) = 4 [ 222.492904][ T8971] BTRFS info (device loop0): auto enabling async discard [ 222.501582][ T8971] BTRFS info (device loop0): rebuilding free space tree [ 222.512428][ T8971] BTRFS info (device loop0): disabling free space tree [ 222.519426][ T8971] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 222.529453][ T8971] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 222.542527][ T8971] BTRFS info (device loop0): checking UUID tree [pid 8971] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8970] <... futex resumed>) = 0 [pid 8970] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8971] <... futex resumed>) = 1 [pid 8971] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8970] <... futex resumed>) = 0 [pid 8971] <... ioctl resumed>) = 0 [pid 8970] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8971] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8971] <... futex resumed>) = 0 [pid 8971] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8970] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8970] <... futex resumed>) = 0 [pid 8971] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8970] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8970] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8970] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 222.586086][ T8971] BTRFS info (device loop0): balance: start -d -m [ 222.595357][ T8971] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 222.616214][ T8971] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 8989 attached => {parent_tid=[8989]}, 88) = 8989 [pid 8989] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8970] rt_sigprocmask(SIG_SETMASK, [], [pid 8989] <... rseq resumed>) = 0 [pid 8970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8989] set_robust_list(0x7f0bd5e089a0, 24 [pid 8970] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8989] <... set_robust_list resumed>) = 0 [pid 8970] <... futex resumed>) = 0 [pid 8989] rt_sigprocmask(SIG_SETMASK, [], [pid 8970] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8989] open(".", O_RDONLY) = 5 [pid 8989] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8970] <... futex resumed>) = 0 [pid 8989] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8970] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8970] <... futex resumed>) = 0 [pid 8989] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 8970] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8989] <... ioctl resumed>) = 0 [pid 8989] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8970] <... futex resumed>) = 0 [ 222.657717][ T8971] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 8989] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8971] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8971] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8971] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8970] exit_group(0 [pid 8989] <... futex resumed>) = ? [pid 8971] <... futex resumed>) = ? [pid 8970] <... exit_group resumed>) = ? [pid 8989] +++ exited with 0 +++ [pid 8971] +++ exited with 0 +++ [pid 8970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8970, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 222.720851][ T8971] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 222.748122][ T8971] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 8990 attached [pid 8990] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 8990] chdir("./196" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 8990 [pid 8990] <... chdir resumed>) = 0 [pid 8990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 8990] setpgid(0, 0) = 0 [pid 8990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 8990] write(3, "1000", 4) = 4 [pid 8990] close(3) = 0 [pid 8990] symlink("/dev/binderfs", "./binderfs") = 0 [pid 8990] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8990] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 8990] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 8990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 8990] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8990] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8990] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 8991 attached => {parent_tid=[8991]}, 88) = 8991 [pid 8991] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 8990] rt_sigprocmask(SIG_SETMASK, [], [pid 8991] set_robust_list(0x7f0bd5e299a0, 24 [pid 8990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8991] <... set_robust_list resumed>) = 0 [pid 8990] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 8990] <... futex resumed>) = 0 [pid 8991] memfd_create("syzkaller", 0 [pid 8990] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 8991] <... memfd_create resumed>) = 3 [pid 8991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 8991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 8991] munmap(0x7f0bcda09000, 138412032) = 0 [pid 8991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 8991] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 8991] close(3) = 0 [pid 8991] mkdir("./file0", 0777) = 0 [ 223.252393][ T8991] loop0: detected capacity change from 0 to 32768 [ 223.267150][ T8991] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (8991) [ 223.283327][ T8991] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 223.292637][ T8991] BTRFS info (device loop0): force clearing of disk cache [ 223.299810][ T8991] BTRFS info (device loop0): setting nodatasum [ 223.306023][ T8991] BTRFS info (device loop0): allowing degraded mounts [ 223.312895][ T8991] BTRFS info (device loop0): enabling disk space caching [ 223.319969][ T8991] BTRFS info (device loop0): disk space caching is enabled [ 223.338550][ T8991] BTRFS info (device loop0): enabling ssd optimizations [ 223.345788][ T8991] BTRFS info (device loop0): auto enabling async discard [pid 8991] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 8991] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 8991] chdir("./file0") = 0 [pid 8991] ioctl(4, LOOP_CLR_FD) = 0 [pid 8991] close(4) = 0 [pid 8991] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8990] <... futex resumed>) = 0 [pid 8991] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8990] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8990] <... futex resumed>) = 0 [pid 8991] open("./file0", O_RDONLY [pid 8990] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8991] <... open resumed>) = 4 [ 223.353479][ T8991] BTRFS info (device loop0): rebuilding free space tree [ 223.366071][ T8991] BTRFS info (device loop0): disabling free space tree [ 223.372970][ T8991] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 223.382713][ T8991] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 223.396519][ T8991] BTRFS info (device loop0): checking UUID tree [pid 8991] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8990] <... futex resumed>) = 0 [pid 8990] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8991] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 8990] <... futex resumed>) = 0 [pid 8991] <... ioctl resumed>) = 0 [pid 8990] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 8991] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8991] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8990] <... futex resumed>) = 0 [pid 8990] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 8991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8990] <... futex resumed>) = 0 [pid 8991] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 8990] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 8990] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 8990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 8990] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 8990] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 8990] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9010 attached [pid 9010] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 8990] <... clone3 resumed> => {parent_tid=[9010]}, 88) = 9010 [pid 9010] <... rseq resumed>) = 0 [pid 8990] rt_sigprocmask(SIG_SETMASK, [], [pid 9010] set_robust_list(0x7f0bd5e089a0, 24 [pid 8990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 8990] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9010] <... set_robust_list resumed>) = 0 [pid 8990] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9010] open(".", O_RDONLY) = 5 [pid 9010] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8990] <... futex resumed>) = 0 [pid 9010] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8990] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 8990] <... futex resumed>) = 0 [pid 9010] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 223.461049][ T8991] BTRFS info (device loop0): balance: start -d -m [ 223.470240][ T8991] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 223.492792][ T8991] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 8990] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9010] <... ioctl resumed>) = 0 [pid 9010] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 8990] <... futex resumed>) = 0 [ 223.557676][ T8991] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 223.591437][ T8991] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9010] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 8991] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 8991] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 8990] exit_group(0 [pid 8991] <... futex resumed>) = 0 [pid 9010] <... futex resumed>) = ? [pid 8990] <... exit_group resumed>) = ? [pid 9010] +++ exited with 0 +++ [pid 8991] +++ exited with 0 +++ [pid 8990] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8990, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 223.608649][ T8991] BTRFS info (device loop0): balance: ended with status: 0 umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9012 attached [pid 9012] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9012] chdir("./197" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9012 [pid 9012] <... chdir resumed>) = 0 [pid 9012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9012] setpgid(0, 0) = 0 [pid 9012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9012] write(3, "1000", 4) = 4 [pid 9012] close(3) = 0 [pid 9012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9012] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9012] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9012] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9012] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9013 attached [pid 9013] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9012] <... clone3 resumed> => {parent_tid=[9013]}, 88) = 9013 [pid 9013] <... rseq resumed>) = 0 [pid 9013] set_robust_list(0x7f0bd5e299a0, 24 [pid 9012] rt_sigprocmask(SIG_SETMASK, [], [pid 9013] <... set_robust_list resumed>) = 0 [pid 9012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9013] rt_sigprocmask(SIG_SETMASK, [], [pid 9012] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9012] <... futex resumed>) = 0 [pid 9013] memfd_create("syzkaller", 0 [pid 9012] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9013] <... memfd_create resumed>) = 3 [pid 9013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9013] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9013] close(3) = 0 [pid 9013] mkdir("./file0", 0777) = 0 [ 224.117949][ T9013] loop0: detected capacity change from 0 to 32768 [ 224.147983][ T9013] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9013) [ 224.162727][ T9013] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 224.172250][ T9013] BTRFS info (device loop0): force clearing of disk cache [ 224.179434][ T9013] BTRFS info (device loop0): setting nodatasum [ 224.185658][ T9013] BTRFS info (device loop0): allowing degraded mounts [ 224.192429][ T9013] BTRFS info (device loop0): enabling disk space caching [ 224.199551][ T9013] BTRFS info (device loop0): disk space caching is enabled [ 224.218472][ T9013] BTRFS info (device loop0): enabling ssd optimizations [ 224.225707][ T9013] BTRFS info (device loop0): auto enabling async discard [ 224.233563][ T9013] BTRFS info (device loop0): rebuilding free space tree [ 224.244519][ T9013] BTRFS info (device loop0): disabling free space tree [ 224.251410][ T9013] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9013] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9013] chdir("./file0") = 0 [pid 9013] ioctl(4, LOOP_CLR_FD) = 0 [pid 9013] close(4) = 0 [pid 9013] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9012] <... futex resumed>) = 0 [pid 9012] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9012] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9013] open("./file0", O_RDONLY) = 4 [pid 9013] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9012] <... futex resumed>) = 0 [pid 9013] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9012] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9013] <... ioctl resumed>) = 0 [pid 9012] <... futex resumed>) = 0 [pid 9012] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9013] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9012] <... futex resumed>) = 0 [pid 9013] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9012] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9012] <... futex resumed>) = 0 [pid 9013] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 224.261139][ T9013] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 224.273631][ T9013] BTRFS info (device loop0): checking UUID tree [pid 9012] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9012] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9012] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 224.324360][ T9013] BTRFS info (device loop0): balance: start -d -m [ 224.332533][ T9013] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 224.352876][ T9013] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9031]}, 88) = 9031 [pid 9012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9012] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9012] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9031 attached [pid 9031] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9031] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9031] open(".", O_RDONLY) = 5 [pid 9031] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9012] <... futex resumed>) = 0 [pid 9031] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9012] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9012] <... futex resumed>) = 0 [pid 9031] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9012] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9031] <... ioctl resumed>) = 0 [pid 9031] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9012] <... futex resumed>) = 0 [ 224.393451][ T9013] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9031] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9013] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9013] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9012] exit_group(0 [pid 9013] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9031] <... futex resumed>) = ? [pid 9013] <... futex resumed>) = ? [pid 9012] <... exit_group resumed>) = ? [pid 9031] +++ exited with 0 +++ [pid 9013] +++ exited with 0 +++ [pid 9012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9012, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 224.450377][ T9013] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 224.477630][ T9013] BTRFS info (device loop0): balance: ended with status: 0 umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9034 attached , child_tidptr=0x5555570ad690) = 9034 [pid 9034] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9034] chdir("./198") = 0 [pid 9034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9034] setpgid(0, 0) = 0 [pid 9034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9034] write(3, "1000", 4) = 4 [pid 9034] close(3) = 0 [pid 9034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9034] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9034] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9034] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9035 attached [pid 9035] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9034] <... clone3 resumed> => {parent_tid=[9035]}, 88) = 9035 [pid 9035] set_robust_list(0x7f0bd5e299a0, 24 [pid 9034] rt_sigprocmask(SIG_SETMASK, [], [pid 9035] <... set_robust_list resumed>) = 0 [pid 9035] rt_sigprocmask(SIG_SETMASK, [], [pid 9034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9034] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9035] memfd_create("syzkaller", 0 [pid 9034] <... futex resumed>) = 0 [pid 9034] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9035] <... memfd_create resumed>) = 3 [pid 9035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9035] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9035] close(3) = 0 [pid 9035] mkdir("./file0", 0777) = 0 [ 225.016237][ T9035] loop0: detected capacity change from 0 to 32768 [ 225.030546][ T9035] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9035) [ 225.046911][ T9035] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 225.056345][ T9035] BTRFS info (device loop0): force clearing of disk cache [pid 9035] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9035] chdir("./file0") = 0 [pid 9035] ioctl(4, LOOP_CLR_FD) = 0 [pid 9035] close(4) = 0 [pid 9035] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9035] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9034] <... futex resumed>) = 0 [pid 9034] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9035] <... futex resumed>) = 0 [pid 9034] <... futex resumed>) = 1 [pid 9035] open("./file0", O_RDONLY [pid 9034] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9035] <... open resumed>) = 4 [pid 9035] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9034] <... futex resumed>) = 0 [pid 9035] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9034] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9034] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9035] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9035] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9034] <... futex resumed>) = 0 [pid 9035] <... futex resumed>) = 1 [pid 9034] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9035] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9034] <... futex resumed>) = 0 [ 225.063470][ T9035] BTRFS info (device loop0): setting nodatasum [ 225.069783][ T9035] BTRFS info (device loop0): allowing degraded mounts [ 225.076601][ T9035] BTRFS info (device loop0): enabling disk space caching [pid 9034] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9034] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9034] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9053 attached => {parent_tid=[9053]}, 88) = 9053 [pid 9053] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9034] rt_sigprocmask(SIG_SETMASK, [], [pid 9053] <... rseq resumed>) = 0 [pid 9034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9053] set_robust_list(0x7f0bd5e089a0, 24 [pid 9034] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9053] <... set_robust_list resumed>) = 0 [pid 9034] <... futex resumed>) = 0 [pid 9053] rt_sigprocmask(SIG_SETMASK, [], [pid 9034] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9053] open(".", O_RDONLY) = 5 [pid 9053] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9034] <... futex resumed>) = 0 [pid 9053] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9034] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9034] <... futex resumed>) = 0 [pid 9053] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9034] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9053] <... ioctl resumed>) = 0 [pid 9053] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9034] <... futex resumed>) = 0 [pid 9053] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9035] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9035] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9035] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9034] exit_group(0 [pid 9053] <... futex resumed>) = ? [pid 9034] <... exit_group resumed>) = ? [pid 9053] +++ exited with 0 +++ [pid 9035] <... futex resumed>) = ? [pid 9035] +++ exited with 0 +++ [pid 9034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9034, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/binderfs") = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9054 attached , child_tidptr=0x5555570ad690) = 9054 [pid 9054] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9054] chdir("./199") = 0 [pid 9054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9054] setpgid(0, 0) = 0 [pid 9054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9054] write(3, "1000", 4) = 4 [pid 9054] close(3) = 0 [pid 9054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9054] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9054] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9054] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9054] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9055 attached [pid 9055] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9054] <... clone3 resumed> => {parent_tid=[9055]}, 88) = 9055 [pid 9055] set_robust_list(0x7f0bd5e299a0, 24 [pid 9054] rt_sigprocmask(SIG_SETMASK, [], [pid 9055] <... set_robust_list resumed>) = 0 [pid 9054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9055] rt_sigprocmask(SIG_SETMASK, [], [pid 9054] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9055] memfd_create("syzkaller", 0 [pid 9054] <... futex resumed>) = 0 [pid 9054] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9055] <... memfd_create resumed>) = 3 [pid 9055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9055] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9055] close(3) = 0 [pid 9055] mkdir("./file0", 0777) = 0 [ 225.785129][ T9055] loop0: detected capacity change from 0 to 32768 [ 225.798946][ T9055] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9055) [ 225.815031][ T9055] _btrfs_printk: 14 callbacks suppressed [ 225.815047][ T9055] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 225.830000][ T9055] BTRFS info (device loop0): force clearing of disk cache [ 225.837168][ T9055] BTRFS info (device loop0): setting nodatasum [ 225.843333][ T9055] BTRFS info (device loop0): allowing degraded mounts [ 225.850153][ T9055] BTRFS info (device loop0): enabling disk space caching [ 225.857218][ T9055] BTRFS info (device loop0): disk space caching is enabled [ 225.878802][ T9055] BTRFS info (device loop0): enabling ssd optimizations [ 225.886036][ T9055] BTRFS info (device loop0): auto enabling async discard [ 225.894236][ T9055] BTRFS info (device loop0): rebuilding free space tree [ 225.905232][ T9055] BTRFS info (device loop0): disabling free space tree [ 225.912133][ T9055] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 225.921882][ T9055] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9055] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9055] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9055] chdir("./file0") = 0 [pid 9055] ioctl(4, LOOP_CLR_FD) = 0 [pid 9055] close(4) = 0 [pid 9055] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9054] <... futex resumed>) = 0 [pid 9055] open("./file0", O_RDONLY [pid 9054] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9055] <... open resumed>) = 4 [pid 9054] <... futex resumed>) = 0 [pid 9054] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9055] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 225.934853][ T9055] BTRFS info (device loop0): checking UUID tree [pid 9055] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9054] <... futex resumed>) = 0 [pid 9054] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9054] <... futex resumed>) = 0 [pid 9055] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9055] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9054] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9055] <... futex resumed>) = 0 [pid 9054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9054] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9055] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9054] <... futex resumed>) = 0 [pid 9054] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9054] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9054] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9073]}, 88) = 9073 [pid 9054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9054] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9054] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9073 attached [pid 9073] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9073] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9073] open(".", O_RDONLY) = 5 [pid 9073] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9054] <... futex resumed>) = 0 [pid 9054] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9073] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9054] <... futex resumed>) = 0 [ 226.003042][ T9055] BTRFS info (device loop0): balance: start -d -m [ 226.012671][ T9055] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 226.039679][ T9055] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9054] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9073] <... ioctl resumed>) = 0 [pid 9073] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9054] <... futex resumed>) = 0 [pid 9073] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9055] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9055] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9055] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9054] exit_group(0 [pid 9073] <... futex resumed>) = ? [pid 9055] <... futex resumed>) = ? [pid 9073] +++ exited with 0 +++ [pid 9055] +++ exited with 0 +++ [pid 9054] <... exit_group resumed>) = ? [pid 9054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9054, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/binderfs") = 0 [ 226.098642][ T9055] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 226.119937][ T9055] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 226.137235][ T9055] BTRFS info (device loop0): balance: ended with status: 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9074 attached [pid 9074] set_robust_list(0x5555570ad6a0, 24 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9074 [pid 9074] <... set_robust_list resumed>) = 0 [pid 9074] chdir("./200") = 0 [pid 9074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9074] setpgid(0, 0) = 0 [pid 9074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9074] write(3, "1000", 4) = 4 [pid 9074] close(3) = 0 [pid 9074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9074] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9074] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9074] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9075 attached => {parent_tid=[9075]}, 88) = 9075 [pid 9075] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9074] rt_sigprocmask(SIG_SETMASK, [], [pid 9075] set_robust_list(0x7f0bd5e299a0, 24 [pid 9074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9075] <... set_robust_list resumed>) = 0 [pid 9075] rt_sigprocmask(SIG_SETMASK, [], [pid 9074] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9074] <... futex resumed>) = 0 [pid 9074] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9075] memfd_create("syzkaller", 0) = 3 [pid 9075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9075] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9075] close(3) = 0 [pid 9075] mkdir("./file0", 0777) = 0 [ 226.650056][ T9075] loop0: detected capacity change from 0 to 32768 [ 226.664928][ T9075] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9075) [ 226.680592][ T9075] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 226.689944][ T9075] BTRFS info (device loop0): force clearing of disk cache [ 226.697103][ T9075] BTRFS info (device loop0): setting nodatasum [ 226.703268][ T9075] BTRFS info (device loop0): allowing degraded mounts [ 226.710136][ T9075] BTRFS info (device loop0): enabling disk space caching [ 226.717234][ T9075] BTRFS info (device loop0): disk space caching is enabled [ 226.737435][ T9075] BTRFS info (device loop0): enabling ssd optimizations [pid 9075] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9075] chdir("./file0") = 0 [pid 9075] ioctl(4, LOOP_CLR_FD) = 0 [pid 9075] close(4) = 0 [pid 9075] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9074] <... futex resumed>) = 0 [pid 9074] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9075] open("./file0", O_RDONLY [pid 9074] <... futex resumed>) = 0 [pid 9075] <... open resumed>) = 4 [pid 9074] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 226.744488][ T9075] BTRFS info (device loop0): auto enabling async discard [ 226.752328][ T9075] BTRFS info (device loop0): rebuilding free space tree [ 226.763369][ T9075] BTRFS info (device loop0): disabling free space tree [ 226.770327][ T9075] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 226.780057][ T9075] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 226.792844][ T9075] BTRFS info (device loop0): checking UUID tree [pid 9075] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9074] <... futex resumed>) = 0 [pid 9074] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9075] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9074] <... futex resumed>) = 0 [pid 9075] <... ioctl resumed>) = 0 [pid 9074] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9075] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9074] <... futex resumed>) = 0 [pid 9075] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9074] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9074] <... futex resumed>) = 0 [pid 9075] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9074] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9074] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9074] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9093 attached [pid 9093] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9074] <... clone3 resumed> => {parent_tid=[9093]}, 88) = 9093 [pid 9093] <... rseq resumed>) = 0 [pid 9074] rt_sigprocmask(SIG_SETMASK, [], [pid 9093] set_robust_list(0x7f0bd5e089a0, 24 [pid 9074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9093] <... set_robust_list resumed>) = 0 [pid 9074] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9093] rt_sigprocmask(SIG_SETMASK, [], [pid 9074] <... futex resumed>) = 0 [pid 9093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9074] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9093] open(".", O_RDONLY) = 5 [pid 9093] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9074] <... futex resumed>) = 0 [pid 9093] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9074] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9074] <... futex resumed>) = 0 [pid 9093] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 226.839433][ T9075] BTRFS info (device loop0): balance: start -d -m [ 226.847581][ T9075] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 226.875299][ T9075] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9074] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9093] <... ioctl resumed>) = 0 [pid 9093] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9074] <... futex resumed>) = 0 [pid 9093] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9075] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 9075] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9075] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9074] exit_group(0 [pid 9093] <... futex resumed>) = ? [pid 9075] <... futex resumed>) = ? [pid 9074] <... exit_group resumed>) = ? [pid 9093] +++ exited with 0 +++ [pid 9075] +++ exited with 0 +++ [pid 9074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9074, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 226.938921][ T9075] BTRFS info (device loop0): 1 enospc errors during balance [ 226.946333][ T9075] BTRFS info (device loop0): balance: ended with status: -28 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9094 attached , child_tidptr=0x5555570ad690) = 9094 [pid 9094] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9094] chdir("./201") = 0 [pid 9094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9094] setpgid(0, 0) = 0 [pid 9094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9094] write(3, "1000", 4) = 4 [pid 9094] close(3) = 0 [pid 9094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9094] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9094] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9094] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9095 attached => {parent_tid=[9095]}, 88) = 9095 [pid 9094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9095] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9094] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9094] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9095] <... rseq resumed>) = 0 [pid 9095] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9095] memfd_create("syzkaller", 0) = 3 [pid 9095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9095] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9095] close(3) = 0 [pid 9095] mkdir("./file0", 0777) = 0 [ 227.484688][ T9095] loop0: detected capacity change from 0 to 32768 [ 227.504801][ T9095] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9095) [ 227.522124][ T9095] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 227.531851][ T9095] BTRFS info (device loop0): force clearing of disk cache [ 227.539121][ T9095] BTRFS info (device loop0): setting nodatasum [ 227.545453][ T9095] BTRFS info (device loop0): allowing degraded mounts [ 227.552231][ T9095] BTRFS info (device loop0): enabling disk space caching [ 227.559364][ T9095] BTRFS info (device loop0): disk space caching is enabled [ 227.588867][ T9095] BTRFS info (device loop0): enabling ssd optimizations [ 227.595917][ T9095] BTRFS info (device loop0): auto enabling async discard [ 227.604002][ T9095] BTRFS info (device loop0): rebuilding free space tree [ 227.615034][ T9095] BTRFS info (device loop0): disabling free space tree [ 227.621947][ T9095] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9095] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9095] chdir("./file0") = 0 [pid 9095] ioctl(4, LOOP_CLR_FD) = 0 [pid 9095] close(4) = 0 [pid 9095] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9094] <... futex resumed>) = 0 [pid 9095] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9094] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9094] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9095] open("./file0", O_RDONLY) = 4 [pid 9095] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9094] <... futex resumed>) = 0 [pid 9095] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9094] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9094] <... futex resumed>) = 0 [pid 9095] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9094] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9095] <... ioctl resumed>) = 0 [pid 9095] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9094] <... futex resumed>) = 0 [pid 9094] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9095] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9094] <... futex resumed>) = 0 [ 227.631801][ T9095] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 227.644656][ T9095] BTRFS info (device loop0): checking UUID tree [pid 9094] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9094] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9094] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9113]}, 88) = 9113 ./strace-static-x86_64: Process 9113 attached [pid 9113] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9094] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9094] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9113] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9113] open(".", O_RDONLY) = 5 [pid 9113] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9094] <... futex resumed>) = 0 [pid 9113] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9094] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9113] <... futex resumed>) = 0 [pid 9094] <... futex resumed>) = 1 [pid 9113] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 227.699015][ T9095] BTRFS info (device loop0): balance: start -d -m [ 227.710363][ T9095] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 227.734210][ T9095] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9094] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9113] <... ioctl resumed>) = 0 [pid 9113] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9094] <... futex resumed>) = 0 [pid 9113] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9095] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9095] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9095] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9094] exit_group(0 [pid 9113] <... futex resumed>) = ? [pid 9113] +++ exited with 0 +++ [pid 9095] <... futex resumed>) = ? [pid 9094] <... exit_group resumed>) = ? [pid 9095] +++ exited with 0 +++ [pid 9094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9094, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 227.813342][ T9095] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 227.834392][ T9095] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 227.851695][ T9095] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9114 attached [pid 9114] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9114] chdir("./202") = 0 [pid 9114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9114 [pid 9114] setpgid(0, 0) = 0 [pid 9114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9114] write(3, "1000", 4) = 4 [pid 9114] close(3) = 0 [pid 9114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9114] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9114] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9114] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9115 attached [pid 9115] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9114] <... clone3 resumed> => {parent_tid=[9115]}, 88) = 9115 [pid 9115] <... rseq resumed>) = 0 [pid 9114] rt_sigprocmask(SIG_SETMASK, [], [pid 9115] set_robust_list(0x7f0bd5e299a0, 24 [pid 9114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9115] <... set_robust_list resumed>) = 0 [pid 9114] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9114] <... futex resumed>) = 0 [pid 9114] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9115] memfd_create("syzkaller", 0) = 3 [pid 9115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9115] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9115] close(3) = 0 [pid 9115] mkdir("./file0", 0777) = 0 [ 228.387614][ T9115] loop0: detected capacity change from 0 to 32768 [ 228.401062][ T9115] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9115) [ 228.416841][ T9115] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 228.426186][ T9115] BTRFS info (device loop0): force clearing of disk cache [ 228.433319][ T9115] BTRFS info (device loop0): setting nodatasum [ 228.439542][ T9115] BTRFS info (device loop0): allowing degraded mounts [ 228.446347][ T9115] BTRFS info (device loop0): enabling disk space caching [ 228.453423][ T9115] BTRFS info (device loop0): disk space caching is enabled [ 228.471983][ T9115] BTRFS info (device loop0): enabling ssd optimizations [ 228.479054][ T9115] BTRFS info (device loop0): auto enabling async discard [pid 9115] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9115] chdir("./file0") = 0 [pid 9115] ioctl(4, LOOP_CLR_FD) = 0 [pid 9115] close(4) = 0 [pid 9115] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9114] <... futex resumed>) = 0 [pid 9115] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9114] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9114] <... futex resumed>) = 0 [ 228.487768][ T9115] BTRFS info (device loop0): rebuilding free space tree [ 228.498600][ T9115] BTRFS info (device loop0): disabling free space tree [ 228.505613][ T9115] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 228.517038][ T9115] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 228.529765][ T9115] BTRFS info (device loop0): checking UUID tree [pid 9115] open("./file0", O_RDONLY [pid 9114] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9115] <... open resumed>) = 4 [pid 9115] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9114] <... futex resumed>) = 0 [pid 9114] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9115] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9114] <... futex resumed>) = 0 [pid 9115] <... ioctl resumed>) = 0 [pid 9114] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9115] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9114] <... futex resumed>) = 0 [pid 9115] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9114] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9115] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9114] <... futex resumed>) = 0 [pid 9114] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9114] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9114] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9133]}, 88) = 9133 [pid 9114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 9133 attached [pid 9114] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9133] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9114] <... futex resumed>) = 0 [pid 9133] <... rseq resumed>) = 0 [pid 9114] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9133] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9133] open(".", O_RDONLY) = 5 [pid 9133] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9133] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9114] <... futex resumed>) = 0 [pid 9133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9114] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9133] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9114] <... futex resumed>) = 0 [ 228.591232][ T9115] BTRFS info (device loop0): balance: start -d -m [ 228.600313][ T9115] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 228.625632][ T9115] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9114] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9133] <... ioctl resumed>) = 0 [pid 9133] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9133] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9114] <... futex resumed>) = 0 [pid 9115] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9115] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9114] exit_group(0 [pid 9115] <... futex resumed>) = ? [pid 9114] <... exit_group resumed>) = ? [pid 9133] <... futex resumed>) = ? [pid 9133] +++ exited with 0 +++ [pid 9115] +++ exited with 0 +++ [pid 9114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9114, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 228.700644][ T9115] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 228.721531][ T9115] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 228.739043][ T9115] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9134 attached [pid 9134] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9134] chdir("./203") = 0 [pid 9134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9134 [pid 9134] setpgid(0, 0) = 0 [pid 9134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9134] write(3, "1000", 4) = 4 [pid 9134] close(3) = 0 [pid 9134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9134] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9134] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9134] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9135 attached [pid 9135] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9135] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9135] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9134] <... clone3 resumed> => {parent_tid=[9135]}, 88) = 9135 [pid 9134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9134] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9135] <... futex resumed>) = 0 [pid 9134] <... futex resumed>) = 1 [pid 9135] memfd_create("syzkaller", 0 [pid 9134] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9135] <... memfd_create resumed>) = 3 [pid 9135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9135] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9135] close(3) = 0 [pid 9135] mkdir("./file0", 0777) = 0 [ 229.247326][ T9135] loop0: detected capacity change from 0 to 32768 [ 229.267059][ T9135] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9135) [ 229.282422][ T9135] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 229.291849][ T9135] BTRFS info (device loop0): force clearing of disk cache [ 229.299045][ T9135] BTRFS info (device loop0): setting nodatasum [ 229.305294][ T9135] BTRFS info (device loop0): allowing degraded mounts [ 229.312092][ T9135] BTRFS info (device loop0): enabling disk space caching [ 229.319359][ T9135] BTRFS info (device loop0): disk space caching is enabled [ 229.339790][ T9135] BTRFS info (device loop0): enabling ssd optimizations [ 229.346853][ T9135] BTRFS info (device loop0): auto enabling async discard [ 229.354974][ T9135] BTRFS info (device loop0): rebuilding free space tree [ 229.366130][ T9135] BTRFS info (device loop0): disabling free space tree [ 229.373051][ T9135] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 229.382824][ T9135] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9135] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9135] chdir("./file0") = 0 [pid 9135] ioctl(4, LOOP_CLR_FD) = 0 [pid 9135] close(4) = 0 [pid 9135] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9134] <... futex resumed>) = 0 [pid 9135] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9134] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9134] <... futex resumed>) = 0 [pid 9134] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9135] open("./file0", O_RDONLY) = 4 [ 229.396105][ T9135] BTRFS info (device loop0): checking UUID tree [pid 9135] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9134] <... futex resumed>) = 0 [pid 9134] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9135] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9134] <... futex resumed>) = 0 [pid 9135] <... ioctl resumed>) = 0 [pid 9134] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9135] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9134] <... futex resumed>) = 0 [pid 9134] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9135] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9134] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9134] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9134] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9153]}, 88) = 9153 [pid 9134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9134] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9134] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9153 attached [ 229.458696][ T9135] BTRFS info (device loop0): balance: start -d -m [ 229.468435][ T9135] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 229.493799][ T9135] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9153] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9153] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9153] open(".", O_RDONLY) = 5 [pid 9153] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9153] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9134] <... futex resumed>) = 0 [pid 9134] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9153] <... futex resumed>) = 0 [pid 9134] <... futex resumed>) = 1 [pid 9153] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9134] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9153] <... ioctl resumed>) = 0 [pid 9153] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9134] <... futex resumed>) = 0 [pid 9153] <... futex resumed>) = 1 [pid 9153] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9135] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9135] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9135] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9134] exit_group(0 [pid 9153] <... futex resumed>) = ? [pid 9135] <... futex resumed>) = ? [pid 9134] <... exit_group resumed>) = ? [pid 9153] +++ exited with 0 +++ [pid 9135] +++ exited with 0 +++ [pid 9134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9134, si_uid=0, si_status=0, si_utime=0, si_stime=40 /* 0.40 s */} --- [ 229.567887][ T9135] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 229.588990][ T9135] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 229.606524][ T9135] BTRFS info (device loop0): balance: ended with status: 0 umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/binderfs") = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9154 attached , child_tidptr=0x5555570ad690) = 9154 [pid 9154] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9154] chdir("./204") = 0 [pid 9154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9154] setpgid(0, 0) = 0 [pid 9154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9154] write(3, "1000", 4) = 4 [pid 9154] close(3) = 0 [pid 9154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9154] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9154] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9154] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9155 attached [pid 9155] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9154] <... clone3 resumed> => {parent_tid=[9155]}, 88) = 9155 [pid 9155] set_robust_list(0x7f0bd5e299a0, 24 [pid 9154] rt_sigprocmask(SIG_SETMASK, [], [pid 9155] <... set_robust_list resumed>) = 0 [pid 9155] rt_sigprocmask(SIG_SETMASK, [], [pid 9154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9154] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9155] memfd_create("syzkaller", 0 [pid 9154] <... futex resumed>) = 0 [pid 9154] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9155] <... memfd_create resumed>) = 3 [pid 9155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9155] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9155] close(3) = 0 [pid 9155] mkdir("./file0", 0777) = 0 [ 230.122050][ T9155] loop0: detected capacity change from 0 to 32768 [ 230.131916][ T9155] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9155) [ 230.148606][ T9155] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 230.157901][ T9155] BTRFS info (device loop0): force clearing of disk cache [ 230.165153][ T9155] BTRFS info (device loop0): setting nodatasum [pid 9155] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9155] chdir("./file0") = 0 [pid 9155] ioctl(4, LOOP_CLR_FD) = 0 [ 230.171314][ T9155] BTRFS info (device loop0): allowing degraded mounts [ 230.178145][ T9155] BTRFS info (device loop0): enabling disk space caching [ 230.185273][ T9155] BTRFS info (device loop0): disk space caching is enabled [pid 9155] close(4) = 0 [pid 9155] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9155] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9154] <... futex resumed>) = 0 [pid 9154] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9155] <... futex resumed>) = 0 [pid 9154] <... futex resumed>) = 1 [pid 9155] open("./file0", O_RDONLY [pid 9154] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9155] <... open resumed>) = 4 [pid 9155] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9154] <... futex resumed>) = 0 [pid 9154] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9155] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9154] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9155] <... ioctl resumed>) = 0 [pid 9155] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9154] <... futex resumed>) = 0 [pid 9154] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9155] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9154] <... futex resumed>) = 0 [pid 9154] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9154] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9154] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9173 attached => {parent_tid=[9173]}, 88) = 9173 [pid 9173] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9154] rt_sigprocmask(SIG_SETMASK, [], [pid 9173] <... rseq resumed>) = 0 [pid 9154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9173] set_robust_list(0x7f0bd5e089a0, 24 [pid 9154] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9173] <... set_robust_list resumed>) = 0 [pid 9173] rt_sigprocmask(SIG_SETMASK, [], [pid 9154] <... futex resumed>) = 0 [pid 9173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9154] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9173] open(".", O_RDONLY) = 5 [pid 9173] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9154] <... futex resumed>) = 0 [pid 9173] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9154] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9154] <... futex resumed>) = 0 [pid 9173] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9154] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9173] <... ioctl resumed>) = 0 [pid 9173] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9154] <... futex resumed>) = 0 [pid 9173] <... futex resumed>) = 1 [pid 9173] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9155] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9155] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9155] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9154] exit_group(0 [pid 9173] <... futex resumed>) = ? [pid 9155] <... futex resumed>) = ? [pid 9154] <... exit_group resumed>) = ? [pid 9173] +++ exited with 0 +++ [pid 9155] +++ exited with 0 +++ [pid 9154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9154, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=21 /* 0.21 s */} --- umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9174 attached [pid 9174] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9174] chdir("./205") = 0 [pid 9174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9174 [pid 9174] setpgid(0, 0) = 0 [pid 9174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9174] write(3, "1000", 4) = 4 [pid 9174] close(3) = 0 [pid 9174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9174] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9174] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9174] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9175 attached [pid 9175] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9174] <... clone3 resumed> => {parent_tid=[9175]}, 88) = 9175 [pid 9175] set_robust_list(0x7f0bd5e299a0, 24 [pid 9174] rt_sigprocmask(SIG_SETMASK, [], [pid 9175] <... set_robust_list resumed>) = 0 [pid 9174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9175] rt_sigprocmask(SIG_SETMASK, [], [pid 9174] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9174] <... futex resumed>) = 0 [pid 9175] memfd_create("syzkaller", 0 [pid 9174] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9175] <... memfd_create resumed>) = 3 [pid 9175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9175] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9175] close(3) = 0 [pid 9175] mkdir("./file0", 0777) = 0 [ 230.955819][ T9175] loop0: detected capacity change from 0 to 32768 [ 230.970161][ T9175] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9175) [ 230.986756][ T9175] _btrfs_printk: 13 callbacks suppressed [ 230.986772][ T9175] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 231.001747][ T9175] BTRFS info (device loop0): force clearing of disk cache [ 231.008936][ T9175] BTRFS info (device loop0): setting nodatasum [ 231.015158][ T9175] BTRFS info (device loop0): allowing degraded mounts [ 231.021931][ T9175] BTRFS info (device loop0): enabling disk space caching [ 231.028999][ T9175] BTRFS info (device loop0): disk space caching is enabled [ 231.048507][ T9175] BTRFS info (device loop0): enabling ssd optimizations [ 231.055606][ T9175] BTRFS info (device loop0): auto enabling async discard [ 231.063311][ T9175] BTRFS info (device loop0): rebuilding free space tree [ 231.074468][ T9175] BTRFS info (device loop0): disabling free space tree [ 231.081374][ T9175] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 231.091093][ T9175] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9175] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9175] chdir("./file0") = 0 [pid 9175] ioctl(4, LOOP_CLR_FD) = 0 [pid 9175] close(4) = 0 [pid 9175] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9175] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9174] <... futex resumed>) = 0 [pid 9174] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9175] <... futex resumed>) = 0 [pid 9174] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 231.103629][ T9175] BTRFS info (device loop0): checking UUID tree [pid 9175] open("./file0", O_RDONLY) = 4 [pid 9175] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9175] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9174] <... futex resumed>) = 0 [pid 9174] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9175] <... futex resumed>) = 0 [pid 9174] <... futex resumed>) = 1 [pid 9175] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9174] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9175] <... ioctl resumed>) = 0 [pid 9175] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9174] <... futex resumed>) = 0 [pid 9175] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9174] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9174] <... futex resumed>) = 0 [pid 9175] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9174] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9174] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9174] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9193 attached => {parent_tid=[9193]}, 88) = 9193 [pid 9193] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9193] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9193] rt_sigprocmask(SIG_SETMASK, [], [pid 9174] rt_sigprocmask(SIG_SETMASK, [], [pid 9193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9193] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9174] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9193] <... futex resumed>) = 0 [pid 9174] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9193] open(".", O_RDONLY) = 5 [pid 9193] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9174] <... futex resumed>) = 0 [pid 9193] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9174] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9174] <... futex resumed>) = 0 [pid 9193] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 231.153995][ T9175] BTRFS info (device loop0): balance: start -d -m [ 231.161760][ T9175] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 231.185942][ T9175] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9174] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9193] <... ioctl resumed>) = 0 [pid 9193] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9174] <... futex resumed>) = 0 [ 231.250617][ T9175] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 231.289939][ T9175] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9193] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9175] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9175] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9174] exit_group(0 [pid 9193] <... futex resumed>) = ? [pid 9175] <... futex resumed>) = ? [pid 9174] <... exit_group resumed>) = ? [pid 9193] +++ exited with 0 +++ [pid 9175] +++ exited with 0 +++ [pid 9174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9174, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 [ 231.307164][ T9175] BTRFS info (device loop0): balance: ended with status: 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9194 attached [pid 9194] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9194] chdir("./206") = 0 [pid 9194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9194 [pid 9194] setpgid(0, 0) = 0 [pid 9194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9194] write(3, "1000", 4) = 4 [pid 9194] close(3) = 0 [pid 9194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9194] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9194] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9194] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9195 attached [pid 9195] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9194] <... clone3 resumed> => {parent_tid=[9195]}, 88) = 9195 [pid 9195] <... rseq resumed>) = 0 [pid 9194] rt_sigprocmask(SIG_SETMASK, [], [pid 9195] set_robust_list(0x7f0bd5e299a0, 24 [pid 9194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9195] <... set_robust_list resumed>) = 0 [pid 9195] rt_sigprocmask(SIG_SETMASK, [], [pid 9194] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9194] <... futex resumed>) = 0 [pid 9195] memfd_create("syzkaller", 0 [pid 9194] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9195] <... memfd_create resumed>) = 3 [pid 9195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9195] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9195] close(3) = 0 [pid 9195] mkdir("./file0", 0777) = 0 [ 231.734990][ T9195] loop0: detected capacity change from 0 to 32768 [ 231.751799][ T9195] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9195) [ 231.768320][ T9195] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 231.777689][ T9195] BTRFS info (device loop0): force clearing of disk cache [ 231.785012][ T9195] BTRFS info (device loop0): setting nodatasum [ 231.791197][ T9195] BTRFS info (device loop0): allowing degraded mounts [ 231.798127][ T9195] BTRFS info (device loop0): enabling disk space caching [ 231.805305][ T9195] BTRFS info (device loop0): disk space caching is enabled [ 231.824971][ T9195] BTRFS info (device loop0): enabling ssd optimizations [ 231.831982][ T9195] BTRFS info (device loop0): auto enabling async discard [ 231.840432][ T9195] BTRFS info (device loop0): rebuilding free space tree [ 231.851359][ T9195] BTRFS info (device loop0): disabling free space tree [ 231.858325][ T9195] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 231.868019][ T9195] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9195] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9195] chdir("./file0") = 0 [pid 9195] ioctl(4, LOOP_CLR_FD) = 0 [ 231.880547][ T9195] BTRFS info (device loop0): checking UUID tree [pid 9195] close(4) = 0 [pid 9195] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9194] <... futex resumed>) = 0 [pid 9195] open("./file0", O_RDONLY [pid 9194] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9194] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9195] <... open resumed>) = 4 [pid 9195] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9194] <... futex resumed>) = 0 [pid 9194] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9195] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9194] <... futex resumed>) = 0 [pid 9195] <... ioctl resumed>) = 0 [pid 9194] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9195] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9194] <... futex resumed>) = 0 [pid 9195] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9194] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9194] <... futex resumed>) = 0 [pid 9195] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9194] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9194] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9194] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9213]}, 88) = 9213 [pid 9194] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 9213 attached [pid 9213] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9194] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9194] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9213] <... rseq resumed>) = 0 [pid 9213] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9213] open(".", O_RDONLY) = 5 [ 231.951224][ T9195] BTRFS info (device loop0): balance: start -d -m [ 231.959064][ T9195] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 231.981926][ T9195] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9213] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9194] <... futex resumed>) = 0 [pid 9194] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9194] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9213] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [ 232.027808][ T9195] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9213] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9194] <... futex resumed>) = 0 [pid 9213] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9195] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9195] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9195] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9194] exit_group(0 [pid 9213] <... futex resumed>) = ? [pid 9195] <... futex resumed>) = ? [pid 9194] <... exit_group resumed>) = ? [pid 9213] +++ exited with 0 +++ [pid 9195] +++ exited with 0 +++ [pid 9194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9194, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 [ 232.074846][ T9195] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 232.098160][ T9195] BTRFS info (device loop0): balance: ended with status: 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9214 attached [pid 9214] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9214] chdir("./207") = 0 [pid 9214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9214 [pid 9214] setpgid(0, 0) = 0 [pid 9214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9214] write(3, "1000", 4) = 4 [pid 9214] close(3) = 0 [pid 9214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9214] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9214] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9214] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9215 attached => {parent_tid=[9215]}, 88) = 9215 [pid 9214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9214] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9214] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9215] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9215] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9215] memfd_create("syzkaller", 0) = 3 [pid 9215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9215] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9215] close(3) = 0 [pid 9215] mkdir("./file0", 0777) = 0 [ 232.572601][ T9215] loop0: detected capacity change from 0 to 32768 [ 232.586553][ T9215] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9215) [ 232.602144][ T9215] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 232.611485][ T9215] BTRFS info (device loop0): force clearing of disk cache [ 232.618689][ T9215] BTRFS info (device loop0): setting nodatasum [ 232.624905][ T9215] BTRFS info (device loop0): allowing degraded mounts [ 232.631703][ T9215] BTRFS info (device loop0): enabling disk space caching [ 232.638806][ T9215] BTRFS info (device loop0): disk space caching is enabled [ 232.658463][ T9215] BTRFS info (device loop0): enabling ssd optimizations [ 232.665791][ T9215] BTRFS info (device loop0): auto enabling async discard [pid 9215] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9215] chdir("./file0") = 0 [pid 9215] ioctl(4, LOOP_CLR_FD) = 0 [pid 9215] close(4) = 0 [ 232.673668][ T9215] BTRFS info (device loop0): rebuilding free space tree [ 232.685588][ T9215] BTRFS info (device loop0): disabling free space tree [ 232.692538][ T9215] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 232.702254][ T9215] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 232.714898][ T9215] BTRFS info (device loop0): checking UUID tree [pid 9215] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9214] <... futex resumed>) = 0 [pid 9214] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9215] open("./file0", O_RDONLY [pid 9214] <... futex resumed>) = 0 [pid 9214] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9215] <... open resumed>) = 4 [pid 9215] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9215] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9214] <... futex resumed>) = 0 [pid 9214] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9215] <... futex resumed>) = 0 [pid 9214] <... futex resumed>) = 1 [pid 9215] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9214] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9215] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9215] <... futex resumed>) = 0 [pid 9215] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9214] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9214] <... futex resumed>) = 0 [pid 9215] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9214] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9214] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9214] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9233]}, 88) = 9233 ./strace-static-x86_64: Process 9233 attached [pid 9214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9214] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9214] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9233] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9233] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9233] open(".", O_RDONLY) = 5 [pid 9233] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9214] <... futex resumed>) = 0 [pid 9233] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9214] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9233] <... futex resumed>) = 0 [pid 9233] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 232.765239][ T9215] BTRFS info (device loop0): balance: start -d -m [ 232.774451][ T9215] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 232.796295][ T9215] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9214] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9233] <... ioctl resumed>) = 0 [pid 9233] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9214] <... futex resumed>) = 0 [ 232.866185][ T9215] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 232.903612][ T9215] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9233] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9215] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9215] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9215] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9214] exit_group(0 [pid 9233] <... futex resumed>) = ? [pid 9214] <... exit_group resumed>) = ? [pid 9233] +++ exited with 0 +++ [pid 9215] <... futex resumed>) = ? [pid 9215] +++ exited with 0 +++ [pid 9214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9214, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 [ 232.929178][ T9215] BTRFS info (device loop0): balance: ended with status: 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9234 attached , child_tidptr=0x5555570ad690) = 9234 [pid 9234] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9234] chdir("./208") = 0 [pid 9234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9234] setpgid(0, 0) = 0 [pid 9234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9234] write(3, "1000", 4) = 4 [pid 9234] close(3) = 0 [pid 9234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9234] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9234] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9234] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9235 attached [pid 9235] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9234] <... clone3 resumed> => {parent_tid=[9235]}, 88) = 9235 [pid 9235] set_robust_list(0x7f0bd5e299a0, 24 [pid 9234] rt_sigprocmask(SIG_SETMASK, [], [pid 9235] <... set_robust_list resumed>) = 0 [pid 9235] rt_sigprocmask(SIG_SETMASK, [], [pid 9234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9234] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9235] memfd_create("syzkaller", 0 [pid 9234] <... futex resumed>) = 0 [pid 9234] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9235] <... memfd_create resumed>) = 3 [pid 9235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9235] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9235] close(3) = 0 [pid 9235] mkdir("./file0", 0777) = 0 [ 233.384849][ T9235] loop0: detected capacity change from 0 to 32768 [ 233.399757][ T9235] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9235) [ 233.415397][ T9235] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 233.424728][ T9235] BTRFS info (device loop0): force clearing of disk cache [ 233.431864][ T9235] BTRFS info (device loop0): setting nodatasum [ 233.438169][ T9235] BTRFS info (device loop0): allowing degraded mounts [ 233.445063][ T9235] BTRFS info (device loop0): enabling disk space caching [ 233.452316][ T9235] BTRFS info (device loop0): disk space caching is enabled [ 233.483109][ T9235] BTRFS info (device loop0): enabling ssd optimizations [ 233.490247][ T9235] BTRFS info (device loop0): auto enabling async discard [ 233.498130][ T9235] BTRFS info (device loop0): rebuilding free space tree [ 233.509021][ T9235] BTRFS info (device loop0): disabling free space tree [ 233.516016][ T9235] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9235] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9235] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9235] chdir("./file0") = 0 [pid 9235] ioctl(4, LOOP_CLR_FD) = 0 [pid 9235] close(4) = 0 [pid 9235] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9235] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9234] <... futex resumed>) = 0 [pid 9234] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9235] <... futex resumed>) = 0 [ 233.525746][ T9235] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 233.538434][ T9235] BTRFS info (device loop0): checking UUID tree [pid 9234] <... futex resumed>) = 1 [pid 9235] open("./file0", O_RDONLY) = 4 [pid 9234] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9235] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9234] <... futex resumed>) = 0 [pid 9234] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9235] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9234] <... futex resumed>) = 0 [pid 9235] <... ioctl resumed>) = 0 [pid 9234] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9235] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9234] <... futex resumed>) = 0 [pid 9235] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9234] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9234] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9234] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9234] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9253 attached [pid 9253] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9234] <... clone3 resumed> => {parent_tid=[9253]}, 88) = 9253 [pid 9253] <... rseq resumed>) = 0 [pid 9234] rt_sigprocmask(SIG_SETMASK, [], [pid 9253] set_robust_list(0x7f0bd5e089a0, 24 [pid 9234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9253] <... set_robust_list resumed>) = 0 [pid 9234] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9253] rt_sigprocmask(SIG_SETMASK, [], [pid 9234] <... futex resumed>) = 0 [pid 9253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9253] open(".", O_RDONLY [pid 9234] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9253] <... open resumed>) = 5 [pid 9253] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9234] <... futex resumed>) = 0 [pid 9253] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 233.640858][ T9235] BTRFS info (device loop0): balance: start -d -m [ 233.649645][ T9235] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 233.673203][ T9235] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9234] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9253] <... futex resumed>) = 0 [pid 9253] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9234] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9253] <... ioctl resumed>) = 0 [pid 9253] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9234] <... futex resumed>) = 0 [ 233.711308][ T9235] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 233.746195][ T9235] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9253] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9235] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9235] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9235] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9234] exit_group(0 [pid 9253] <... futex resumed>) = ? [pid 9235] <... futex resumed>) = ? [pid 9253] +++ exited with 0 +++ [pid 9235] +++ exited with 0 +++ [pid 9234] <... exit_group resumed>) = ? [pid 9234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9234, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 [ 233.764456][ T9235] BTRFS info (device loop0): balance: ended with status: 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9254 attached , child_tidptr=0x5555570ad690) = 9254 [pid 9254] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9254] chdir("./209") = 0 [pid 9254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9254] setpgid(0, 0) = 0 [pid 9254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9254] write(3, "1000", 4) = 4 [pid 9254] close(3) = 0 [pid 9254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9254] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9254] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9254] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9255 attached [pid 9255] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9254] <... clone3 resumed> => {parent_tid=[9255]}, 88) = 9255 [pid 9255] <... rseq resumed>) = 0 [pid 9254] rt_sigprocmask(SIG_SETMASK, [], [pid 9255] set_robust_list(0x7f0bd5e299a0, 24 [pid 9254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9255] <... set_robust_list resumed>) = 0 [pid 9254] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9255] rt_sigprocmask(SIG_SETMASK, [], [pid 9254] <... futex resumed>) = 0 [pid 9255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9254] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9255] memfd_create("syzkaller", 0) = 3 [pid 9255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9255] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9255] close(3) = 0 [pid 9255] mkdir("./file0", 0777) = 0 [ 234.303768][ T9255] loop0: detected capacity change from 0 to 32768 [ 234.318199][ T9255] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9255) [ 234.333240][ T9255] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 234.342616][ T9255] BTRFS info (device loop0): force clearing of disk cache [ 234.349808][ T9255] BTRFS info (device loop0): setting nodatasum [ 234.356061][ T9255] BTRFS info (device loop0): allowing degraded mounts [ 234.362851][ T9255] BTRFS info (device loop0): enabling disk space caching [ 234.369966][ T9255] BTRFS info (device loop0): disk space caching is enabled [ 234.388567][ T9255] BTRFS info (device loop0): enabling ssd optimizations [ 234.395703][ T9255] BTRFS info (device loop0): auto enabling async discard [pid 9255] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9255] chdir("./file0") = 0 [pid 9255] ioctl(4, LOOP_CLR_FD) = 0 [pid 9255] close(4) = 0 [pid 9255] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9254] <... futex resumed>) = 0 [pid 9255] <... futex resumed>) = 1 [pid 9254] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9255] open("./file0", O_RDONLY [pid 9254] <... futex resumed>) = 0 [pid 9255] <... open resumed>) = 4 [pid 9254] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9255] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9254] <... futex resumed>) = 0 [pid 9255] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9254] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9255] <... ioctl resumed>) = 0 [pid 9254] <... futex resumed>) = 0 [pid 9254] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9255] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9254] <... futex resumed>) = 0 [pid 9255] <... futex resumed>) = 1 [pid 9254] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [ 234.403603][ T9255] BTRFS info (device loop0): rebuilding free space tree [ 234.416377][ T9255] BTRFS info (device loop0): disabling free space tree [ 234.423540][ T9255] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 234.433919][ T9255] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 234.446799][ T9255] BTRFS info (device loop0): checking UUID tree [pid 9255] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9254] <... futex resumed>) = 0 [pid 9254] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9254] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9254] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9273 attached [pid 9273] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9254] <... clone3 resumed> => {parent_tid=[9273]}, 88) = 9273 [pid 9273] <... rseq resumed>) = 0 [pid 9254] rt_sigprocmask(SIG_SETMASK, [], [pid 9273] set_robust_list(0x7f0bd5e089a0, 24 [pid 9254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9273] <... set_robust_list resumed>) = 0 [pid 9254] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9273] rt_sigprocmask(SIG_SETMASK, [], [pid 9254] <... futex resumed>) = 0 [pid 9273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9254] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9273] open(".", O_RDONLY) = 5 [pid 9273] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9254] <... futex resumed>) = 0 [pid 9273] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9254] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9254] <... futex resumed>) = 0 [pid 9273] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 234.487869][ T9255] BTRFS info (device loop0): balance: start -d -m [ 234.495727][ T9255] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 234.523263][ T9255] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9254] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9254] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 9273] <... ioctl resumed>) = 0 [pid 9273] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 234.595224][ T9255] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9273] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9255] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9255] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9255] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9254] exit_group(0 [pid 9273] <... futex resumed>) = ? [pid 9255] <... futex resumed>) = ? [pid 9254] <... exit_group resumed>) = ? [pid 9273] +++ exited with 0 +++ [pid 9255] +++ exited with 0 +++ [pid 9254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9254, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 [ 234.640433][ T9255] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 234.658883][ T9255] BTRFS info (device loop0): balance: ended with status: 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9274 attached , child_tidptr=0x5555570ad690) = 9274 [pid 9274] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9274] chdir("./210") = 0 [pid 9274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9274] setpgid(0, 0) = 0 [pid 9274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9274] write(3, "1000", 4) = 4 [pid 9274] close(3) = 0 [pid 9274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9274] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9274] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9274] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9274] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9275 attached => {parent_tid=[9275]}, 88) = 9275 [pid 9274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9274] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9275] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9274] <... futex resumed>) = 0 [pid 9274] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9275] <... rseq resumed>) = 0 [pid 9275] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9275] memfd_create("syzkaller", 0) = 3 [pid 9275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9275] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9275] close(3) = 0 [pid 9275] mkdir("./file0", 0777) = 0 [ 235.133796][ T9275] loop0: detected capacity change from 0 to 32768 [ 235.143554][ T9275] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9275) [ 235.159238][ T9275] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 235.168784][ T9275] BTRFS info (device loop0): force clearing of disk cache [ 235.176433][ T9275] BTRFS info (device loop0): setting nodatasum [pid 9275] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9275] chdir("./file0") = 0 [pid 9275] ioctl(4, LOOP_CLR_FD) = 0 [pid 9275] close(4) = 0 [pid 9275] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9275] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9274] <... futex resumed>) = 0 [pid 9274] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9275] <... futex resumed>) = 0 [pid 9274] <... futex resumed>) = 1 [pid 9275] open("./file0", O_RDONLY) = 4 [ 235.182914][ T9275] BTRFS info (device loop0): allowing degraded mounts [ 235.190045][ T9275] BTRFS info (device loop0): enabling disk space caching [pid 9274] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9275] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9274] <... futex resumed>) = 0 [pid 9275] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9274] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9274] <... futex resumed>) = 0 [pid 9275] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9274] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9275] <... ioctl resumed>) = 0 [pid 9275] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9274] <... futex resumed>) = 0 [pid 9274] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9274] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9275] <... futex resumed>) = 1 [pid 9275] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9274] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 9274] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9274] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9293 attached => {parent_tid=[9293]}, 88) = 9293 [pid 9293] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9274] rt_sigprocmask(SIG_SETMASK, [], [pid 9293] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9274] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9293] open(".", O_RDONLY [pid 9274] <... futex resumed>) = 0 [pid 9293] <... open resumed>) = 5 [pid 9274] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9293] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9293] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9274] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9293] <... futex resumed>) = 0 [pid 9274] <... futex resumed>) = 1 [pid 9293] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9274] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9293] <... ioctl resumed>) = 0 [pid 9293] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9293] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9274] <... futex resumed>) = 0 [pid 9275] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9275] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9275] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9274] exit_group(0 [pid 9293] <... futex resumed>) = ? [pid 9274] <... exit_group resumed>) = ? [pid 9293] +++ exited with 0 +++ [pid 9275] <... futex resumed>) = ? [pid 9275] +++ exited with 0 +++ [pid 9274] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9274, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=24 /* 0.24 s */} --- umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9294 attached , child_tidptr=0x5555570ad690) = 9294 [pid 9294] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9294] chdir("./211") = 0 [pid 9294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9294] setpgid(0, 0) = 0 [pid 9294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9294] write(3, "1000", 4) = 4 [pid 9294] close(3) = 0 [pid 9294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9294] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9294] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9294] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9294] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9295 attached [pid 9295] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9295] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9295] rt_sigprocmask(SIG_SETMASK, [], [pid 9294] <... clone3 resumed> => {parent_tid=[9295]}, 88) = 9295 [pid 9295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9294] rt_sigprocmask(SIG_SETMASK, [], [pid 9295] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9294] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9295] <... futex resumed>) = 0 [pid 9294] <... futex resumed>) = 1 [pid 9295] memfd_create("syzkaller", 0 [pid 9294] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9295] <... memfd_create resumed>) = 3 [pid 9295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9295] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9295] close(3) = 0 [pid 9295] mkdir("./file0", 0777) = 0 [pid 9295] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 235.921711][ T9295] loop0: detected capacity change from 0 to 32768 [ 235.937614][ T9295] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9295) [pid 9295] chdir("./file0") = 0 [pid 9295] ioctl(4, LOOP_CLR_FD) = 0 [pid 9295] close(4) = 0 [pid 9295] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9295] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9294] <... futex resumed>) = 0 [pid 9294] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9295] <... futex resumed>) = 0 [pid 9294] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9295] open("./file0", O_RDONLY) = 4 [pid 9295] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9294] <... futex resumed>) = 0 [pid 9295] <... futex resumed>) = 1 [pid 9294] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9295] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9294] <... futex resumed>) = 0 [pid 9295] <... ioctl resumed>) = 0 [pid 9294] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9295] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9294] <... futex resumed>) = 0 [pid 9294] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9295] <... futex resumed>) = 1 [pid 9294] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9295] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9294] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 9294] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9294] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9313 attached => {parent_tid=[9313]}, 88) = 9313 [pid 9294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9294] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9294] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9313] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9313] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9313] open(".", O_RDONLY) = 5 [pid 9313] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9294] <... futex resumed>) = 0 [pid 9313] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9294] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9294] <... futex resumed>) = 0 [pid 9313] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 236.035288][ T9295] _btrfs_printk: 27 callbacks suppressed [ 236.035305][ T9295] BTRFS info (device loop0): balance: start -d -m [ 236.050147][ T9295] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 236.072026][ T9295] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9294] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9313] <... ioctl resumed>) = 0 [pid 9313] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9294] <... futex resumed>) = 0 [ 236.123791][ T9295] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9313] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9295] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9295] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9295] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9294] exit_group(0 [pid 9295] <... futex resumed>) = ? [pid 9294] <... exit_group resumed>) = ? [pid 9313] <... futex resumed>) = ? [pid 9313] +++ exited with 0 +++ [pid 9295] +++ exited with 0 +++ [pid 9294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9294, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 236.166870][ T9295] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 236.197276][ T9295] BTRFS info (device loop0): balance: ended with status: 0 umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/binderfs") = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9314 attached , child_tidptr=0x5555570ad690) = 9314 [pid 9314] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9314] chdir("./212") = 0 [pid 9314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9314] setpgid(0, 0) = 0 [pid 9314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9314] write(3, "1000", 4) = 4 [pid 9314] close(3) = 0 [pid 9314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9314] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9314] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9314] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9314] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9315 attached [pid 9315] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9315] set_robust_list(0x7f0bd5e299a0, 24 [pid 9314] <... clone3 resumed> => {parent_tid=[9315]}, 88) = 9315 [pid 9315] <... set_robust_list resumed>) = 0 [pid 9314] rt_sigprocmask(SIG_SETMASK, [], [pid 9315] rt_sigprocmask(SIG_SETMASK, [], [pid 9314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9314] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9315] memfd_create("syzkaller", 0 [pid 9314] <... futex resumed>) = 0 [pid 9314] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9315] <... memfd_create resumed>) = 3 [pid 9315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9315] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9315] close(3) = 0 [pid 9315] mkdir("./file0", 0777) = 0 [ 236.751118][ T9315] loop0: detected capacity change from 0 to 32768 [ 236.770836][ T9315] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9315) [ 236.786986][ T9315] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 236.796284][ T9315] BTRFS info (device loop0): force clearing of disk cache [ 236.803389][ T9315] BTRFS info (device loop0): setting nodatasum [ 236.809608][ T9315] BTRFS info (device loop0): allowing degraded mounts [ 236.816413][ T9315] BTRFS info (device loop0): enabling disk space caching [ 236.823433][ T9315] BTRFS info (device loop0): disk space caching is enabled [ 236.842928][ T9315] BTRFS info (device loop0): enabling ssd optimizations [ 236.850072][ T9315] BTRFS info (device loop0): auto enabling async discard [ 236.858220][ T9315] BTRFS info (device loop0): rebuilding free space tree [ 236.869892][ T9315] BTRFS info (device loop0): disabling free space tree [ 236.876958][ T9315] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 236.886665][ T9315] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9315] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9315] chdir("./file0") = 0 [pid 9315] ioctl(4, LOOP_CLR_FD) = 0 [pid 9315] close(4) = 0 [pid 9315] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9314] <... futex resumed>) = 0 [pid 9314] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9315] <... futex resumed>) = 1 [pid 9314] <... futex resumed>) = 0 [pid 9314] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9315] open("./file0", O_RDONLY) = 4 [pid 9315] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9314] <... futex resumed>) = 0 [pid 9315] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9314] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9315] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9314] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9315] <... ioctl resumed>) = 0 [ 236.900270][ T9315] BTRFS info (device loop0): checking UUID tree [pid 9315] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9314] <... futex resumed>) = 0 [pid 9315] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9314] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9314] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9314] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9314] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9333]}, 88) = 9333 [pid 9314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9314] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 9333 attached [pid 9314] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9333] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9333] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9333] open(".", O_RDONLY) = 5 [pid 9333] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9314] <... futex resumed>) = 0 [pid 9333] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9314] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 236.954722][ T9315] BTRFS info (device loop0): balance: start -d -m [ 236.963349][ T9315] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 236.990414][ T9315] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9314] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9333] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 9333] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9314] <... futex resumed>) = 0 [ 237.070282][ T9315] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 237.101905][ T9315] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9333] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9315] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9315] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9315] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9314] exit_group(0 [pid 9333] <... futex resumed>) = ? [pid 9315] <... futex resumed>) = ? [pid 9314] <... exit_group resumed>) = ? [pid 9333] +++ exited with 0 +++ [pid 9315] +++ exited with 0 +++ [pid 9314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9314, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [ 237.119872][ T9315] BTRFS info (device loop0): balance: ended with status: 0 umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/binderfs") = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9334 attached [pid 9334] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9334] chdir("./213") = 0 [pid 9334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9334 [pid 9334] setpgid(0, 0) = 0 [pid 9334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9334] write(3, "1000", 4) = 4 [pid 9334] close(3) = 0 [pid 9334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9334] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9334] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9334] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9335 attached => {parent_tid=[9335]}, 88) = 9335 [pid 9335] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9334] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9334] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9335] <... rseq resumed>) = 0 [pid 9335] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9335] memfd_create("syzkaller", 0) = 3 [pid 9335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9335] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9335] close(3) = 0 [pid 9335] mkdir("./file0", 0777) = 0 [ 237.744239][ T9335] loop0: detected capacity change from 0 to 32768 [ 237.763980][ T9335] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9335) [ 237.779487][ T9335] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 237.788815][ T9335] BTRFS info (device loop0): force clearing of disk cache [ 237.795973][ T9335] BTRFS info (device loop0): setting nodatasum [ 237.802127][ T9335] BTRFS info (device loop0): allowing degraded mounts [ 237.808953][ T9335] BTRFS info (device loop0): enabling disk space caching [ 237.816049][ T9335] BTRFS info (device loop0): disk space caching is enabled [ 237.835648][ T9335] BTRFS info (device loop0): enabling ssd optimizations [ 237.842659][ T9335] BTRFS info (device loop0): auto enabling async discard [ 237.850703][ T9335] BTRFS info (device loop0): rebuilding free space tree [ 237.861778][ T9335] BTRFS info (device loop0): disabling free space tree [ 237.868835][ T9335] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 237.878577][ T9335] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9335] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9335] chdir("./file0") = 0 [pid 9335] ioctl(4, LOOP_CLR_FD) = 0 [pid 9335] close(4) = 0 [pid 9335] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9334] <... futex resumed>) = 0 [ 237.891602][ T9335] BTRFS info (device loop0): checking UUID tree [pid 9335] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9334] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9334] <... futex resumed>) = 0 [pid 9335] open("./file0", O_RDONLY [pid 9334] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9335] <... open resumed>) = 4 [pid 9335] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9334] <... futex resumed>) = 0 [pid 9334] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9335] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9334] <... futex resumed>) = 0 [pid 9335] <... ioctl resumed>) = 0 [pid 9334] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9335] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9334] <... futex resumed>) = 0 [pid 9334] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9335] <... futex resumed>) = 1 [pid 9334] <... futex resumed>) = 0 [pid 9335] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9334] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9334] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9334] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9353]}, 88) = 9353 [pid 9334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9334] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 9353 attached ) = 0 [pid 9334] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9353] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9353] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9353] open(".", O_RDONLY) = 5 [pid 9353] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9353] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9334] <... futex resumed>) = 0 [pid 9334] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9334] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9353] <... futex resumed>) = 0 [ 237.964703][ T9335] BTRFS info (device loop0): balance: start -d -m [ 237.972469][ T9335] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 237.994521][ T9335] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9353] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 9353] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9353] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9334] <... futex resumed>) = 0 [ 238.045845][ T9335] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 238.084470][ T9335] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9335] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9335] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9335] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9334] exit_group(0) = ? [pid 9353] <... futex resumed>) = ? [pid 9335] <... futex resumed>) = ? [pid 9335] +++ exited with 0 +++ [pid 9353] +++ exited with 0 +++ [pid 9334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9334, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 238.102039][ T9335] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/binderfs") = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9354 attached , child_tidptr=0x5555570ad690) = 9354 [pid 9354] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9354] chdir("./214") = 0 [pid 9354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9354] setpgid(0, 0) = 0 [pid 9354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9354] write(3, "1000", 4) = 4 [pid 9354] close(3) = 0 [pid 9354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9354] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9354] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9354] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9355 attached [pid 9355] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9355] set_robust_list(0x7f0bd5e299a0, 24 [pid 9354] <... clone3 resumed> => {parent_tid=[9355]}, 88) = 9355 [pid 9355] <... set_robust_list resumed>) = 0 [pid 9354] rt_sigprocmask(SIG_SETMASK, [], [pid 9355] rt_sigprocmask(SIG_SETMASK, [], [pid 9354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9354] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9355] memfd_create("syzkaller", 0 [pid 9354] <... futex resumed>) = 0 [pid 9355] <... memfd_create resumed>) = 3 [pid 9355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 9354] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9355] <... mmap resumed>) = 0x7f0bcda09000 [pid 9355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9355] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9355] close(3) = 0 [pid 9355] mkdir("./file0", 0777) = 0 [ 238.655663][ T9355] loop0: detected capacity change from 0 to 32768 [ 238.680013][ T9355] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9355) [ 238.695834][ T9355] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 238.705395][ T9355] BTRFS info (device loop0): force clearing of disk cache [ 238.712734][ T9355] BTRFS info (device loop0): setting nodatasum [ 238.719333][ T9355] BTRFS info (device loop0): allowing degraded mounts [ 238.726398][ T9355] BTRFS info (device loop0): enabling disk space caching [ 238.733642][ T9355] BTRFS info (device loop0): disk space caching is enabled [ 238.753212][ T9355] BTRFS info (device loop0): enabling ssd optimizations [ 238.760277][ T9355] BTRFS info (device loop0): auto enabling async discard [ 238.768269][ T9355] BTRFS info (device loop0): rebuilding free space tree [ 238.779097][ T9355] BTRFS info (device loop0): disabling free space tree [ 238.786105][ T9355] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 238.795855][ T9355] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9355] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9355] chdir("./file0") = 0 [pid 9355] ioctl(4, LOOP_CLR_FD) = 0 [pid 9355] close(4) = 0 [pid 9355] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9355] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9354] <... futex resumed>) = 0 [pid 9354] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9355] <... futex resumed>) = 0 [pid 9355] open("./file0", O_RDONLY [pid 9354] <... futex resumed>) = 1 [pid 9354] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9355] <... open resumed>) = 4 [pid 9355] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9354] <... futex resumed>) = 0 [pid 9355] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9354] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9355] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9354] <... futex resumed>) = 0 [pid 9355] <... ioctl resumed>) = 0 [pid 9354] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 238.809313][ T9355] BTRFS info (device loop0): checking UUID tree [pid 9355] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9354] <... futex resumed>) = 0 [pid 9355] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9354] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9354] <... futex resumed>) = 0 [pid 9355] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9354] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9354] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9354] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9373]}, 88) = 9373 [pid 9354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9354] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9354] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9373 attached [pid 9373] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9373] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 238.883678][ T9355] BTRFS info (device loop0): balance: start -d -m [ 238.892416][ T9355] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 238.915725][ T9355] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9373] open(".", O_RDONLY) = 5 [pid 9373] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9354] <... futex resumed>) = 0 [pid 9373] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9354] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9354] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9373] <... ioctl resumed>) = 0 [pid 9373] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9354] <... futex resumed>) = 0 [ 238.961744][ T9355] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9373] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9355] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9355] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9355] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9354] exit_group(0 [pid 9373] <... futex resumed>) = ? [pid 9355] <... futex resumed>) = ? [pid 9373] +++ exited with 0 +++ [pid 9354] <... exit_group resumed>) = ? [pid 9355] +++ exited with 0 +++ [pid 9354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9354, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 239.008962][ T9355] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 239.026774][ T9355] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/binderfs") = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9374 attached [pid 9374] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9374] chdir("./215") = 0 [pid 9374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9374 [pid 9374] setpgid(0, 0) = 0 [pid 9374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9374] write(3, "1000", 4) = 4 [pid 9374] close(3) = 0 [pid 9374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9374] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9374] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9374] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9375 attached => {parent_tid=[9375]}, 88) = 9375 [pid 9374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9375] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9374] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9375] set_robust_list(0x7f0bd5e299a0, 24 [pid 9374] <... futex resumed>) = 0 [pid 9375] <... set_robust_list resumed>) = 0 [pid 9374] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9375] memfd_create("syzkaller", 0) = 3 [pid 9375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9375] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9375] close(3) = 0 [pid 9375] mkdir("./file0", 0777) = 0 [ 239.543783][ T9375] loop0: detected capacity change from 0 to 32768 [ 239.558687][ T9375] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9375) [ 239.575136][ T9375] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 239.584431][ T9375] BTRFS info (device loop0): force clearing of disk cache [ 239.591540][ T9375] BTRFS info (device loop0): setting nodatasum [ 239.597846][ T9375] BTRFS info (device loop0): allowing degraded mounts [ 239.604678][ T9375] BTRFS info (device loop0): enabling disk space caching [ 239.611687][ T9375] BTRFS info (device loop0): disk space caching is enabled [ 239.630609][ T9375] BTRFS info (device loop0): enabling ssd optimizations [pid 9375] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9375] chdir("./file0") = 0 [ 239.637711][ T9375] BTRFS info (device loop0): auto enabling async discard [ 239.645674][ T9375] BTRFS info (device loop0): rebuilding free space tree [ 239.656976][ T9375] BTRFS info (device loop0): disabling free space tree [ 239.664010][ T9375] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 239.673645][ T9375] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 239.686359][ T9375] BTRFS info (device loop0): checking UUID tree [pid 9375] ioctl(4, LOOP_CLR_FD) = 0 [pid 9375] close(4) = 0 [pid 9375] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9374] <... futex resumed>) = 0 [pid 9374] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9375] open("./file0", O_RDONLY [pid 9374] <... futex resumed>) = 0 [pid 9374] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9375] <... open resumed>) = 4 [pid 9375] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9374] <... futex resumed>) = 0 [pid 9375] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9374] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9374] <... futex resumed>) = 0 [pid 9375] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9374] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9375] <... ioctl resumed>) = 0 [pid 9375] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9374] <... futex resumed>) = 0 [pid 9375] <... futex resumed>) = 1 [pid 9374] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9374] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9375] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9374] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 9374] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 9374] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9374] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9393 attached => {parent_tid=[9393]}, 88) = 9393 [pid 9393] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9374] rt_sigprocmask(SIG_SETMASK, [], [pid 9393] <... rseq resumed>) = 0 [pid 9374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9393] set_robust_list(0x7f0bd5e089a0, 24 [pid 9374] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9393] <... set_robust_list resumed>) = 0 [pid 9374] <... futex resumed>) = 0 [pid 9393] rt_sigprocmask(SIG_SETMASK, [], [pid 9374] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9393] open(".", O_RDONLY) = 5 [ 239.768174][ T9375] BTRFS info (device loop0): balance: start -d -m [ 239.777438][ T9375] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 239.802166][ T9375] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9393] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9374] <... futex resumed>) = 0 [pid 9374] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9393] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9374] <... futex resumed>) = 0 [ 239.846977][ T9375] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9374] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9393] <... ioctl resumed>) = 0 [pid 9393] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9393] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9374] <... futex resumed>) = 0 [pid 9375] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9375] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9375] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9374] exit_group(0 [pid 9393] <... futex resumed>) = ? [pid 9374] <... exit_group resumed>) = ? [pid 9393] +++ exited with 0 +++ [pid 9375] <... futex resumed>) = ? [pid 9375] +++ exited with 0 +++ [pid 9374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9374, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 239.889630][ T9375] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 239.911756][ T9375] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/binderfs") = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ad690) = 9394 ./strace-static-x86_64: Process 9394 attached [pid 9394] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9394] chdir("./216") = 0 [pid 9394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9394] setpgid(0, 0) = 0 [pid 9394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9394] write(3, "1000", 4) = 4 [pid 9394] close(3) = 0 [pid 9394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9394] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9394] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9394] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9394] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9395 attached [pid 9395] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9394] <... clone3 resumed> => {parent_tid=[9395]}, 88) = 9395 [pid 9395] <... rseq resumed>) = 0 [pid 9394] rt_sigprocmask(SIG_SETMASK, [], [pid 9395] set_robust_list(0x7f0bd5e299a0, 24 [pid 9394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9395] <... set_robust_list resumed>) = 0 [pid 9394] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9395] rt_sigprocmask(SIG_SETMASK, [], [pid 9394] <... futex resumed>) = 0 [pid 9395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9394] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9395] memfd_create("syzkaller", 0) = 3 [pid 9395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9395] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9395] close(3) = 0 [pid 9395] mkdir("./file0", 0777) = 0 [ 240.469960][ T9395] loop0: detected capacity change from 0 to 32768 [ 240.494935][ T9395] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9395) [ 240.511169][ T9395] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 240.520520][ T9395] BTRFS info (device loop0): force clearing of disk cache [ 240.527707][ T9395] BTRFS info (device loop0): setting nodatasum [ 240.533976][ T9395] BTRFS info (device loop0): allowing degraded mounts [ 240.540756][ T9395] BTRFS info (device loop0): enabling disk space caching [ 240.547838][ T9395] BTRFS info (device loop0): disk space caching is enabled [ 240.566770][ T9395] BTRFS info (device loop0): enabling ssd optimizations [ 240.573742][ T9395] BTRFS info (device loop0): auto enabling async discard [ 240.581858][ T9395] BTRFS info (device loop0): rebuilding free space tree [ 240.592782][ T9395] BTRFS info (device loop0): disabling free space tree [ 240.599895][ T9395] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 240.609587][ T9395] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9395] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9395] chdir("./file0") = 0 [pid 9395] ioctl(4, LOOP_CLR_FD) = 0 [pid 9395] close(4) = 0 [pid 9395] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9394] <... futex resumed>) = 0 [pid 9395] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9394] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9395] open("./file0", O_RDONLY [pid 9394] <... futex resumed>) = 0 [pid 9394] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9395] <... open resumed>) = 4 [ 240.622171][ T9395] BTRFS info (device loop0): checking UUID tree [pid 9395] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9394] <... futex resumed>) = 0 [pid 9394] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9395] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9394] <... futex resumed>) = 0 [pid 9395] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9394] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9395] <... futex resumed>) = 0 [pid 9394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9395] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9394] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9394] <... futex resumed>) = 0 [pid 9395] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9394] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9394] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9394] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9413]}, 88) = 9413 [pid 9394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9394] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9394] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9413 attached [pid 9413] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9413] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9413] open(".", O_RDONLY) = 5 [pid 9413] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9394] <... futex resumed>) = 0 [pid 9413] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9394] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9394] <... futex resumed>) = 0 [pid 9413] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 240.701944][ T9395] BTRFS info (device loop0): balance: start -d -m [ 240.710711][ T9395] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 240.738815][ T9395] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9394] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9413] <... ioctl resumed>) = 0 [pid 9413] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9394] <... futex resumed>) = 0 [pid 9413] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9395] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9395] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9394] exit_group(0 [pid 9395] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9413] <... futex resumed>) = ? [pid 9413] +++ exited with 0 +++ [pid 9395] <... futex resumed>) = ? [pid 9394] <... exit_group resumed>) = ? [pid 9395] +++ exited with 0 +++ [pid 9394] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9394, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 240.803495][ T9395] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 240.824989][ T9395] BTRFS info (device loop0): found 1 extents, stage: update data pointers unlink("./216/binderfs") = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9414 attached , child_tidptr=0x5555570ad690) = 9414 [pid 9414] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9414] chdir("./217") = 0 [pid 9414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9414] setpgid(0, 0) = 0 [pid 9414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9414] write(3, "1000", 4) = 4 [pid 9414] close(3) = 0 [pid 9414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9414] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9414] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9414] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9415 attached [pid 9415] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9415] set_robust_list(0x7f0bd5e299a0, 24 [pid 9414] <... clone3 resumed> => {parent_tid=[9415]}, 88) = 9415 [pid 9415] <... set_robust_list resumed>) = 0 [pid 9414] rt_sigprocmask(SIG_SETMASK, [], [pid 9415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9415] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9414] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9414] <... futex resumed>) = 0 [pid 9415] memfd_create("syzkaller", 0 [pid 9414] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9415] <... memfd_create resumed>) = 3 [pid 9415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9415] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9415] close(3) = 0 [pid 9415] mkdir("./file0", 0777) = 0 [ 241.312882][ T9415] loop0: detected capacity change from 0 to 32768 [ 241.343014][ T9415] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9415) [ 241.359580][ T9415] _btrfs_printk: 1 callbacks suppressed [ 241.359595][ T9415] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 241.374556][ T9415] BTRFS info (device loop0): force clearing of disk cache [ 241.381726][ T9415] BTRFS info (device loop0): setting nodatasum [ 241.388092][ T9415] BTRFS info (device loop0): allowing degraded mounts [ 241.394914][ T9415] BTRFS info (device loop0): enabling disk space caching [ 241.401948][ T9415] BTRFS info (device loop0): disk space caching is enabled [ 241.420650][ T9415] BTRFS info (device loop0): enabling ssd optimizations [ 241.427699][ T9415] BTRFS info (device loop0): auto enabling async discard [ 241.435706][ T9415] BTRFS info (device loop0): rebuilding free space tree [ 241.446687][ T9415] BTRFS info (device loop0): disabling free space tree [ 241.453642][ T9415] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9415] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9415] chdir("./file0") = 0 [pid 9415] ioctl(4, LOOP_CLR_FD) = 0 [pid 9415] close(4) = 0 [pid 9415] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9414] <... futex resumed>) = 0 [pid 9414] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9415] open("./file0", O_RDONLY [pid 9414] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9415] <... open resumed>) = 4 [pid 9415] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9414] <... futex resumed>) = 0 [pid 9415] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9414] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9415] <... ioctl resumed>) = 0 [pid 9414] <... futex resumed>) = 0 [pid 9414] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9415] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9414] <... futex resumed>) = 0 [pid 9415] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9414] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 241.463429][ T9415] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 241.476710][ T9415] BTRFS info (device loop0): checking UUID tree [pid 9414] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9414] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9414] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9433]}, 88) = 9433 [pid 9414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9414] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9414] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9433 attached [pid 9433] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9433] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9433] open(".", O_RDONLY) = 5 [pid 9433] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9433] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9414] <... futex resumed>) = 0 [pid 9414] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9433] <... futex resumed>) = 0 [pid 9414] <... futex resumed>) = 1 [pid 9433] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 241.530373][ T9415] BTRFS info (device loop0): balance: start -d -m [ 241.539529][ T9415] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 241.562621][ T9415] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9414] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9433] <... ioctl resumed>) = 0 [pid 9433] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9414] <... futex resumed>) = 0 [pid 9433] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9415] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9415] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9415] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9414] exit_group(0 [pid 9433] <... futex resumed>) = ? [pid 9415] <... futex resumed>) = ? [pid 9414] <... exit_group resumed>) = ? [pid 9433] +++ exited with 0 +++ [pid 9415] +++ exited with 0 +++ [pid 9414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9414, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 241.649710][ T9415] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 241.671399][ T9415] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 241.688497][ T9415] BTRFS info (device loop0): balance: ended with status: 0 umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/binderfs") = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9434 attached , child_tidptr=0x5555570ad690) = 9434 [pid 9434] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9434] chdir("./218") = 0 [pid 9434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9434] setpgid(0, 0) = 0 [pid 9434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9434] write(3, "1000", 4) = 4 [pid 9434] close(3) = 0 [pid 9434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9434] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9434] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9434] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9435 attached => {parent_tid=[9435]}, 88) = 9435 [pid 9435] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9435] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9435] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9434] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9435] <... futex resumed>) = 0 [pid 9434] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9435] memfd_create("syzkaller", 0) = 3 [pid 9435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9435] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9435] close(3) = 0 [pid 9435] mkdir("./file0", 0777) = 0 [ 242.163463][ T9435] loop0: detected capacity change from 0 to 32768 [ 242.172708][ T9435] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9435) [ 242.188752][ T9435] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 242.198189][ T9435] BTRFS info (device loop0): force clearing of disk cache [ 242.205398][ T9435] BTRFS info (device loop0): setting nodatasum [ 242.211564][ T9435] BTRFS info (device loop0): allowing degraded mounts [ 242.218421][ T9435] BTRFS info (device loop0): enabling disk space caching [ 242.225483][ T9435] BTRFS info (device loop0): disk space caching is enabled [ 242.244229][ T9435] BTRFS info (device loop0): enabling ssd optimizations [ 242.251179][ T9435] BTRFS info (device loop0): auto enabling async discard [pid 9435] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9435] chdir("./file0") = 0 [pid 9435] ioctl(4, LOOP_CLR_FD) = 0 [pid 9435] close(4) = 0 [pid 9435] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9434] <... futex resumed>) = 0 [pid 9435] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9434] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9435] <... futex resumed>) = 0 [pid 9434] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 242.259732][ T9435] BTRFS info (device loop0): rebuilding free space tree [ 242.270444][ T9435] BTRFS info (device loop0): disabling free space tree [ 242.277395][ T9435] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 242.287078][ T9435] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 242.300289][ T9435] BTRFS info (device loop0): checking UUID tree [pid 9435] open("./file0", O_RDONLY) = 4 [pid 9435] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9434] <... futex resumed>) = 0 [pid 9435] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9434] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9434] <... futex resumed>) = 0 [pid 9435] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9434] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9435] <... ioctl resumed>) = 0 [pid 9435] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9434] <... futex resumed>) = 0 [pid 9434] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9435] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9434] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9434] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9434] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9453 attached => {parent_tid=[9453]}, 88) = 9453 [pid 9434] rt_sigprocmask(SIG_SETMASK, [], [pid 9453] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9453] <... rseq resumed>) = 0 [pid 9434] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9453] set_robust_list(0x7f0bd5e089a0, 24 [pid 9434] <... futex resumed>) = 0 [pid 9453] <... set_robust_list resumed>) = 0 [pid 9453] rt_sigprocmask(SIG_SETMASK, [], [pid 9434] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9453] open(".", O_RDONLY) = 5 [pid 9453] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9434] <... futex resumed>) = 0 [pid 9434] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9434] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9453] <... futex resumed>) = 1 [ 242.379053][ T9435] BTRFS info (device loop0): balance: start -d -m [ 242.387854][ T9435] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 242.411539][ T9435] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9453] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 9453] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9434] <... futex resumed>) = 0 [pid 9453] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9435] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9435] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9435] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9434] exit_group(0 [pid 9453] <... futex resumed>) = ? [pid 9434] <... exit_group resumed>) = ? [pid 9453] +++ exited with 0 +++ [pid 9435] <... futex resumed>) = ? [pid 9435] +++ exited with 0 +++ [pid 9434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9434, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 242.481969][ T9435] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 242.503142][ T9435] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 242.520570][ T9435] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/binderfs") = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9454 attached , child_tidptr=0x5555570ad690) = 9454 [pid 9454] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9454] chdir("./219") = 0 [pid 9454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9454] setpgid(0, 0) = 0 [pid 9454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9454] write(3, "1000", 4) = 4 [pid 9454] close(3) = 0 [pid 9454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9454] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9454] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9454] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9454] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9455 attached [pid 9455] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9454] <... clone3 resumed> => {parent_tid=[9455]}, 88) = 9455 [pid 9455] set_robust_list(0x7f0bd5e299a0, 24 [pid 9454] rt_sigprocmask(SIG_SETMASK, [], [pid 9455] <... set_robust_list resumed>) = 0 [pid 9455] rt_sigprocmask(SIG_SETMASK, [], [pid 9454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9454] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9455] memfd_create("syzkaller", 0 [pid 9454] <... futex resumed>) = 0 [pid 9454] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9455] <... memfd_create resumed>) = 3 [pid 9455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9455] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9455] close(3) = 0 [pid 9455] mkdir("./file0", 0777) = 0 [ 243.061680][ T9455] loop0: detected capacity change from 0 to 32768 [ 243.087570][ T9455] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9455) [ 243.102644][ T9455] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 243.111953][ T9455] BTRFS info (device loop0): force clearing of disk cache [ 243.119134][ T9455] BTRFS info (device loop0): setting nodatasum [ 243.125367][ T9455] BTRFS info (device loop0): allowing degraded mounts [ 243.132146][ T9455] BTRFS info (device loop0): enabling disk space caching [ 243.139247][ T9455] BTRFS info (device loop0): disk space caching is enabled [ 243.158305][ T9455] BTRFS info (device loop0): enabling ssd optimizations [ 243.165356][ T9455] BTRFS info (device loop0): auto enabling async discard [ 243.173181][ T9455] BTRFS info (device loop0): rebuilding free space tree [ 243.184802][ T9455] BTRFS info (device loop0): disabling free space tree [ 243.191913][ T9455] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 243.201677][ T9455] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9455] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9455] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9455] chdir("./file0") = 0 [pid 9455] ioctl(4, LOOP_CLR_FD) = 0 [pid 9455] close(4) = 0 [pid 9455] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9454] <... futex resumed>) = 0 [pid 9454] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9455] open("./file0", O_RDONLY [pid 9454] <... futex resumed>) = 0 [pid 9455] <... open resumed>) = 4 [pid 9455] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9454] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9455] <... futex resumed>) = 0 [pid 9454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9455] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 243.214690][ T9455] BTRFS info (device loop0): checking UUID tree [pid 9454] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9454] <... futex resumed>) = 0 [pid 9455] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9454] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9455] <... ioctl resumed>) = 0 [pid 9455] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9454] <... futex resumed>) = 0 [pid 9455] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9454] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9454] <... futex resumed>) = 0 [pid 9455] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9454] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9454] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9454] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9473]}, 88) = 9473 ./strace-static-x86_64: Process 9473 attached [pid 9454] rt_sigprocmask(SIG_SETMASK, [], [pid 9473] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9454] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9473] <... rseq resumed>) = 0 [pid 9473] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9454] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9473] open(".", O_RDONLY) = 5 [pid 9473] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9454] <... futex resumed>) = 0 [pid 9473] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9454] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9454] <... futex resumed>) = 0 [pid 9473] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 243.289043][ T9455] BTRFS info (device loop0): balance: start -d -m [ 243.300136][ T9455] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 243.327885][ T9455] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9454] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9473] <... ioctl resumed>) = 0 [pid 9473] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9454] <... futex resumed>) = 0 [pid 9473] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9455] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9455] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9455] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9454] exit_group(0) = ? [pid 9455] <... futex resumed>) = ? [pid 9473] <... futex resumed>) = ? [pid 9473] +++ exited with 0 +++ [pid 9455] +++ exited with 0 +++ [pid 9454] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9454, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/binderfs") = 0 [ 243.394325][ T9455] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 243.416533][ T9455] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 243.433573][ T9455] BTRFS info (device loop0): balance: ended with status: 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9474 attached , child_tidptr=0x5555570ad690) = 9474 [pid 9474] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9474] chdir("./220") = 0 [pid 9474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9474] setpgid(0, 0) = 0 [pid 9474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9474] write(3, "1000", 4) = 4 [pid 9474] close(3) = 0 [pid 9474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9474] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9474] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9474] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9475 attached [pid 9475] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9474] <... clone3 resumed> => {parent_tid=[9475]}, 88) = 9475 [pid 9475] <... rseq resumed>) = 0 [pid 9475] set_robust_list(0x7f0bd5e299a0, 24 [pid 9474] rt_sigprocmask(SIG_SETMASK, [], [pid 9475] <... set_robust_list resumed>) = 0 [pid 9474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9475] rt_sigprocmask(SIG_SETMASK, [], [pid 9474] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9474] <... futex resumed>) = 0 [pid 9474] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9475] memfd_create("syzkaller", 0) = 3 [pid 9475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9475] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9475] close(3) = 0 [pid 9475] mkdir("./file0", 0777) = 0 [ 243.892306][ T9475] loop0: detected capacity change from 0 to 32768 [ 243.902030][ T9475] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9475) [ 243.917734][ T9475] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 243.927195][ T9475] BTRFS info (device loop0): force clearing of disk cache [ 243.934369][ T9475] BTRFS info (device loop0): setting nodatasum [ 243.940531][ T9475] BTRFS info (device loop0): allowing degraded mounts [ 243.947353][ T9475] BTRFS info (device loop0): enabling disk space caching [ 243.954422][ T9475] BTRFS info (device loop0): disk space caching is enabled [ 243.974980][ T9475] BTRFS info (device loop0): enabling ssd optimizations [ 243.982011][ T9475] BTRFS info (device loop0): auto enabling async discard [pid 9475] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9475] chdir("./file0") = 0 [pid 9475] ioctl(4, LOOP_CLR_FD) = 0 [pid 9475] close(4) = 0 [pid 9475] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9475] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9474] <... futex resumed>) = 0 [pid 9474] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9475] <... futex resumed>) = 0 [pid 9474] <... futex resumed>) = 1 [pid 9475] open("./file0", O_RDONLY [pid 9474] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9475] <... open resumed>) = 4 [pid 9475] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9474] <... futex resumed>) = 0 [pid 9475] <... futex resumed>) = 1 [pid 9475] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9474] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9475] <... ioctl resumed>) = 0 [pid 9475] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9474] <... futex resumed>) = 0 [pid 9475] <... futex resumed>) = 0 [pid 9474] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9475] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 243.990065][ T9475] BTRFS info (device loop0): rebuilding free space tree [ 244.001051][ T9475] BTRFS info (device loop0): disabling free space tree [ 244.008032][ T9475] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 244.017731][ T9475] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 244.030634][ T9475] BTRFS info (device loop0): checking UUID tree [pid 9474] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9475] <... futex resumed>) = 0 [pid 9474] <... futex resumed>) = 1 [pid 9475] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9474] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9474] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9474] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9493 attached [pid 9493] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9474] <... clone3 resumed> => {parent_tid=[9493]}, 88) = 9493 [ 244.077055][ T9475] BTRFS info (device loop0): balance: start -d -m [ 244.085328][ T9475] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 244.106592][ T9475] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9493] <... rseq resumed>) = 0 [pid 9474] rt_sigprocmask(SIG_SETMASK, [], [pid 9493] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9474] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9493] open(".", O_RDONLY) = 5 [pid 9474] <... futex resumed>) = 0 [pid 9493] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9474] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9493] <... futex resumed>) = 0 [pid 9474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9493] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9474] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9474] <... futex resumed>) = 0 [pid 9493] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 244.155164][ T9475] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9474] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9493] <... ioctl resumed>) = 0 [pid 9493] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9474] <... futex resumed>) = 0 [pid 9493] <... futex resumed>) = 1 [pid 9493] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9475] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9475] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9475] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9474] exit_group(0 [pid 9493] <... futex resumed>) = ? [pid 9475] <... futex resumed>) = ? [pid 9474] <... exit_group resumed>) = ? [pid 9493] +++ exited with 0 +++ [pid 9475] +++ exited with 0 +++ [pid 9474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9474, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/binderfs") = 0 [ 244.202678][ T9475] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 244.236286][ T9475] BTRFS info (device loop0): balance: ended with status: 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9494 attached , child_tidptr=0x5555570ad690) = 9494 [pid 9494] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9494] chdir("./221") = 0 [pid 9494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9494] setpgid(0, 0) = 0 [pid 9494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9494] write(3, "1000", 4) = 4 [pid 9494] close(3) = 0 [pid 9494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9494] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9494] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9494] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9495 attached [pid 9495] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9494] <... clone3 resumed> => {parent_tid=[9495]}, 88) = 9495 [pid 9495] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9494] rt_sigprocmask(SIG_SETMASK, [], [pid 9495] rt_sigprocmask(SIG_SETMASK, [], [pid 9494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9495] memfd_create("syzkaller", 0 [pid 9494] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9494] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9495] <... memfd_create resumed>) = 3 [pid 9495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9495] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9495] close(3) = 0 [pid 9495] mkdir("./file0", 0777) = 0 [ 244.689872][ T9495] loop0: detected capacity change from 0 to 32768 [ 244.704917][ T9495] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9495) [ 244.719704][ T9495] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 244.729045][ T9495] BTRFS info (device loop0): force clearing of disk cache [ 244.736281][ T9495] BTRFS info (device loop0): setting nodatasum [ 244.742439][ T9495] BTRFS info (device loop0): allowing degraded mounts [ 244.749259][ T9495] BTRFS info (device loop0): enabling disk space caching [ 244.756363][ T9495] BTRFS info (device loop0): disk space caching is enabled [ 244.775335][ T9495] BTRFS info (device loop0): enabling ssd optimizations [ 244.782305][ T9495] BTRFS info (device loop0): auto enabling async discard [pid 9495] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9495] chdir("./file0") = 0 [pid 9495] ioctl(4, LOOP_CLR_FD) = 0 [pid 9495] close(4) = 0 [pid 9495] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9494] <... futex resumed>) = 0 [pid 9495] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9494] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9495] <... futex resumed>) = 0 [pid 9495] open("./file0", O_RDONLY [ 244.790363][ T9495] BTRFS info (device loop0): rebuilding free space tree [ 244.801267][ T9495] BTRFS info (device loop0): disabling free space tree [ 244.808251][ T9495] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 244.818014][ T9495] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 244.830895][ T9495] BTRFS info (device loop0): checking UUID tree [pid 9494] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9495] <... open resumed>) = 4 [pid 9495] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9494] <... futex resumed>) = 0 [pid 9495] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9494] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9495] <... ioctl resumed>) = 0 [pid 9494] <... futex resumed>) = 0 [pid 9494] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9495] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9495] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9494] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9495] <... futex resumed>) = 0 [pid 9494] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9495] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9494] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 9494] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9494] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9513]}, 88) = 9513 ./strace-static-x86_64: Process 9513 attached [pid 9494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9513] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9494] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9513] <... rseq resumed>) = 0 [pid 9494] <... futex resumed>) = 0 [pid 9513] set_robust_list(0x7f0bd5e089a0, 24 [pid 9494] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9513] <... set_robust_list resumed>) = 0 [pid 9513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9513] open(".", O_RDONLY) = 5 [pid 9513] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9494] <... futex resumed>) = 0 [pid 9513] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9494] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9513] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9494] <... futex resumed>) = 0 [ 244.909007][ T9495] BTRFS info (device loop0): balance: start -d -m [ 244.919368][ T9495] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 244.943640][ T9495] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9494] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9513] <... ioctl resumed>) = 0 [pid 9513] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9494] <... futex resumed>) = 0 [pid 9513] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9495] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9495] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9495] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9494] exit_group(0 [pid 9513] <... futex resumed>) = ? [pid 9513] +++ exited with 0 +++ [pid 9495] <... futex resumed>) = ? [pid 9494] <... exit_group resumed>) = ? [pid 9495] +++ exited with 0 +++ [pid 9494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9494, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./221", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 245.008087][ T9495] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 245.028584][ T9495] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 245.046270][ T9495] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./221/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/binderfs") = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9514 attached [pid 9514] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9514] chdir("./222" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9514 [pid 9514] <... chdir resumed>) = 0 [pid 9514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9514] setpgid(0, 0) = 0 [pid 9514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9514] write(3, "1000", 4) = 4 [pid 9514] close(3) = 0 [pid 9514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9514] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9514] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9514] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9515 attached [pid 9515] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9514] <... clone3 resumed> => {parent_tid=[9515]}, 88) = 9515 [pid 9515] set_robust_list(0x7f0bd5e299a0, 24 [pid 9514] rt_sigprocmask(SIG_SETMASK, [], [pid 9515] <... set_robust_list resumed>) = 0 [pid 9514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9515] rt_sigprocmask(SIG_SETMASK, [], [pid 9514] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9514] <... futex resumed>) = 0 [pid 9515] memfd_create("syzkaller", 0 [pid 9514] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9515] <... memfd_create resumed>) = 3 [pid 9515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9515] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9515] close(3) = 0 [pid 9515] mkdir("./file0", 0777) = 0 [ 245.690314][ T9515] loop0: detected capacity change from 0 to 32768 [ 245.704321][ T9515] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9515) [ 245.720701][ T9515] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 245.730013][ T9515] BTRFS info (device loop0): force clearing of disk cache [pid 9515] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9515] chdir("./file0") = 0 [pid 9515] ioctl(4, LOOP_CLR_FD) = 0 [pid 9515] close(4) = 0 [pid 9515] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9514] <... futex resumed>) = 0 [pid 9515] <... futex resumed>) = 1 [pid 9514] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9515] open("./file0", O_RDONLY) = 4 [pid 9514] <... futex resumed>) = 0 [ 245.737157][ T9515] BTRFS info (device loop0): setting nodatasum [ 245.743309][ T9515] BTRFS info (device loop0): allowing degraded mounts [ 245.750132][ T9515] BTRFS info (device loop0): enabling disk space caching [pid 9514] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9515] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9514] <... futex resumed>) = 0 [pid 9515] <... futex resumed>) = 1 [pid 9514] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9515] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9514] <... futex resumed>) = 0 [pid 9514] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9515] <... ioctl resumed>) = 0 [pid 9515] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9514] <... futex resumed>) = 0 [pid 9514] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9515] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9514] <... futex resumed>) = 0 [pid 9514] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9514] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9514] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9533 attached => {parent_tid=[9533]}, 88) = 9533 [pid 9514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9514] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9533] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9514] <... futex resumed>) = 0 [pid 9533] <... rseq resumed>) = 0 [pid 9514] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9533] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9533] open(".", O_RDONLY) = 5 [pid 9533] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9514] <... futex resumed>) = 0 [pid 9514] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9515] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9514] <... futex resumed>) = 0 [pid 9515] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9514] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9533] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9515] <... futex resumed>) = 0 [pid 9515] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9533] <... ioctl resumed>) = 0 [pid 9533] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9514] <... futex resumed>) = 0 [pid 9514] exit_group(0 [pid 9533] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9515] <... futex resumed>) = ? [pid 9533] <... futex resumed>) = ? [pid 9514] <... exit_group resumed>) = ? [pid 9515] +++ exited with 0 +++ [pid 9533] +++ exited with 0 +++ [pid 9514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9514, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./222", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./222/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/binderfs") = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9534 attached , child_tidptr=0x5555570ad690) = 9534 [pid 9534] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9534] chdir("./223") = 0 [pid 9534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9534] setpgid(0, 0) = 0 [pid 9534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9534] write(3, "1000", 4) = 4 [pid 9534] close(3) = 0 [pid 9534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9534] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9534] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9534] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9534] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9535 attached => {parent_tid=[9535]}, 88) = 9535 [pid 9534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9535] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9534] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9535] set_robust_list(0x7f0bd5e299a0, 24 [pid 9534] <... futex resumed>) = 0 [pid 9535] <... set_robust_list resumed>) = 0 [pid 9535] rt_sigprocmask(SIG_SETMASK, [], [pid 9534] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9535] memfd_create("syzkaller", 0) = 3 [pid 9535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9535] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9535] close(3) = 0 [pid 9535] mkdir("./file0", 0777) = 0 [ 246.610935][ T9535] loop0: detected capacity change from 0 to 32768 [ 246.630651][ T9535] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9535) [ 246.647135][ T9535] _btrfs_printk: 14 callbacks suppressed [ 246.647151][ T9535] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 246.662085][ T9535] BTRFS info (device loop0): force clearing of disk cache [ 246.669506][ T9535] BTRFS info (device loop0): setting nodatasum [ 246.675763][ T9535] BTRFS info (device loop0): allowing degraded mounts [ 246.682537][ T9535] BTRFS info (device loop0): enabling disk space caching [ 246.689689][ T9535] BTRFS info (device loop0): disk space caching is enabled [ 246.708887][ T9535] BTRFS info (device loop0): enabling ssd optimizations [ 246.716139][ T9535] BTRFS info (device loop0): auto enabling async discard [ 246.724226][ T9535] BTRFS info (device loop0): rebuilding free space tree [ 246.735403][ T9535] BTRFS info (device loop0): disabling free space tree [ 246.742315][ T9535] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9535] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9535] chdir("./file0") = 0 [pid 9535] ioctl(4, LOOP_CLR_FD) = 0 [pid 9535] close(4) = 0 [pid 9535] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 246.752032][ T9535] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 246.765842][ T9535] BTRFS info (device loop0): checking UUID tree [pid 9535] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9534] <... futex resumed>) = 0 [pid 9534] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9535] <... futex resumed>) = 0 [pid 9535] open("./file0", O_RDONLY) = 4 [pid 9535] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9535] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9534] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 9534] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9535] <... futex resumed>) = 0 [pid 9534] <... futex resumed>) = 1 [pid 9535] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9535] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9535] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9534] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 9534] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9535] <... futex resumed>) = 0 [pid 9534] <... futex resumed>) = 1 [pid 9535] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9534] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9534] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9534] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9553]}, 88) = 9553 [pid 9534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9534] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9534] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9553 attached [pid 9553] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9553] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9553] open(".", O_RDONLY) = 5 [pid 9553] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9534] <... futex resumed>) = 0 [pid 9553] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 9534] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9553] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9534] <... futex resumed>) = 0 [ 246.843234][ T9535] BTRFS info (device loop0): balance: start -d -m [ 246.854785][ T9535] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 246.882556][ T9535] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9534] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9553] <... ioctl resumed>) = 0 [pid 9553] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9553] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9534] <... futex resumed>) = 0 [pid 9535] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9535] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9535] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9534] exit_group(0 [pid 9553] <... futex resumed>) = ? [pid 9534] <... exit_group resumed>) = ? [pid 9553] +++ exited with 0 +++ [pid 9535] <... futex resumed>) = ? [pid 9535] +++ exited with 0 +++ [pid 9534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9534, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./223", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 246.946235][ T9535] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 246.967567][ T9535] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 246.985010][ T9535] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./223/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/binderfs") = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9554 attached , child_tidptr=0x5555570ad690) = 9554 [pid 9554] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9554] chdir("./224") = 0 [pid 9554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9554] setpgid(0, 0) = 0 [pid 9554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9554] write(3, "1000", 4) = 4 [pid 9554] close(3) = 0 [pid 9554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9554] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9554] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9554] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9555 attached [pid 9555] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9554] <... clone3 resumed> => {parent_tid=[9555]}, 88) = 9555 [pid 9555] <... rseq resumed>) = 0 [pid 9554] rt_sigprocmask(SIG_SETMASK, [], [pid 9555] set_robust_list(0x7f0bd5e299a0, 24 [pid 9554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9555] <... set_robust_list resumed>) = 0 [pid 9554] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9555] rt_sigprocmask(SIG_SETMASK, [], [pid 9554] <... futex resumed>) = 0 [pid 9555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9555] memfd_create("syzkaller", 0 [pid 9554] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9555] <... memfd_create resumed>) = 3 [pid 9555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9555] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9555] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9555] close(3) = 0 [pid 9555] mkdir("./file0", 0777) = 0 [ 247.496748][ T9555] loop0: detected capacity change from 0 to 32768 [ 247.522871][ T9555] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9555) [ 247.538332][ T9555] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 247.547619][ T9555] BTRFS info (device loop0): force clearing of disk cache [ 247.554758][ T9555] BTRFS info (device loop0): setting nodatasum [ 247.560920][ T9555] BTRFS info (device loop0): allowing degraded mounts [ 247.567801][ T9555] BTRFS info (device loop0): enabling disk space caching [ 247.574881][ T9555] BTRFS info (device loop0): disk space caching is enabled [ 247.605512][ T9555] BTRFS info (device loop0): enabling ssd optimizations [ 247.612584][ T9555] BTRFS info (device loop0): auto enabling async discard [ 247.620639][ T9555] BTRFS info (device loop0): rebuilding free space tree [ 247.631889][ T9555] BTRFS info (device loop0): disabling free space tree [ 247.638893][ T9555] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9555] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9555] chdir("./file0") = 0 [pid 9555] ioctl(4, LOOP_CLR_FD) = 0 [pid 9555] close(4) = 0 [pid 9555] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9554] <... futex resumed>) = 0 [pid 9555] <... futex resumed>) = 1 [pid 9554] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9555] open("./file0", O_RDONLY [pid 9554] <... futex resumed>) = 0 [pid 9554] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9555] <... open resumed>) = 4 [pid 9555] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9554] <... futex resumed>) = 0 [pid 9555] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9554] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9554] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9555] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [ 247.648579][ T9555] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 247.661049][ T9555] BTRFS info (device loop0): checking UUID tree [pid 9555] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9554] <... futex resumed>) = 0 [pid 9555] <... futex resumed>) = 1 [pid 9554] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9555] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9554] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9554] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9554] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9573]}, 88) = 9573 [pid 9554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9554] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 9573 attached [pid 9573] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9554] <... futex resumed>) = 0 [pid 9573] <... rseq resumed>) = 0 [pid 9554] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9573] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9573] open(".", O_RDONLY) = 5 [pid 9573] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9554] <... futex resumed>) = 0 [pid 9573] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9554] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9554] <... futex resumed>) = 0 [pid 9573] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 247.738451][ T9555] BTRFS info (device loop0): balance: start -d -m [ 247.749252][ T9555] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 247.775192][ T9555] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9554] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9573] <... ioctl resumed>) = 0 [pid 9573] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9554] <... futex resumed>) = 0 [pid 9573] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9555] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9555] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9555] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9554] exit_group(0 [pid 9573] <... futex resumed>) = ? [pid 9555] <... futex resumed>) = ? [pid 9554] <... exit_group resumed>) = ? [pid 9573] +++ exited with 0 +++ [pid 9555] +++ exited with 0 +++ [pid 9554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9554, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./224", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 247.831111][ T9555] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 247.852334][ T9555] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 247.870085][ T9555] BTRFS info (device loop0): balance: ended with status: 0 umount2("./224/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/binderfs") = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9574 attached [pid 9574] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9574] chdir("./225") = 0 [pid 9574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9574 [pid 9574] setpgid(0, 0) = 0 [pid 9574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9574] write(3, "1000", 4) = 4 [pid 9574] close(3) = 0 [pid 9574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9574] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9574] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9574] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9574] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9574] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9575 attached [pid 9575] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9575] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9575] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9574] <... clone3 resumed> => {parent_tid=[9575]}, 88) = 9575 [pid 9574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9574] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9575] <... futex resumed>) = 0 [pid 9574] <... futex resumed>) = 1 [pid 9575] memfd_create("syzkaller", 0 [pid 9574] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9575] <... memfd_create resumed>) = 3 [pid 9575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9575] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9575] close(3) = 0 [pid 9575] mkdir("./file0", 0777) = 0 [ 248.380697][ T9575] loop0: detected capacity change from 0 to 32768 [ 248.393908][ T9575] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9575) [ 248.409364][ T9575] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 248.418673][ T9575] BTRFS info (device loop0): force clearing of disk cache [ 248.425879][ T9575] BTRFS info (device loop0): setting nodatasum [ 248.432025][ T9575] BTRFS info (device loop0): allowing degraded mounts [ 248.438831][ T9575] BTRFS info (device loop0): enabling disk space caching [ 248.445931][ T9575] BTRFS info (device loop0): disk space caching is enabled [ 248.464124][ T9575] BTRFS info (device loop0): enabling ssd optimizations [ 248.471109][ T9575] BTRFS info (device loop0): auto enabling async discard [pid 9575] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9575] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9575] chdir("./file0") = 0 [pid 9575] ioctl(4, LOOP_CLR_FD) = 0 [pid 9575] close(4) = 0 [pid 9575] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9574] <... futex resumed>) = 0 [pid 9575] <... futex resumed>) = 1 [pid 9574] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9575] open("./file0", O_RDONLY [pid 9574] <... futex resumed>) = 0 [pid 9575] <... open resumed>) = 4 [ 248.479213][ T9575] BTRFS info (device loop0): rebuilding free space tree [ 248.491250][ T9575] BTRFS info (device loop0): disabling free space tree [ 248.498645][ T9575] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 248.508754][ T9575] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 248.521840][ T9575] BTRFS info (device loop0): checking UUID tree [pid 9574] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9575] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9574] <... futex resumed>) = 0 [pid 9575] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9574] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9574] <... futex resumed>) = 0 [pid 9575] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9574] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9575] <... ioctl resumed>) = 0 [pid 9575] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9574] <... futex resumed>) = 0 [pid 9574] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9575] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9574] <... futex resumed>) = 0 [pid 9574] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9574] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9574] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9574] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9593]}, 88) = 9593 [pid 9574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9574] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9574] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9593 attached [pid 9593] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9593] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9593] open(".", O_RDONLY) = 5 [pid 9593] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9574] <... futex resumed>) = 0 [pid 9574] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9574] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9593] <... futex resumed>) = 1 [ 248.595048][ T9575] BTRFS info (device loop0): balance: start -d -m [ 248.603587][ T9575] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 248.633688][ T9575] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9593] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 9593] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9574] <... futex resumed>) = 0 [pid 9593] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9575] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9575] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9575] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9574] exit_group(0 [pid 9593] <... futex resumed>) = ? [pid 9575] <... futex resumed>) = ? [pid 9574] <... exit_group resumed>) = ? [pid 9593] +++ exited with 0 +++ [pid 9575] +++ exited with 0 +++ [pid 9574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9574, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./225", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 248.701197][ T9575] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 248.721472][ T9575] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 248.738508][ T9575] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./225/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/binderfs") = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9594 attached [pid 9594] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9594] chdir("./226") = 0 [pid 9594] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9594 [pid 9594] <... prctl resumed>) = 0 [pid 9594] setpgid(0, 0) = 0 [pid 9594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9594] write(3, "1000", 4) = 4 [pid 9594] close(3) = 0 [pid 9594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9594] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9594] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9594] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9595 attached [pid 9595] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9594] <... clone3 resumed> => {parent_tid=[9595]}, 88) = 9595 [pid 9595] <... rseq resumed>) = 0 [pid 9595] set_robust_list(0x7f0bd5e299a0, 24 [pid 9594] rt_sigprocmask(SIG_SETMASK, [], [pid 9595] <... set_robust_list resumed>) = 0 [pid 9595] rt_sigprocmask(SIG_SETMASK, [], [pid 9594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9595] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9594] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9595] memfd_create("syzkaller", 0 [pid 9594] <... futex resumed>) = 0 [pid 9594] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9595] <... memfd_create resumed>) = 3 [pid 9595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9595] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9595] close(3) = 0 [pid 9595] mkdir("./file0", 0777) = 0 [ 249.323151][ T9595] loop0: detected capacity change from 0 to 32768 [ 249.337672][ T9595] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9595) [ 249.352431][ T9595] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 249.361725][ T9595] BTRFS info (device loop0): force clearing of disk cache [ 249.368950][ T9595] BTRFS info (device loop0): setting nodatasum [ 249.375174][ T9595] BTRFS info (device loop0): allowing degraded mounts [ 249.381926][ T9595] BTRFS info (device loop0): enabling disk space caching [ 249.389018][ T9595] BTRFS info (device loop0): disk space caching is enabled [ 249.407264][ T9595] BTRFS info (device loop0): enabling ssd optimizations [ 249.414350][ T9595] BTRFS info (device loop0): auto enabling async discard [pid 9595] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9595] chdir("./file0") = 0 [pid 9595] ioctl(4, LOOP_CLR_FD) = 0 [pid 9595] close(4) = 0 [pid 9595] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9594] <... futex resumed>) = 0 [pid 9595] <... futex resumed>) = 1 [pid 9594] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9595] open("./file0", O_RDONLY [pid 9594] <... futex resumed>) = 0 [pid 9595] <... open resumed>) = 4 [ 249.421967][ T9595] BTRFS info (device loop0): rebuilding free space tree [ 249.433017][ T9595] BTRFS info (device loop0): disabling free space tree [ 249.440063][ T9595] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 249.449742][ T9595] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 249.463153][ T9595] BTRFS info (device loop0): checking UUID tree [pid 9594] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9595] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9594] <... futex resumed>) = 0 [pid 9595] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9594] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9595] <... ioctl resumed>) = 0 [pid 9594] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9595] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9594] <... futex resumed>) = 0 [pid 9595] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9594] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9594] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9594] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 9594] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9594] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9613 attached => {parent_tid=[9613]}, 88) = 9613 [pid 9613] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9594] rt_sigprocmask(SIG_SETMASK, [], [pid 9613] <... rseq resumed>) = 0 [pid 9594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9613] set_robust_list(0x7f0bd5e089a0, 24 [pid 9594] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9613] <... set_robust_list resumed>) = 0 [pid 9594] <... futex resumed>) = 0 [pid 9613] rt_sigprocmask(SIG_SETMASK, [], [pid 9594] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9613] open(".", O_RDONLY) = 5 [pid 9613] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9594] <... futex resumed>) = 0 [pid 9613] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9594] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9594] <... futex resumed>) = 0 [pid 9613] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 249.525429][ T9595] BTRFS info (device loop0): balance: start -d -m [ 249.535386][ T9595] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 249.556439][ T9595] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9594] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9613] <... ioctl resumed>) = 0 [pid 9613] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9613] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9594] <... futex resumed>) = 0 [ 249.612963][ T9595] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 249.652611][ T9595] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9595] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9595] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9595] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9594] exit_group(0 [pid 9613] <... futex resumed>) = ? [pid 9613] +++ exited with 0 +++ [pid 9595] <... futex resumed>) = ? [pid 9594] <... exit_group resumed>) = ? [pid 9595] +++ exited with 0 +++ [pid 9594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9594, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- [ 249.670903][ T9595] BTRFS info (device loop0): balance: ended with status: 0 umount2("./226", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./226/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/binderfs") = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9614 attached , child_tidptr=0x5555570ad690) = 9614 [pid 9614] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9614] chdir("./227") = 0 [pid 9614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9614] setpgid(0, 0) = 0 [pid 9614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9614] write(3, "1000", 4) = 4 [pid 9614] close(3) = 0 [pid 9614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9614] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9614] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9614] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9614] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9614] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9615 attached [pid 9615] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9614] <... clone3 resumed> => {parent_tid=[9615]}, 88) = 9615 [pid 9615] <... rseq resumed>) = 0 [pid 9615] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9615] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9614] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9615] <... futex resumed>) = 0 [pid 9614] <... futex resumed>) = 1 [pid 9615] memfd_create("syzkaller", 0 [pid 9614] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9615] <... memfd_create resumed>) = 3 [pid 9615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9615] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9615] close(3) = 0 [pid 9615] mkdir("./file0", 0777) = 0 [ 250.209419][ T9615] loop0: detected capacity change from 0 to 32768 [ 250.223293][ T9615] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9615) [ 250.239422][ T9615] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 250.248944][ T9615] BTRFS info (device loop0): force clearing of disk cache [ 250.256152][ T9615] BTRFS info (device loop0): setting nodatasum [ 250.262332][ T9615] BTRFS info (device loop0): allowing degraded mounts [ 250.269257][ T9615] BTRFS info (device loop0): enabling disk space caching [ 250.276468][ T9615] BTRFS info (device loop0): disk space caching is enabled [ 250.296332][ T9615] BTRFS info (device loop0): enabling ssd optimizations [pid 9615] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9615] chdir("./file0") = 0 [pid 9615] ioctl(4, LOOP_CLR_FD) = 0 [pid 9615] close(4) = 0 [pid 9615] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9615] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9614] <... futex resumed>) = 0 [pid 9614] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9615] <... futex resumed>) = 0 [pid 9615] open("./file0", O_RDONLY [ 250.303309][ T9615] BTRFS info (device loop0): auto enabling async discard [ 250.311311][ T9615] BTRFS info (device loop0): rebuilding free space tree [ 250.321953][ T9615] BTRFS info (device loop0): disabling free space tree [ 250.328931][ T9615] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 250.338659][ T9615] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 250.351241][ T9615] BTRFS info (device loop0): checking UUID tree [pid 9614] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9615] <... open resumed>) = 4 [pid 9615] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9614] <... futex resumed>) = 0 [pid 9615] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9614] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9615] <... ioctl resumed>) = 0 [pid 9614] <... futex resumed>) = 0 [pid 9615] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9614] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 9615] <... futex resumed>) = 0 [pid 9615] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9614] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9614] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9614] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9614] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9614] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9633]}, 88) = 9633 ./strace-static-x86_64: Process 9633 attached [pid 9614] rt_sigprocmask(SIG_SETMASK, [], [pid 9633] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9633] set_robust_list(0x7f0bd5e089a0, 24 [pid 9614] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9633] <... set_robust_list resumed>) = 0 [pid 9614] <... futex resumed>) = 0 [pid 9633] rt_sigprocmask(SIG_SETMASK, [], [pid 9614] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9633] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 250.420630][ T9615] BTRFS info (device loop0): balance: start -d -m [ 250.430601][ T9615] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 250.451983][ T9615] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9633] open(".", O_RDONLY) = 5 [pid 9633] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9614] <... futex resumed>) = 0 [pid 9614] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9633] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9614] <... futex resumed>) = 0 [ 250.495230][ T9615] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9614] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9633] <... ioctl resumed>) = 0 [pid 9633] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9633] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9614] <... futex resumed>) = 0 [pid 9615] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9615] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9615] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9614] exit_group(0 [pid 9633] <... futex resumed>) = ? [pid 9615] <... futex resumed>) = ? [pid 9614] <... exit_group resumed>) = ? [pid 9615] +++ exited with 0 +++ [pid 9633] +++ exited with 0 +++ [pid 9614] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9614, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- umount2("./227", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 250.539065][ T9615] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 250.557638][ T9615] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./227/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/binderfs") = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./227/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9634 attached [pid 9634] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9634] chdir("./228") = 0 [pid 9634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9634 [pid 9634] setpgid(0, 0) = 0 [pid 9634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9634] write(3, "1000", 4) = 4 [pid 9634] close(3) = 0 [pid 9634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9634] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9634] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9634] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9635 attached [pid 9635] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9634] <... clone3 resumed> => {parent_tid=[9635]}, 88) = 9635 [pid 9635] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9634] rt_sigprocmask(SIG_SETMASK, [], [pid 9635] rt_sigprocmask(SIG_SETMASK, [], [pid 9634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9634] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9635] memfd_create("syzkaller", 0 [pid 9634] <... futex resumed>) = 0 [pid 9634] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9635] <... memfd_create resumed>) = 3 [pid 9635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9635] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9635] close(3) = 0 [pid 9635] mkdir("./file0", 0777) = 0 [ 251.102058][ T9635] loop0: detected capacity change from 0 to 32768 [ 251.126217][ T9635] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9635) [ 251.142574][ T9635] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [pid 9635] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9635] chdir("./file0") = 0 [pid 9635] ioctl(4, LOOP_CLR_FD) = 0 [pid 9635] close(4) = 0 [pid 9635] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9635] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9634] <... futex resumed>) = 0 [pid 9634] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9634] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9635] open("./file0", O_RDONLY) = 4 [ 251.151979][ T9635] BTRFS info (device loop0): force clearing of disk cache [ 251.159150][ T9635] BTRFS info (device loop0): setting nodatasum [ 251.165378][ T9635] BTRFS info (device loop0): allowing degraded mounts [ 251.172154][ T9635] BTRFS info (device loop0): enabling disk space caching [pid 9635] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9634] <... futex resumed>) = 0 [pid 9634] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9635] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9634] <... futex resumed>) = 0 [pid 9634] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9635] <... ioctl resumed>) = 0 [pid 9635] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9634] <... futex resumed>) = 0 [pid 9635] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9634] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9634] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9635] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9634] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 9634] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9634] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9653 attached => {parent_tid=[9653]}, 88) = 9653 [pid 9634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9653] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9653] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9653] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9634] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9653] <... futex resumed>) = 0 [pid 9653] open(".", O_RDONLY) = 5 [pid 9634] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9653] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9653] <... futex resumed>) = 0 [pid 9634] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9653] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9634] <... futex resumed>) = 0 [pid 9634] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9653] <... ioctl resumed>) = 0 [pid 9653] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9634] <... futex resumed>) = 0 [pid 9653] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9635] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9635] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9635] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9634] exit_group(0 [pid 9653] <... futex resumed>) = ? [pid 9635] <... futex resumed>) = ? [pid 9634] <... exit_group resumed>) = ? [pid 9653] +++ exited with 0 +++ [pid 9635] +++ exited with 0 +++ [pid 9634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9634, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./228", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./228/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./228/binderfs") = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9654 attached , child_tidptr=0x5555570ad690) = 9654 [pid 9654] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9654] chdir("./229") = 0 [pid 9654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9654] setpgid(0, 0) = 0 [pid 9654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9654] write(3, "1000", 4) = 4 [pid 9654] close(3) = 0 [pid 9654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9654] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9654] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9654] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9654] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9654] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9654] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9655 attached [pid 9655] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9654] <... clone3 resumed> => {parent_tid=[9655]}, 88) = 9655 [pid 9655] set_robust_list(0x7f0bd5e299a0, 24 [pid 9654] rt_sigprocmask(SIG_SETMASK, [], [pid 9655] <... set_robust_list resumed>) = 0 [pid 9655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9655] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9654] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9654] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9655] <... futex resumed>) = 0 [pid 9655] memfd_create("syzkaller", 0) = 3 [pid 9655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9655] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9655] close(3) = 0 [pid 9655] mkdir("./file0", 0777) = 0 [ 251.998913][ T9655] loop0: detected capacity change from 0 to 32768 [ 252.026369][ T9655] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9655) [ 252.043256][ T9655] _btrfs_printk: 14 callbacks suppressed [ 252.043268][ T9655] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 252.058254][ T9655] BTRFS info (device loop0): force clearing of disk cache [ 252.065526][ T9655] BTRFS info (device loop0): setting nodatasum [ 252.071704][ T9655] BTRFS info (device loop0): allowing degraded mounts [ 252.078568][ T9655] BTRFS info (device loop0): enabling disk space caching [ 252.085629][ T9655] BTRFS info (device loop0): disk space caching is enabled [ 252.104509][ T9655] BTRFS info (device loop0): enabling ssd optimizations [ 252.111562][ T9655] BTRFS info (device loop0): auto enabling async discard [ 252.120327][ T9655] BTRFS info (device loop0): rebuilding free space tree [ 252.131275][ T9655] BTRFS info (device loop0): disabling free space tree [ 252.138235][ T9655] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9655] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9655] chdir("./file0") = 0 [pid 9655] ioctl(4, LOOP_CLR_FD) = 0 [pid 9655] close(4) = 0 [pid 9655] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9655] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9654] <... futex resumed>) = 0 [pid 9654] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9655] <... futex resumed>) = 0 [pid 9654] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9655] open("./file0", O_RDONLY) = 4 [ 252.147914][ T9655] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 252.160540][ T9655] BTRFS info (device loop0): checking UUID tree [pid 9655] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9655] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9654] <... futex resumed>) = 0 [pid 9654] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9655] <... futex resumed>) = 0 [pid 9655] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9654] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9655] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9654] <... futex resumed>) = 0 [pid 9655] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 9654] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9655] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9654] <... futex resumed>) = 0 [pid 9654] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9654] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9654] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9654] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9654] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9673]}, 88) = 9673 ./strace-static-x86_64: Process 9673 attached [pid 9673] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9654] rt_sigprocmask(SIG_SETMASK, [], [pid 9673] <... rseq resumed>) = 0 [pid 9673] set_robust_list(0x7f0bd5e089a0, 24 [pid 9654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9673] <... set_robust_list resumed>) = 0 [pid 9654] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9673] rt_sigprocmask(SIG_SETMASK, [], [pid 9654] <... futex resumed>) = 0 [pid 9673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9654] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9673] open(".", O_RDONLY) = 5 [pid 9673] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9654] <... futex resumed>) = 0 [pid 9654] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9673] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9654] <... futex resumed>) = 0 [ 252.235876][ T9655] BTRFS info (device loop0): balance: start -d -m [ 252.244622][ T9655] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 252.268029][ T9655] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9654] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9673] <... ioctl resumed>) = 0 [pid 9673] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9654] <... futex resumed>) = 0 [ 252.332073][ T9655] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 252.361773][ T9655] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9673] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9655] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9655] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9655] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9654] exit_group(0 [pid 9673] <... futex resumed>) = ? [pid 9673] +++ exited with 0 +++ [pid 9654] <... exit_group resumed>) = ? [pid 9655] <... futex resumed>) = ? [ 252.379119][ T9655] BTRFS info (device loop0): balance: ended with status: 0 [pid 9655] +++ exited with 0 +++ [pid 9654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9654, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./229", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./229/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./229/binderfs") = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9674 attached , child_tidptr=0x5555570ad690) = 9674 [pid 9674] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9674] chdir("./230") = 0 [pid 9674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9674] setpgid(0, 0) = 0 [pid 9674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9674] write(3, "1000", 4) = 4 [pid 9674] close(3) = 0 [pid 9674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9674] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9674] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9674] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9674] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9675 attached [pid 9675] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9675] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9674] <... clone3 resumed> => {parent_tid=[9675]}, 88) = 9675 [pid 9674] rt_sigprocmask(SIG_SETMASK, [], [pid 9675] rt_sigprocmask(SIG_SETMASK, [], [pid 9674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9674] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9674] <... futex resumed>) = 0 [pid 9674] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9675] memfd_create("syzkaller", 0) = 3 [pid 9675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9675] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9675] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9675] close(3) = 0 [pid 9675] mkdir("./file0", 0777) = 0 [ 252.972042][ T9675] loop0: detected capacity change from 0 to 32768 [ 252.997823][ T9675] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9675) [ 253.012711][ T9675] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 253.022023][ T9675] BTRFS info (device loop0): force clearing of disk cache [ 253.029202][ T9675] BTRFS info (device loop0): setting nodatasum [ 253.035410][ T9675] BTRFS info (device loop0): allowing degraded mounts [ 253.042164][ T9675] BTRFS info (device loop0): enabling disk space caching [ 253.049304][ T9675] BTRFS info (device loop0): disk space caching is enabled [ 253.068824][ T9675] BTRFS info (device loop0): enabling ssd optimizations [ 253.075920][ T9675] BTRFS info (device loop0): auto enabling async discard [ 253.084180][ T9675] BTRFS info (device loop0): rebuilding free space tree [ 253.096031][ T9675] BTRFS info (device loop0): disabling free space tree [ 253.102921][ T9675] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 253.112648][ T9675] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9675] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9675] chdir("./file0") = 0 [pid 9675] ioctl(4, LOOP_CLR_FD) = 0 [pid 9675] close(4) = 0 [pid 9675] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9674] <... futex resumed>) = 0 [pid 9675] open("./file0", O_RDONLY [pid 9674] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9675] <... open resumed>) = 4 [pid 9674] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9675] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9674] <... futex resumed>) = 0 [pid 9675] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 9674] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9675] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9674] <... futex resumed>) = 0 [pid 9674] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9675] <... ioctl resumed>) = 0 [pid 9675] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9674] <... futex resumed>) = 0 [pid 9675] <... futex resumed>) = 1 [pid 9675] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9674] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 253.125406][ T9675] BTRFS info (device loop0): checking UUID tree [pid 9674] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9674] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9674] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 253.170008][ T9675] BTRFS info (device loop0): balance: start -d -m [ 253.178048][ T9675] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 253.198588][ T9675] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9693 attached => {parent_tid=[9693]}, 88) = 9693 [pid 9674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9674] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9674] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9693] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9693] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9693] open(".", O_RDONLY) = 5 [pid 9693] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9674] <... futex resumed>) = 0 [pid 9693] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 9674] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9693] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9674] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9693] <... ioctl resumed>) = 0 [pid 9693] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9674] <... futex resumed>) = 0 [ 253.241637][ T9675] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9693] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9675] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9675] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9674] exit_group(0 [pid 9693] <... futex resumed>) = ? [pid 9693] +++ exited with 0 +++ [pid 9674] <... exit_group resumed>) = ? [pid 9675] <... futex resumed>) = ? [pid 9675] +++ exited with 0 +++ [pid 9674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9674, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./230", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./230/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./230/binderfs") = 0 [ 253.299558][ T9675] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 253.323417][ T9675] BTRFS info (device loop0): balance: ended with status: 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9694 attached , child_tidptr=0x5555570ad690) = 9694 [pid 9694] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9694] chdir("./231") = 0 [pid 9694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9694] setpgid(0, 0) = 0 [pid 9694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9694] write(3, "1000", 4) = 4 [pid 9694] close(3) = 0 [pid 9694] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9694] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9694] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9694] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9694] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9694] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9694] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9695 attached [pid 9695] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9694] <... clone3 resumed> => {parent_tid=[9695]}, 88) = 9695 [pid 9695] set_robust_list(0x7f0bd5e299a0, 24 [pid 9694] rt_sigprocmask(SIG_SETMASK, [], [pid 9695] <... set_robust_list resumed>) = 0 [pid 9694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9695] rt_sigprocmask(SIG_SETMASK, [], [pid 9694] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9694] <... futex resumed>) = 0 [pid 9695] memfd_create("syzkaller", 0 [pid 9694] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9695] <... memfd_create resumed>) = 3 [pid 9695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9695] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9695] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9695] close(3) = 0 [pid 9695] mkdir("./file0", 0777) = 0 [ 253.792626][ T9695] loop0: detected capacity change from 0 to 32768 [ 253.802024][ T9695] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9695) [ 253.818437][ T9695] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 253.827796][ T9695] BTRFS info (device loop0): force clearing of disk cache [ 253.835022][ T9695] BTRFS info (device loop0): setting nodatasum [ 253.841191][ T9695] BTRFS info (device loop0): allowing degraded mounts [ 253.848186][ T9695] BTRFS info (device loop0): enabling disk space caching [ 253.855246][ T9695] BTRFS info (device loop0): disk space caching is enabled [ 253.875109][ T9695] BTRFS info (device loop0): enabling ssd optimizations [ 253.882065][ T9695] BTRFS info (device loop0): auto enabling async discard [pid 9695] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9695] chdir("./file0") = 0 [pid 9695] ioctl(4, LOOP_CLR_FD) = 0 [pid 9695] close(4) = 0 [pid 9695] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9694] <... futex resumed>) = 0 [pid 9695] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9694] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9695] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9695] open("./file0", O_RDONLY [pid 9694] <... futex resumed>) = 0 [pid 9695] <... open resumed>) = 4 [pid 9694] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9695] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9694] <... futex resumed>) = 0 [pid 9695] <... futex resumed>) = 1 [pid 9694] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9695] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9694] <... futex resumed>) = 0 [ 253.890649][ T9695] BTRFS info (device loop0): rebuilding free space tree [ 253.901599][ T9695] BTRFS info (device loop0): disabling free space tree [ 253.908677][ T9695] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 253.918347][ T9695] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 253.931061][ T9695] BTRFS info (device loop0): checking UUID tree [pid 9694] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9695] <... ioctl resumed>) = 0 [pid 9695] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9695] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9694] <... futex resumed>) = 0 [pid 9694] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9695] <... futex resumed>) = 0 [pid 9694] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9695] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9694] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 9694] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9694] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9694] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9694] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9713 attached => {parent_tid=[9713]}, 88) = 9713 [pid 9713] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9713] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9713] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9694] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9694] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9713] <... futex resumed>) = 0 [pid 9694] <... futex resumed>) = 1 [pid 9713] open(".", O_RDONLY) = 5 [pid 9694] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9713] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9694] <... futex resumed>) = 0 [pid 9713] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 9694] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9713] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9694] <... futex resumed>) = 0 [ 253.984850][ T9695] BTRFS info (device loop0): balance: start -d -m [ 253.994240][ T9695] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 254.016015][ T9695] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9694] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9713] <... ioctl resumed>) = 0 [pid 9713] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9694] <... futex resumed>) = 0 [ 254.066171][ T9695] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9713] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9695] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9695] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9694] exit_group(0 [pid 9713] <... futex resumed>) = ? [pid 9695] <... futex resumed>) = ? [pid 9694] <... exit_group resumed>) = ? [pid 9713] +++ exited with 0 +++ [pid 9695] +++ exited with 0 +++ [pid 9694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9694, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 254.118167][ T9695] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 254.139219][ T9695] BTRFS info (device loop0): balance: ended with status: 0 umount2("./231", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./231/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./231/binderfs") = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9714 attached [pid 9714] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9714] chdir("./232") = 0 [pid 9714] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9714 [pid 9714] <... prctl resumed>) = 0 [pid 9714] setpgid(0, 0) = 0 [pid 9714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9714] write(3, "1000", 4) = 4 [pid 9714] close(3) = 0 [pid 9714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9714] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9714] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9714] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9714] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9715 attached => {parent_tid=[9715]}, 88) = 9715 [pid 9715] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9714] rt_sigprocmask(SIG_SETMASK, [], [pid 9715] set_robust_list(0x7f0bd5e299a0, 24 [pid 9714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9715] <... set_robust_list resumed>) = 0 [pid 9715] rt_sigprocmask(SIG_SETMASK, [], [pid 9714] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9714] <... futex resumed>) = 0 [pid 9714] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9715] memfd_create("syzkaller", 0) = 3 [pid 9715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9715] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9715] close(3) = 0 [pid 9715] mkdir("./file0", 0777) = 0 [ 254.682808][ T9715] loop0: detected capacity change from 0 to 32768 [ 254.692108][ T9715] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9715) [ 254.707784][ T9715] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 254.717097][ T9715] BTRFS info (device loop0): force clearing of disk cache [ 254.724249][ T9715] BTRFS info (device loop0): setting nodatasum [ 254.730412][ T9715] BTRFS info (device loop0): allowing degraded mounts [ 254.737234][ T9715] BTRFS info (device loop0): enabling disk space caching [ 254.744306][ T9715] BTRFS info (device loop0): disk space caching is enabled [ 254.764215][ T9715] BTRFS info (device loop0): enabling ssd optimizations [ 254.771207][ T9715] BTRFS info (device loop0): auto enabling async discard [pid 9715] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9715] chdir("./file0") = 0 [pid 9715] ioctl(4, LOOP_CLR_FD) = 0 [pid 9715] close(4) = 0 [pid 9715] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9714] <... futex resumed>) = 0 [pid 9715] <... futex resumed>) = 1 [pid 9715] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9714] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9715] <... futex resumed>) = 0 [pid 9714] <... futex resumed>) = 1 [pid 9715] open("./file0", O_RDONLY) = 4 [ 254.779197][ T9715] BTRFS info (device loop0): rebuilding free space tree [ 254.790472][ T9715] BTRFS info (device loop0): disabling free space tree [ 254.797546][ T9715] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 254.807298][ T9715] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 254.820566][ T9715] BTRFS info (device loop0): checking UUID tree [pid 9714] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9715] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9714] <... futex resumed>) = 0 [pid 9715] <... futex resumed>) = 1 [pid 9714] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9714] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9715] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9715] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9714] <... futex resumed>) = 0 [pid 9715] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9714] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9715] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9714] <... futex resumed>) = 0 [pid 9714] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9714] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 9714] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9714] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9733]}, 88) = 9733 [pid 9714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9714] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9714] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9733 attached [pid 9733] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9733] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9733] open(".", O_RDONLY) = 5 [pid 9733] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9733] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9714] <... futex resumed>) = 0 [pid 9714] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9733] <... futex resumed>) = 0 [pid 9714] <... futex resumed>) = 1 [pid 9733] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 254.895652][ T9715] BTRFS info (device loop0): balance: start -d -m [ 254.905426][ T9715] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 254.933099][ T9715] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9714] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9733] <... ioctl resumed>) = 0 [pid 9733] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9714] <... futex resumed>) = 0 [pid 9733] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9715] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9715] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9714] exit_group(0 [pid 9733] <... futex resumed>) = ? [pid 9714] <... exit_group resumed>) = ? [pid 9733] +++ exited with 0 +++ [pid 9715] +++ exited with 0 +++ [pid 9714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9714, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- umount2("./232", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 254.990786][ T9715] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 255.013723][ T9715] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 255.031388][ T9715] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./232/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./232/binderfs") = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9734 attached , child_tidptr=0x5555570ad690) = 9734 [pid 9734] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9734] chdir("./233") = 0 [pid 9734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9734] setpgid(0, 0) = 0 [pid 9734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9734] write(3, "1000", 4) = 4 [pid 9734] close(3) = 0 [pid 9734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9734] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9734] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9734] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9734] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9734] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9735 attached [pid 9735] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9734] <... clone3 resumed> => {parent_tid=[9735]}, 88) = 9735 [pid 9735] <... rseq resumed>) = 0 [pid 9734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9734] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9735] set_robust_list(0x7f0bd5e299a0, 24 [pid 9734] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9735] <... set_robust_list resumed>) = 0 [pid 9735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9735] memfd_create("syzkaller", 0) = 3 [pid 9735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9735] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9735] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9735] close(3) = 0 [pid 9735] mkdir("./file0", 0777) = 0 [ 255.599685][ T9735] loop0: detected capacity change from 0 to 32768 [ 255.625639][ T9735] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9735) [ 255.642109][ T9735] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 255.651395][ T9735] BTRFS info (device loop0): force clearing of disk cache [ 255.658541][ T9735] BTRFS info (device loop0): setting nodatasum [ 255.664773][ T9735] BTRFS info (device loop0): allowing degraded mounts [ 255.671542][ T9735] BTRFS info (device loop0): enabling disk space caching [ 255.678650][ T9735] BTRFS info (device loop0): disk space caching is enabled [ 255.697749][ T9735] BTRFS info (device loop0): enabling ssd optimizations [ 255.704791][ T9735] BTRFS info (device loop0): auto enabling async discard [ 255.712584][ T9735] BTRFS info (device loop0): rebuilding free space tree [ 255.724126][ T9735] BTRFS info (device loop0): disabling free space tree [ 255.731035][ T9735] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 9735] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9735] chdir("./file0") = 0 [pid 9735] ioctl(4, LOOP_CLR_FD) = 0 [pid 9735] close(4) = 0 [pid 9735] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9734] <... futex resumed>) = 0 [pid 9735] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9734] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9735] <... futex resumed>) = 0 [pid 9734] <... futex resumed>) = 1 [pid 9735] open("./file0", O_RDONLY [pid 9734] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9735] <... open resumed>) = 4 [ 255.740722][ T9735] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 255.753395][ T9735] BTRFS info (device loop0): checking UUID tree [pid 9735] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9734] <... futex resumed>) = 0 [pid 9735] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9734] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9734] <... futex resumed>) = 0 [pid 9735] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9734] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9735] <... ioctl resumed>) = 0 [pid 9735] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9734] <... futex resumed>) = 0 [pid 9735] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9734] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9734] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9734] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9734] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9734] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9753]}, 88) = 9753 [pid 9734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9734] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9734] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9753 attached [pid 9753] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9753] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9753] open(".", O_RDONLY) = 5 [pid 9753] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9734] <... futex resumed>) = 0 [pid 9734] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9734] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9753] <... futex resumed>) = 1 [ 255.833781][ T9735] BTRFS info (device loop0): balance: start -d -m [ 255.856087][ T9735] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 9753] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9734] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 9753] <... ioctl resumed>) = 0 [pid 9753] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 255.958945][ T9735] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 256.005067][ T9735] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 256.038590][ T9735] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9753] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9735] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9735] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9734] exit_group(0 [pid 9735] <... futex resumed>) = 0 [pid 9753] <... futex resumed>) = ? [pid 9734] <... exit_group resumed>) = ? [pid 9753] +++ exited with 0 +++ [pid 9735] +++ exited with 0 +++ [pid 9734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9734, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- umount2("./233", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./233/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./233/binderfs") = 0 [ 256.067577][ T9735] BTRFS info (device loop0): balance: ended with status: 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9754 attached [pid 9754] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9754] chdir("./234") = 0 [pid 9754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9754 [pid 9754] setpgid(0, 0) = 0 [pid 9754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9754] write(3, "1000", 4) = 4 [pid 9754] close(3) = 0 [pid 9754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9754] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9754] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9754] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9755 attached [pid 9755] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9754] <... clone3 resumed> => {parent_tid=[9755]}, 88) = 9755 [pid 9755] set_robust_list(0x7f0bd5e299a0, 24 [pid 9754] rt_sigprocmask(SIG_SETMASK, [], [pid 9755] <... set_robust_list resumed>) = 0 [pid 9754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9755] rt_sigprocmask(SIG_SETMASK, [], [pid 9754] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9754] <... futex resumed>) = 0 [pid 9755] memfd_create("syzkaller", 0 [pid 9754] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9755] <... memfd_create resumed>) = 3 [pid 9755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9755] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9755] close(3) = 0 [pid 9755] mkdir("./file0", 0777) = 0 [ 256.679112][ T9755] loop0: detected capacity change from 0 to 32768 [ 256.694165][ T9755] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9755) [ 256.709842][ T9755] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 256.719175][ T9755] BTRFS info (device loop0): force clearing of disk cache [pid 9755] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9755] chdir("./file0") = 0 [pid 9755] ioctl(4, LOOP_CLR_FD) = 0 [pid 9755] close(4) = 0 [pid 9755] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9754] <... futex resumed>) = 0 [pid 9755] open("./file0", O_RDONLY [pid 9754] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9754] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9755] <... open resumed>) = 4 [pid 9755] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9754] <... futex resumed>) = 0 [pid 9755] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9754] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9755] <... ioctl resumed>) = 0 [pid 9754] <... futex resumed>) = 0 [ 256.727141][ T9755] BTRFS info (device loop0): setting nodatasum [ 256.733296][ T9755] BTRFS info (device loop0): allowing degraded mounts [ 256.740113][ T9755] BTRFS info (device loop0): enabling disk space caching [pid 9754] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9755] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9754] <... futex resumed>) = 0 [pid 9755] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9754] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9755] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9754] <... futex resumed>) = 0 [pid 9754] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9754] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9754] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9773 attached [pid 9773] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9754] <... clone3 resumed> => {parent_tid=[9773]}, 88) = 9773 [pid 9773] <... rseq resumed>) = 0 [pid 9754] rt_sigprocmask(SIG_SETMASK, [], [pid 9773] set_robust_list(0x7f0bd5e089a0, 24 [pid 9754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9773] <... set_robust_list resumed>) = 0 [pid 9754] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9773] rt_sigprocmask(SIG_SETMASK, [], [pid 9754] <... futex resumed>) = 0 [pid 9773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9754] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9773] open(".", O_RDONLY) = 5 [pid 9773] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9754] <... futex resumed>) = 0 [pid 9773] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9754] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9773] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9754] <... futex resumed>) = 0 [pid 9773] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9754] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9773] <... ioctl resumed>) = 0 [pid 9773] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9755] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9754] <... futex resumed>) = 0 [pid 9773] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9755] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9755] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9754] exit_group(0 [pid 9755] <... futex resumed>) = ? [pid 9754] <... exit_group resumed>) = ? [pid 9773] <... futex resumed>) = ? [pid 9755] +++ exited with 0 +++ [pid 9773] +++ exited with 0 +++ [pid 9754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9754, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- umount2("./234", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./234/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./234/binderfs") = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9774 attached , child_tidptr=0x5555570ad690) = 9774 [pid 9774] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9774] chdir("./235") = 0 [pid 9774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9774] setpgid(0, 0) = 0 [pid 9774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9774] write(3, "1000", 4) = 4 [pid 9774] close(3) = 0 [pid 9774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9774] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9774] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9774] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9775 attached => {parent_tid=[9775]}, 88) = 9775 [pid 9775] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9775] set_robust_list(0x7f0bd5e299a0, 24 [pid 9774] rt_sigprocmask(SIG_SETMASK, [], [pid 9775] <... set_robust_list resumed>) = 0 [pid 9775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9775] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9774] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9775] <... futex resumed>) = 0 [pid 9774] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9775] memfd_create("syzkaller", 0) = 3 [pid 9775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9775] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9775] close(3) = 0 [pid 9775] mkdir("./file0", 0777) = 0 [ 257.374134][ T9775] loop0: detected capacity change from 0 to 32768 [ 257.388202][ T9775] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9775) [ 257.403179][ T9775] _btrfs_printk: 14 callbacks suppressed [ 257.403213][ T9775] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 257.418187][ T9775] BTRFS info (device loop0): force clearing of disk cache [ 257.425366][ T9775] BTRFS info (device loop0): setting nodatasum [ 257.431534][ T9775] BTRFS info (device loop0): allowing degraded mounts [ 257.438430][ T9775] BTRFS info (device loop0): enabling disk space caching [ 257.445550][ T9775] BTRFS info (device loop0): disk space caching is enabled [ 257.464416][ T9775] BTRFS info (device loop0): enabling ssd optimizations [ 257.471395][ T9775] BTRFS info (device loop0): auto enabling async discard [ 257.479596][ T9775] BTRFS info (device loop0): rebuilding free space tree [ 257.490797][ T9775] BTRFS info (device loop0): disabling free space tree [ 257.497816][ T9775] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 257.507511][ T9775] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9775] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9775] chdir("./file0") = 0 [pid 9775] ioctl(4, LOOP_CLR_FD) = 0 [pid 9775] close(4) = 0 [pid 9775] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9774] <... futex resumed>) = 0 [ 257.520319][ T9775] BTRFS info (device loop0): checking UUID tree [pid 9774] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9775] open("./file0", O_RDONLY) = 4 [pid 9774] <... futex resumed>) = 0 [pid 9774] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9775] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9775] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9774] <... futex resumed>) = 0 [pid 9774] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9775] <... futex resumed>) = 0 [pid 9775] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9774] <... futex resumed>) = 1 [pid 9775] <... ioctl resumed>) = 0 [pid 9774] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9775] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9774] <... futex resumed>) = 0 [pid 9774] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9775] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9774] <... futex resumed>) = 0 [pid 9774] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9774] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9774] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9793 attached [pid 9793] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9774] <... clone3 resumed> => {parent_tid=[9793]}, 88) = 9793 [pid 9793] <... rseq resumed>) = 0 [pid 9774] rt_sigprocmask(SIG_SETMASK, [], [pid 9793] set_robust_list(0x7f0bd5e089a0, 24 [pid 9774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9793] <... set_robust_list resumed>) = 0 [pid 9793] rt_sigprocmask(SIG_SETMASK, [], [pid 9774] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9774] <... futex resumed>) = 0 [pid 9793] open(".", O_RDONLY) = 5 [ 257.614270][ T9775] BTRFS info (device loop0): balance: start -d -m [ 257.624016][ T9775] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 257.653161][ T9775] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9774] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9793] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9774] <... futex resumed>) = 0 [pid 9774] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9793] <... futex resumed>) = 1 [pid 9774] <... futex resumed>) = 0 [pid 9774] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9793] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 9793] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9793] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9774] <... futex resumed>) = 0 [ 257.690534][ T9775] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 257.725765][ T9775] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9775] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9775] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9774] exit_group(0 [pid 9775] <... futex resumed>) = 0 [pid 9793] <... futex resumed>) = ? [pid 9774] <... exit_group resumed>) = ? [pid 9793] +++ exited with 0 +++ [pid 9775] +++ exited with 0 +++ [pid 9774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9774, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./235", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./235/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 257.743304][ T9775] BTRFS info (device loop0): balance: ended with status: 0 unlink("./235/binderfs") = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9794 attached , child_tidptr=0x5555570ad690) = 9794 [pid 9794] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9794] chdir("./236") = 0 [pid 9794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9794] setpgid(0, 0) = 0 [pid 9794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9794] write(3, "1000", 4) = 4 [pid 9794] close(3) = 0 [pid 9794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9794] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9794] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9794] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9795 attached [pid 9795] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9794] <... clone3 resumed> => {parent_tid=[9795]}, 88) = 9795 [pid 9795] <... rseq resumed>) = 0 [pid 9794] rt_sigprocmask(SIG_SETMASK, [], [pid 9795] set_robust_list(0x7f0bd5e299a0, 24 [pid 9794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9795] <... set_robust_list resumed>) = 0 [pid 9795] rt_sigprocmask(SIG_SETMASK, [], [pid 9794] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9794] <... futex resumed>) = 0 [pid 9795] memfd_create("syzkaller", 0 [pid 9794] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9795] <... memfd_create resumed>) = 3 [pid 9795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9795] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9795] close(3) = 0 [pid 9795] mkdir("./file0", 0777) = 0 [ 258.230386][ T9795] loop0: detected capacity change from 0 to 32768 [ 258.239924][ T9795] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9795) [ 258.255377][ T9795] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 258.264678][ T9795] BTRFS info (device loop0): force clearing of disk cache [ 258.271779][ T9795] BTRFS info (device loop0): setting nodatasum [ 258.277989][ T9795] BTRFS info (device loop0): allowing degraded mounts [ 258.284811][ T9795] BTRFS info (device loop0): enabling disk space caching [ 258.291826][ T9795] BTRFS info (device loop0): disk space caching is enabled [ 258.311189][ T9795] BTRFS info (device loop0): enabling ssd optimizations [ 258.318210][ T9795] BTRFS info (device loop0): auto enabling async discard [pid 9795] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9795] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9795] chdir("./file0") = 0 [pid 9795] ioctl(4, LOOP_CLR_FD) = 0 [pid 9795] close(4) = 0 [ 258.326695][ T9795] BTRFS info (device loop0): rebuilding free space tree [ 258.337473][ T9795] BTRFS info (device loop0): disabling free space tree [ 258.344688][ T9795] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 258.354740][ T9795] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 258.367559][ T9795] BTRFS info (device loop0): checking UUID tree [pid 9795] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9795] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9794] <... futex resumed>) = 0 [pid 9795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9794] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9795] open("./file0", O_RDONLY [pid 9794] <... futex resumed>) = 0 [pid 9795] <... open resumed>) = 4 [pid 9794] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9795] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9794] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9795] <... futex resumed>) = 0 [pid 9795] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9794] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9795] <... futex resumed>) = 0 [pid 9794] <... futex resumed>) = 1 [pid 9795] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9794] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9795] <... ioctl resumed>) = 0 [pid 9795] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9794] <... futex resumed>) = 0 [pid 9795] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9794] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9794] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9794] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9794] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9813]}, 88) = 9813 ./strace-static-x86_64: Process 9813 attached [pid 9813] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9794] rt_sigprocmask(SIG_SETMASK, [], [pid 9813] <... rseq resumed>) = 0 [pid 9813] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9794] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9794] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9813] open(".", O_RDONLY) = 5 [pid 9813] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9794] <... futex resumed>) = 0 [pid 9813] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9794] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9813] <... futex resumed>) = 0 [pid 9794] <... futex resumed>) = 1 [pid 9813] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 258.443456][ T9795] BTRFS info (device loop0): balance: start -d -m [ 258.452618][ T9795] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 258.479381][ T9795] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9794] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9813] <... ioctl resumed>) = 0 [pid 9813] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9794] <... futex resumed>) = 0 [pid 9813] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9795] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9795] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9795] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9794] exit_group(0 [pid 9813] <... futex resumed>) = ? [pid 9813] +++ exited with 0 +++ [pid 9795] <... futex resumed>) = ? [pid 9794] <... exit_group resumed>) = ? [pid 9795] +++ exited with 0 +++ [pid 9794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9794, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- umount2("./236", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 258.559385][ T9795] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 258.579683][ T9795] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 258.598085][ T9795] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./236/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./236/binderfs") = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./236/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./236") = 0 mkdir("./237", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9814 attached , child_tidptr=0x5555570ad690) = 9814 [pid 9814] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9814] chdir("./237") = 0 [pid 9814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9814] setpgid(0, 0) = 0 [pid 9814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9814] write(3, "1000", 4) = 4 [pid 9814] close(3) = 0 [pid 9814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9814] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9814] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9814] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9815 attached [pid 9815] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9815] set_robust_list(0x7f0bd5e299a0, 24 [pid 9814] <... clone3 resumed> => {parent_tid=[9815]}, 88) = 9815 [pid 9815] <... set_robust_list resumed>) = 0 [pid 9815] rt_sigprocmask(SIG_SETMASK, [], [pid 9814] rt_sigprocmask(SIG_SETMASK, [], [pid 9815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9815] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9814] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9814] <... futex resumed>) = 0 [pid 9815] memfd_create("syzkaller", 0 [pid 9814] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9815] <... memfd_create resumed>) = 3 [pid 9815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9815] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9815] close(3) = 0 [pid 9815] mkdir("./file0", 0777) = 0 [ 259.092432][ T9815] loop0: detected capacity change from 0 to 32768 [ 259.101986][ T9815] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9815) [ 259.118248][ T9815] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 259.127627][ T9815] BTRFS info (device loop0): force clearing of disk cache [ 259.134814][ T9815] BTRFS info (device loop0): setting nodatasum [ 259.140985][ T9815] BTRFS info (device loop0): allowing degraded mounts [ 259.147867][ T9815] BTRFS info (device loop0): enabling disk space caching [ 259.155127][ T9815] BTRFS info (device loop0): disk space caching is enabled [ 259.174499][ T9815] BTRFS info (device loop0): enabling ssd optimizations [ 259.181469][ T9815] BTRFS info (device loop0): auto enabling async discard [pid 9815] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9815] chdir("./file0") = 0 [pid 9815] ioctl(4, LOOP_CLR_FD) = 0 [pid 9815] close(4) = 0 [pid 9815] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9814] <... futex resumed>) = 0 [pid 9815] open("./file0", O_RDONLY [pid 9814] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9815] <... open resumed>) = 4 [pid 9814] <... futex resumed>) = 0 [pid 9814] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9815] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9815] <... futex resumed>) = 0 [pid 9814] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9815] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9814] <... futex resumed>) = 0 [pid 9815] <... ioctl resumed>) = 0 [pid 9814] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9815] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9814] <... futex resumed>) = 0 [pid 9815] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9814] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 259.189391][ T9815] BTRFS info (device loop0): rebuilding free space tree [ 259.200513][ T9815] BTRFS info (device loop0): disabling free space tree [ 259.207512][ T9815] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 259.217214][ T9815] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 259.230124][ T9815] BTRFS info (device loop0): checking UUID tree [pid 9814] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9814] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 9814] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9814] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9833]}, 88) = 9833 [pid 9814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9814] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9814] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9833 attached [pid 9833] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9833] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9833] open(".", O_RDONLY) = 5 [pid 9833] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9814] <... futex resumed>) = 0 [pid 9814] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9814] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9833] <... futex resumed>) = 1 [ 259.264738][ T9815] BTRFS info (device loop0): balance: start -d -m [ 259.273413][ T9815] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 259.293443][ T9815] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9833] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 9833] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9814] <... futex resumed>) = 0 [ 259.356801][ T9815] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 259.395027][ T9815] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9833] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9815] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9815] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9815] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9814] exit_group(0 [pid 9833] <... futex resumed>) = ? [pid 9815] <... futex resumed>) = ? [pid 9814] <... exit_group resumed>) = ? [pid 9833] +++ exited with 0 +++ [pid 9815] +++ exited with 0 +++ [pid 9814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9814, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./237", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 259.418250][ T9815] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./237/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./237/binderfs") = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./237/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9834 attached [pid 9834] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9834] chdir("./238") = 0 [pid 9834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9834 [pid 9834] setpgid(0, 0) = 0 [pid 9834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9834] write(3, "1000", 4) = 4 [pid 9834] close(3) = 0 [pid 9834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9834] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9834] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9834] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9835 attached [pid 9835] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9834] <... clone3 resumed> => {parent_tid=[9835]}, 88) = 9835 [pid 9835] <... rseq resumed>) = 0 [pid 9834] rt_sigprocmask(SIG_SETMASK, [], [pid 9835] set_robust_list(0x7f0bd5e299a0, 24 [pid 9834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9835] <... set_robust_list resumed>) = 0 [pid 9834] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9835] rt_sigprocmask(SIG_SETMASK, [], [pid 9834] <... futex resumed>) = 0 [pid 9835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9835] memfd_create("syzkaller", 0 [pid 9834] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9835] <... memfd_create resumed>) = 3 [pid 9835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9835] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9835] close(3) = 0 [pid 9835] mkdir("./file0", 0777) = 0 [ 259.935381][ T9835] loop0: detected capacity change from 0 to 32768 [ 259.955803][ T9835] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9835) [ 259.971786][ T9835] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 259.981151][ T9835] BTRFS info (device loop0): force clearing of disk cache [ 259.988325][ T9835] BTRFS info (device loop0): setting nodatasum [ 259.994767][ T9835] BTRFS info (device loop0): allowing degraded mounts [ 260.001683][ T9835] BTRFS info (device loop0): enabling disk space caching [ 260.008798][ T9835] BTRFS info (device loop0): disk space caching is enabled [ 260.028069][ T9835] BTRFS info (device loop0): enabling ssd optimizations [ 260.035122][ T9835] BTRFS info (device loop0): auto enabling async discard [ 260.042986][ T9835] BTRFS info (device loop0): rebuilding free space tree [ 260.054303][ T9835] BTRFS info (device loop0): disabling free space tree [ 260.061320][ T9835] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 260.071868][ T9835] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9835] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9835] chdir("./file0") = 0 [pid 9835] ioctl(4, LOOP_CLR_FD) = 0 [pid 9835] close(4) = 0 [pid 9835] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9835] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9834] <... futex resumed>) = 0 [pid 9834] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9835] <... futex resumed>) = 0 [pid 9834] <... futex resumed>) = 1 [pid 9835] open("./file0", O_RDONLY [pid 9834] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9835] <... open resumed>) = 4 [ 260.085155][ T9835] BTRFS info (device loop0): checking UUID tree [pid 9835] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9834] <... futex resumed>) = 0 [pid 9835] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9834] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9834] <... futex resumed>) = 0 [pid 9834] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9835] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9835] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9834] <... futex resumed>) = 0 [pid 9835] <... futex resumed>) = 1 [pid 9834] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9835] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9834] <... futex resumed>) = 0 [pid 9834] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9834] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9834] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9853]}, 88) = 9853 [pid 9834] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 9853 attached NULL, 8) = 0 [pid 9834] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9853] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9853] set_robust_list(0x7f0bd5e089a0, 24 [pid 9834] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9853] <... set_robust_list resumed>) = 0 [pid 9853] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9853] open(".", O_RDONLY) = 5 [pid 9853] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9834] <... futex resumed>) = 0 [pid 9853] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9834] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 260.164521][ T9835] BTRFS info (device loop0): balance: start -d -m [ 260.174729][ T9835] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 260.198786][ T9835] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9834] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9853] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 9853] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9853] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9834] <... futex resumed>) = 0 [ 260.248196][ T9835] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 260.283761][ T9835] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9835] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9835] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9834] exit_group(0 [pid 9853] <... futex resumed>) = ? [pid 9834] <... exit_group resumed>) = ? [pid 9853] +++ exited with 0 +++ [pid 9835] <... futex resumed>) = ? [pid 9835] +++ exited with 0 +++ [pid 9834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9834, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./238", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 260.301404][ T9835] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./238/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./238/binderfs") = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9854 attached , child_tidptr=0x5555570ad690) = 9854 [pid 9854] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9854] chdir("./239") = 0 [pid 9854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9854] setpgid(0, 0) = 0 [pid 9854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9854] write(3, "1000", 4) = 4 [pid 9854] close(3) = 0 [pid 9854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9854] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9854] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9854] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9855 attached [pid 9855] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9854] <... clone3 resumed> => {parent_tid=[9855]}, 88) = 9855 [pid 9855] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9854] rt_sigprocmask(SIG_SETMASK, [], [pid 9855] rt_sigprocmask(SIG_SETMASK, [], [pid 9854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9854] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9855] memfd_create("syzkaller", 0 [pid 9854] <... futex resumed>) = 0 [pid 9854] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9855] <... memfd_create resumed>) = 3 [pid 9855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9855] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9855] close(3) = 0 [pid 9855] mkdir("./file0", 0777) = 0 [ 260.893560][ T9855] loop0: detected capacity change from 0 to 32768 [ 260.907323][ T9855] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9855) [ 260.922322][ T9855] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 260.931719][ T9855] BTRFS info (device loop0): force clearing of disk cache [ 260.938952][ T9855] BTRFS info (device loop0): setting nodatasum [ 260.945172][ T9855] BTRFS info (device loop0): allowing degraded mounts [ 260.951957][ T9855] BTRFS info (device loop0): enabling disk space caching [ 260.959049][ T9855] BTRFS info (device loop0): disk space caching is enabled [ 260.978648][ T9855] BTRFS info (device loop0): enabling ssd optimizations [ 260.985661][ T9855] BTRFS info (device loop0): auto enabling async discard [pid 9855] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9855] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9855] chdir("./file0") = 0 [pid 9855] ioctl(4, LOOP_CLR_FD) = 0 [pid 9855] close(4) = 0 [pid 9855] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9854] <... futex resumed>) = 0 [pid 9854] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9854] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 260.993552][ T9855] BTRFS info (device loop0): rebuilding free space tree [ 261.005146][ T9855] BTRFS info (device loop0): disabling free space tree [ 261.012097][ T9855] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 261.021801][ T9855] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 261.034574][ T9855] BTRFS info (device loop0): checking UUID tree [pid 9855] open("./file0", O_RDONLY) = 4 [pid 9855] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9855] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9854] <... futex resumed>) = 0 [pid 9854] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9855] <... futex resumed>) = 0 [pid 9854] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9855] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9855] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9854] <... futex resumed>) = 0 [pid 9854] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9855] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9854] <... futex resumed>) = 0 [pid 9854] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9854] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9854] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9873]}, 88) = 9873 [pid 9854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9854] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9854] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9873 attached [pid 9873] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9873] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9873] open(".", O_RDONLY) = 5 [pid 9873] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9854] <... futex resumed>) = 0 [pid 9873] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9854] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9854] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9873] <... futex resumed>) = 0 [ 261.087538][ T9855] BTRFS info (device loop0): balance: start -d -m [ 261.097778][ T9855] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 261.118533][ T9855] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9873] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9854] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 9873] <... ioctl resumed>) = 0 [pid 9873] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 261.181279][ T9855] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 261.217228][ T9855] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9873] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9855] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9855] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9855] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9854] exit_group(0 [pid 9873] <... futex resumed>) = ? [pid 9855] <... futex resumed>) = ? [pid 9854] <... exit_group resumed>) = ? [pid 9873] +++ exited with 0 +++ [pid 9855] +++ exited with 0 +++ [pid 9854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9854, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- umount2("./239", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./239/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 261.234797][ T9855] BTRFS info (device loop0): balance: ended with status: 0 unlink("./239/binderfs") = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ad690) = 9874 ./strace-static-x86_64: Process 9874 attached [pid 9874] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9874] chdir("./240") = 0 [pid 9874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9874] setpgid(0, 0) = 0 [pid 9874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9874] write(3, "1000", 4) = 4 [pid 9874] close(3) = 0 [pid 9874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9874] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9874] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9874] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9875 attached [pid 9875] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9874] <... clone3 resumed> => {parent_tid=[9875]}, 88) = 9875 [pid 9875] <... rseq resumed>) = 0 [pid 9874] rt_sigprocmask(SIG_SETMASK, [], [pid 9875] set_robust_list(0x7f0bd5e299a0, 24 [pid 9874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9875] <... set_robust_list resumed>) = 0 [pid 9874] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9875] rt_sigprocmask(SIG_SETMASK, [], [pid 9874] <... futex resumed>) = 0 [pid 9875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9874] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9875] memfd_create("syzkaller", 0) = 3 [pid 9875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9875] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9875] close(3) = 0 [pid 9875] mkdir("./file0", 0777) = 0 [ 261.762007][ T9875] loop0: detected capacity change from 0 to 32768 [ 261.792962][ T9875] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9875) [pid 9875] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9875] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9875] chdir("./file0") = 0 [pid 9875] ioctl(4, LOOP_CLR_FD) = 0 [pid 9875] close(4) = 0 [pid 9875] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9874] <... futex resumed>) = 0 [pid 9874] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9875] open("./file0", O_RDONLY [pid 9874] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9875] <... open resumed>) = 4 [pid 9875] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9875] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9874] <... futex resumed>) = 0 [pid 9874] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 261.809132][ T9875] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 261.818443][ T9875] BTRFS info (device loop0): force clearing of disk cache [ 261.825634][ T9875] BTRFS info (device loop0): setting nodatasum [ 261.831877][ T9875] BTRFS info (device loop0): allowing degraded mounts [ 261.838718][ T9875] BTRFS info (device loop0): enabling disk space caching [pid 9874] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9875] <... futex resumed>) = 0 [pid 9875] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9875] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9875] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9874] <... futex resumed>) = 0 [pid 9874] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9875] <... futex resumed>) = 0 [pid 9874] <... futex resumed>) = 1 [pid 9875] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9874] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9874] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9874] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9893]}, 88) = 9893 [pid 9874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9874] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9874] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9893 attached [pid 9893] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9893] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9893] open(".", O_RDONLY) = 5 [pid 9893] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9874] <... futex resumed>) = 0 [pid 9893] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9874] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9893] <... futex resumed>) = 0 [pid 9874] <... futex resumed>) = 1 [pid 9893] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9874] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9893] <... ioctl resumed>) = 0 [pid 9893] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9874] <... futex resumed>) = 0 [pid 9893] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9875] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9875] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9875] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9874] exit_group(0 [pid 9893] <... futex resumed>) = ? [pid 9874] <... exit_group resumed>) = ? [pid 9893] +++ exited with 0 +++ [pid 9875] <... futex resumed>) = ? [pid 9875] +++ exited with 0 +++ [pid 9874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9874, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./240", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./240/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./240/binderfs") = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9894 attached [pid 9894] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9894] chdir("./241") = 0 [pid 9894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9894 [pid 9894] <... prctl resumed>) = 0 [pid 9894] setpgid(0, 0) = 0 [pid 9894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9894] write(3, "1000", 4) = 4 [pid 9894] close(3) = 0 [pid 9894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9894] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9894] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9894] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9894] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9895 attached [pid 9895] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9894] <... clone3 resumed> => {parent_tid=[9895]}, 88) = 9895 [pid 9895] <... rseq resumed>) = 0 [pid 9894] rt_sigprocmask(SIG_SETMASK, [], [pid 9895] set_robust_list(0x7f0bd5e299a0, 24 [pid 9894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9895] <... set_robust_list resumed>) = 0 [pid 9895] rt_sigprocmask(SIG_SETMASK, [], [pid 9894] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9894] <... futex resumed>) = 0 [pid 9895] memfd_create("syzkaller", 0 [pid 9894] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9895] <... memfd_create resumed>) = 3 [pid 9895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9895] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9895] close(3) = 0 [pid 9895] mkdir("./file0", 0777) = 0 [ 262.573645][ T9895] loop0: detected capacity change from 0 to 32768 [ 262.593650][ T9895] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9895) [ 262.609280][ T9895] _btrfs_printk: 14 callbacks suppressed [ 262.609296][ T9895] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 262.624262][ T9895] BTRFS info (device loop0): force clearing of disk cache [ 262.631364][ T9895] BTRFS info (device loop0): setting nodatasum [ 262.637633][ T9895] BTRFS info (device loop0): allowing degraded mounts [ 262.644502][ T9895] BTRFS info (device loop0): enabling disk space caching [ 262.651528][ T9895] BTRFS info (device loop0): disk space caching is enabled [ 262.670659][ T9895] BTRFS info (device loop0): enabling ssd optimizations [ 262.677689][ T9895] BTRFS info (device loop0): auto enabling async discard [ 262.685689][ T9895] BTRFS info (device loop0): rebuilding free space tree [ 262.697161][ T9895] BTRFS info (device loop0): disabling free space tree [ 262.704140][ T9895] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 262.713787][ T9895] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9895] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9895] chdir("./file0") = 0 [pid 9895] ioctl(4, LOOP_CLR_FD) = 0 [pid 9895] close(4) = 0 [pid 9895] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9894] <... futex resumed>) = 0 [pid 9895] <... futex resumed>) = 1 [pid 9894] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9895] open("./file0", O_RDONLY [pid 9894] <... futex resumed>) = 0 [pid 9895] <... open resumed>) = 4 [pid 9894] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9895] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9894] <... futex resumed>) = 0 [pid 9895] <... futex resumed>) = 1 [pid 9894] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9895] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9894] <... futex resumed>) = 0 [pid 9895] <... ioctl resumed>) = 0 [pid 9894] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9895] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9894] <... futex resumed>) = 0 [pid 9894] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9894] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 262.727395][ T9895] BTRFS info (device loop0): checking UUID tree [pid 9895] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9894] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 9894] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9894] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9913]}, 88) = 9913 [pid 9894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9894] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9894] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9913 attached [ 262.790948][ T9895] BTRFS info (device loop0): balance: start -d -m [ 262.799309][ T9895] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 262.826982][ T9895] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9913] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9913] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9913] open(".", O_RDONLY) = 5 [pid 9913] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9894] <... futex resumed>) = 0 [pid 9913] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9894] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9894] <... futex resumed>) = 0 [pid 9913] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9894] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9913] <... ioctl resumed>) = 0 [pid 9913] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9894] <... futex resumed>) = 0 [pid 9913] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9895] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9895] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9895] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9894] exit_group(0 [pid 9913] <... futex resumed>) = ? [pid 9895] <... futex resumed>) = ? [pid 9894] <... exit_group resumed>) = ? [pid 9913] +++ exited with 0 +++ [pid 9895] +++ exited with 0 +++ [pid 9894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9894, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- umount2("./241", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 262.895979][ T9895] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 262.919819][ T9895] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 262.937108][ T9895] BTRFS info (device loop0): balance: ended with status: 0 umount2("./241/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./241/binderfs") = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9914 attached , child_tidptr=0x5555570ad690) = 9914 [pid 9914] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9914] chdir("./242") = 0 [pid 9914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9914] setpgid(0, 0) = 0 [pid 9914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9914] write(3, "1000", 4) = 4 [pid 9914] close(3) = 0 [pid 9914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9914] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9914] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9914] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9915 attached [pid 9915] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9914] <... clone3 resumed> => {parent_tid=[9915]}, 88) = 9915 [pid 9914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9914] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9914] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9915] <... rseq resumed>) = 0 [pid 9915] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 9915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9915] memfd_create("syzkaller", 0) = 3 [pid 9915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9915] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9915] close(3) = 0 [pid 9915] mkdir("./file0", 0777) = 0 [ 263.482226][ T9915] loop0: detected capacity change from 0 to 32768 [ 263.497239][ T9915] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9915) [ 263.512085][ T9915] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 263.521380][ T9915] BTRFS info (device loop0): force clearing of disk cache [ 263.528577][ T9915] BTRFS info (device loop0): setting nodatasum [ 263.534788][ T9915] BTRFS info (device loop0): allowing degraded mounts [ 263.541581][ T9915] BTRFS info (device loop0): enabling disk space caching [ 263.548702][ T9915] BTRFS info (device loop0): disk space caching is enabled [ 263.570839][ T9915] BTRFS info (device loop0): enabling ssd optimizations [pid 9915] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [ 263.577970][ T9915] BTRFS info (device loop0): auto enabling async discard [ 263.586085][ T9915] BTRFS info (device loop0): rebuilding free space tree [ 263.597390][ T9915] BTRFS info (device loop0): disabling free space tree [ 263.604460][ T9915] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 263.614167][ T9915] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 263.626700][ T9915] BTRFS info (device loop0): checking UUID tree [pid 9915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9915] chdir("./file0") = 0 [pid 9915] ioctl(4, LOOP_CLR_FD) = 0 [pid 9915] close(4) = 0 [pid 9915] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9914] <... futex resumed>) = 0 [pid 9915] <... futex resumed>) = 1 [pid 9914] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9915] open("./file0", O_RDONLY [pid 9914] <... futex resumed>) = 0 [pid 9915] <... open resumed>) = 4 [pid 9914] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9915] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9914] <... futex resumed>) = 0 [pid 9915] <... futex resumed>) = 1 [pid 9914] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9915] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9914] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9915] <... ioctl resumed>) = 0 [pid 9915] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9914] <... futex resumed>) = 0 [pid 9915] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9914] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9914] <... futex resumed>) = 0 [pid 9915] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9914] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9914] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9914] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9933 attached => {parent_tid=[9933]}, 88) = 9933 [pid 9933] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9914] rt_sigprocmask(SIG_SETMASK, [], [pid 9933] <... rseq resumed>) = 0 [pid 9914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9933] set_robust_list(0x7f0bd5e089a0, 24 [pid 9914] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9933] <... set_robust_list resumed>) = 0 [pid 9914] <... futex resumed>) = 0 [pid 9933] rt_sigprocmask(SIG_SETMASK, [], [pid 9914] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9933] open(".", O_RDONLY) = 5 [pid 9933] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9914] <... futex resumed>) = 0 [pid 9933] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9914] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9914] <... futex resumed>) = 0 [pid 9933] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 263.710849][ T9915] BTRFS info (device loop0): balance: start -d -m [ 263.721026][ T9915] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 263.742186][ T9915] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9914] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9933] <... ioctl resumed>) = 0 [pid 9933] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9914] <... futex resumed>) = 0 [pid 9933] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9915] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9915] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9915] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9914] exit_group(0 [pid 9933] <... futex resumed>) = ? [pid 9933] +++ exited with 0 +++ [pid 9915] <... futex resumed>) = ? [pid 9914] <... exit_group resumed>) = ? [pid 9915] +++ exited with 0 +++ [pid 9914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9914, si_uid=0, si_status=0, si_utime=0, si_stime=36 /* 0.36 s */} --- umount2("./242", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 263.809180][ T9915] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 263.831662][ T9915] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 263.849143][ T9915] BTRFS info (device loop0): balance: ended with status: 0 umount2("./242/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./242/binderfs") = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9934 attached [pid 9934] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9934] chdir("./243") = 0 [pid 9934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9934 [pid 9934] setpgid(0, 0) = 0 [pid 9934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9934] write(3, "1000", 4) = 4 [pid 9934] close(3) = 0 [pid 9934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9934] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9934] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9934] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9934] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9935 attached [pid 9935] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9934] <... clone3 resumed> => {parent_tid=[9935]}, 88) = 9935 [pid 9935] set_robust_list(0x7f0bd5e299a0, 24 [pid 9934] rt_sigprocmask(SIG_SETMASK, [], [pid 9935] <... set_robust_list resumed>) = 0 [pid 9935] rt_sigprocmask(SIG_SETMASK, [], [pid 9934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9934] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9935] memfd_create("syzkaller", 0 [pid 9934] <... futex resumed>) = 0 [pid 9934] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9935] <... memfd_create resumed>) = 3 [pid 9935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9935] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9935] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9935] close(3) = 0 [pid 9935] mkdir("./file0", 0777) = 0 [ 264.318819][ T9935] loop0: detected capacity change from 0 to 32768 [ 264.343069][ T9935] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9935) [ 264.358843][ T9935] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 264.368151][ T9935] BTRFS info (device loop0): force clearing of disk cache [ 264.375333][ T9935] BTRFS info (device loop0): setting nodatasum [ 264.381497][ T9935] BTRFS info (device loop0): allowing degraded mounts [ 264.388297][ T9935] BTRFS info (device loop0): enabling disk space caching [ 264.395401][ T9935] BTRFS info (device loop0): disk space caching is enabled [ 264.414807][ T9935] BTRFS info (device loop0): enabling ssd optimizations [ 264.421780][ T9935] BTRFS info (device loop0): auto enabling async discard [ 264.430142][ T9935] BTRFS info (device loop0): rebuilding free space tree [ 264.441205][ T9935] BTRFS info (device loop0): disabling free space tree [ 264.448193][ T9935] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 264.458241][ T9935] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9935] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9935] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9935] chdir("./file0") = 0 [pid 9935] ioctl(4, LOOP_CLR_FD) = 0 [pid 9935] close(4) = 0 [pid 9935] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9935] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9934] <... futex resumed>) = 0 [pid 9934] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9935] <... futex resumed>) = 0 [pid 9934] <... futex resumed>) = 1 [pid 9935] open("./file0", O_RDONLY [pid 9934] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9935] <... open resumed>) = 4 [pid 9935] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9935] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9934] <... futex resumed>) = 0 [ 264.470836][ T9935] BTRFS info (device loop0): checking UUID tree [pid 9934] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9935] <... futex resumed>) = 0 [pid 9934] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9935] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9935] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9935] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9934] <... futex resumed>) = 0 [pid 9934] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9935] <... futex resumed>) = 0 [pid 9934] <... futex resumed>) = 1 [pid 9935] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9934] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9934] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9934] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 9953 attached [ 264.561088][ T9935] BTRFS info (device loop0): balance: start -d -m [ 264.572209][ T9935] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 264.597404][ T9935] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata => {parent_tid=[9953]}, 88) = 9953 [pid 9953] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 9934] rt_sigprocmask(SIG_SETMASK, [], [pid 9953] <... rseq resumed>) = 0 [pid 9934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9934] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9953] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9953] open(".", O_RDONLY [pid 9934] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9953] <... open resumed>) = 5 [pid 9953] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9934] <... futex resumed>) = 0 [pid 9934] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9953] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9934] <... futex resumed>) = 0 [pid 9934] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9953] <... ioctl resumed>) = 0 [pid 9953] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9953] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9934] <... futex resumed>) = 0 [ 264.629972][ T9935] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 264.654310][ T9935] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 9935] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9935] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9934] exit_group(0 [pid 9935] <... futex resumed>) = ? [pid 9934] <... exit_group resumed>) = ? [pid 9953] <... futex resumed>) = ? [pid 9935] +++ exited with 0 +++ [pid 9953] +++ exited with 0 +++ [pid 9934] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9934, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./243", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./243/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./243/binderfs") = 0 [ 264.678289][ T9935] BTRFS info (device loop0): balance: ended with status: 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9954 attached , child_tidptr=0x5555570ad690) = 9954 [pid 9954] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9954] chdir("./244") = 0 [pid 9954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9954] setpgid(0, 0) = 0 [pid 9954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9954] write(3, "1000", 4) = 4 [pid 9954] close(3) = 0 [pid 9954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9954] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9954] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9954] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9954] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9955 attached => {parent_tid=[9955]}, 88) = 9955 [pid 9954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9955] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9954] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9955] set_robust_list(0x7f0bd5e299a0, 24 [pid 9954] <... futex resumed>) = 0 [pid 9955] <... set_robust_list resumed>) = 0 [pid 9954] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9955] memfd_create("syzkaller", 0) = 3 [pid 9955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9955] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9955] close(3) = 0 [pid 9955] mkdir("./file0", 0777) = 0 [ 265.173973][ T9955] loop0: detected capacity change from 0 to 32768 [ 265.188579][ T9955] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9955) [ 265.204537][ T9955] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 265.213801][ T9955] BTRFS info (device loop0): force clearing of disk cache [ 265.220977][ T9955] BTRFS info (device loop0): setting nodatasum [ 265.227201][ T9955] BTRFS info (device loop0): allowing degraded mounts [ 265.234015][ T9955] BTRFS info (device loop0): enabling disk space caching [ 265.241046][ T9955] BTRFS info (device loop0): disk space caching is enabled [ 265.260310][ T9955] BTRFS info (device loop0): enabling ssd optimizations [ 265.267329][ T9955] BTRFS info (device loop0): auto enabling async discard [pid 9955] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9955] chdir("./file0") = 0 [pid 9955] ioctl(4, LOOP_CLR_FD) = 0 [pid 9955] close(4) = 0 [pid 9955] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9954] <... futex resumed>) = 0 [pid 9954] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9955] open("./file0", O_RDONLY [pid 9954] <... futex resumed>) = 0 [pid 9955] <... open resumed>) = 4 [ 265.275393][ T9955] BTRFS info (device loop0): rebuilding free space tree [ 265.286409][ T9955] BTRFS info (device loop0): disabling free space tree [ 265.293328][ T9955] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 265.303147][ T9955] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 265.315998][ T9955] BTRFS info (device loop0): checking UUID tree [pid 9954] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9955] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9955] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9954] <... futex resumed>) = 0 [pid 9954] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9955] <... futex resumed>) = 0 [pid 9954] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9955] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9955] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9954] <... futex resumed>) = 0 [pid 9955] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9954] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9954] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9954] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9954] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9973]}, 88) = 9973 [pid 9954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9954] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9954] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 9973 attached [pid 9973] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9973] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9973] open(".", O_RDONLY) = 5 [pid 9973] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9954] <... futex resumed>) = 0 [pid 9973] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9954] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9954] <... futex resumed>) = 0 [pid 9973] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 265.378699][ T9955] BTRFS info (device loop0): balance: start -d -m [ 265.389668][ T9955] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 265.415770][ T9955] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9954] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9973] <... ioctl resumed>) = 0 [pid 9973] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9954] <... futex resumed>) = 0 [pid 9973] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9955] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9955] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9955] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9954] exit_group(0 [pid 9973] <... futex resumed>) = ? [pid 9973] +++ exited with 0 +++ [pid 9955] <... futex resumed>) = ? [pid 9954] <... exit_group resumed>) = ? [pid 9955] +++ exited with 0 +++ [pid 9954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9954, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- [ 265.489010][ T9955] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 265.509334][ T9955] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 265.527230][ T9955] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./244", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./244/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./244/binderfs") = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9974 attached , child_tidptr=0x5555570ad690) = 9974 [pid 9974] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9974] chdir("./245") = 0 [pid 9974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9974] setpgid(0, 0) = 0 [pid 9974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9974] write(3, "1000", 4) = 4 [pid 9974] close(3) = 0 [pid 9974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9974] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9974] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9974] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9974] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9975 attached [pid 9975] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 9974] <... clone3 resumed> => {parent_tid=[9975]}, 88) = 9975 [pid 9975] set_robust_list(0x7f0bd5e299a0, 24 [pid 9974] rt_sigprocmask(SIG_SETMASK, [], [pid 9975] <... set_robust_list resumed>) = 0 [pid 9974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9975] rt_sigprocmask(SIG_SETMASK, [], [pid 9974] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9974] <... futex resumed>) = 0 [pid 9975] memfd_create("syzkaller", 0 [pid 9974] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9975] <... memfd_create resumed>) = 3 [pid 9975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9975] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9975] close(3) = 0 [pid 9975] mkdir("./file0", 0777) = 0 [ 266.046134][ T9975] loop0: detected capacity change from 0 to 32768 [ 266.066266][ T9975] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9975) [ 266.082183][ T9975] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 266.091508][ T9975] BTRFS info (device loop0): force clearing of disk cache [ 266.098694][ T9975] BTRFS info (device loop0): setting nodatasum [ 266.104911][ T9975] BTRFS info (device loop0): allowing degraded mounts [ 266.111681][ T9975] BTRFS info (device loop0): enabling disk space caching [ 266.118762][ T9975] BTRFS info (device loop0): disk space caching is enabled [ 266.137887][ T9975] BTRFS info (device loop0): enabling ssd optimizations [ 266.144874][ T9975] BTRFS info (device loop0): auto enabling async discard [ 266.152745][ T9975] BTRFS info (device loop0): rebuilding free space tree [ 266.164156][ T9975] BTRFS info (device loop0): disabling free space tree [ 266.171120][ T9975] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 266.180846][ T9975] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 9975] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9975] chdir("./file0") = 0 [pid 9975] ioctl(4, LOOP_CLR_FD) = 0 [pid 9975] close(4) = 0 [pid 9975] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9974] <... futex resumed>) = 0 [pid 9974] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9975] open("./file0", O_RDONLY [ 266.193732][ T9975] BTRFS info (device loop0): checking UUID tree [pid 9974] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9975] <... open resumed>) = 4 [pid 9975] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9975] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9974] <... futex resumed>) = 0 [pid 9974] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9975] <... futex resumed>) = 0 [pid 9974] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9975] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 9975] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9975] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9974] <... futex resumed>) = 0 [pid 9974] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9975] <... futex resumed>) = 0 [pid 9975] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9974] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9974] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9974] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[9993]}, 88) = 9993 [pid 9974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9974] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 9993 attached [pid 9974] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9993] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9993] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 9993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 9993] open(".", O_RDONLY) = 5 [pid 9993] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9974] <... futex resumed>) = 0 [pid 9993] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9974] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9974] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 266.287787][ T9975] BTRFS info (device loop0): balance: start -d -m [ 266.297208][ T9975] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 266.323608][ T9975] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 9993] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [ 266.365695][ T9975] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 9993] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9974] <... futex resumed>) = 0 [pid 9993] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9975] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9975] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9975] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9974] exit_group(0 [pid 9993] <... futex resumed>) = ? [pid 9975] <... futex resumed>) = ? [pid 9974] <... exit_group resumed>) = ? [pid 9993] +++ exited with 0 +++ [pid 9975] +++ exited with 0 +++ [pid 9974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9974, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./245", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 266.406024][ T9975] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 266.423246][ T9975] BTRFS info (device loop0): balance: ended with status: 0 umount2("./245/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./245/binderfs") = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9994 attached [pid 9994] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 9994] chdir("./246") = 0 [pid 9994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 9994 [pid 9994] setpgid(0, 0) = 0 [pid 9994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9994] write(3, "1000", 4) = 4 [pid 9994] close(3) = 0 [pid 9994] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9994] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9994] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 9994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 9994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 9994] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 9995 attached [pid 9995] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 9994] <... clone3 resumed> => {parent_tid=[9995]}, 88) = 9995 [pid 9995] <... rseq resumed>) = 0 [pid 9994] rt_sigprocmask(SIG_SETMASK, [], [pid 9995] set_robust_list(0x7f0bd5e299a0, 24 [pid 9994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9995] <... set_robust_list resumed>) = 0 [pid 9994] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9995] rt_sigprocmask(SIG_SETMASK, [], [pid 9994] <... futex resumed>) = 0 [pid 9995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9994] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 9995] memfd_create("syzkaller", 0) = 3 [pid 9995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 9995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 9995] munmap(0x7f0bcda09000, 138412032) = 0 [pid 9995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9995] close(3) = 0 [pid 9995] mkdir("./file0", 0777) = 0 [ 266.871810][ T9995] loop0: detected capacity change from 0 to 32768 [ 266.881285][ T9995] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (9995) [ 266.897209][ T9995] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 266.906524][ T9995] BTRFS info (device loop0): force clearing of disk cache [ 266.913645][ T9995] BTRFS info (device loop0): setting nodatasum [pid 9995] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 9995] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9995] chdir("./file0") = 0 [ 266.919885][ T9995] BTRFS info (device loop0): allowing degraded mounts [ 266.926699][ T9995] BTRFS info (device loop0): enabling disk space caching [pid 9995] ioctl(4, LOOP_CLR_FD) = 0 [pid 9995] close(4) = 0 [pid 9995] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9995] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9994] <... futex resumed>) = 0 [pid 9994] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9995] <... futex resumed>) = 0 [pid 9994] <... futex resumed>) = 1 [pid 9995] open("./file0", O_RDONLY [pid 9994] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9995] <... open resumed>) = 4 [pid 9995] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9994] <... futex resumed>) = 0 [pid 9995] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9994] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9995] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 9994] <... futex resumed>) = 0 [pid 9995] <... ioctl resumed>) = 0 [pid 9994] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 9995] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9995] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9994] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 9995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9994] <... futex resumed>) = 0 [pid 9995] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 9994] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 9994] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 9994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 9994] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 9994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 9994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10013 attached [pid 10013] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 9994] <... clone3 resumed> => {parent_tid=[10013]}, 88) = 10013 [pid 10013] set_robust_list(0x7f0bd5e089a0, 24 [pid 9994] rt_sigprocmask(SIG_SETMASK, [], [pid 10013] <... set_robust_list resumed>) = 0 [pid 9994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10013] rt_sigprocmask(SIG_SETMASK, [], [pid 9994] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 9994] <... futex resumed>) = 0 [pid 10013] open(".", O_RDONLY [pid 9994] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10013] <... open resumed>) = 5 [pid 10013] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 9994] <... futex resumed>) = 0 [pid 10013] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9994] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 9994] <... futex resumed>) = 0 [pid 10013] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 9994] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10013] <... ioctl resumed>) = 0 [pid 10013] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9994] <... futex resumed>) = 0 [pid 10013] <... futex resumed>) = 1 [pid 10013] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 9995] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 9995] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 9994] exit_group(0 [pid 9995] <... futex resumed>) = 0 [pid 10013] <... futex resumed>) = ? [pid 9994] <... exit_group resumed>) = ? [pid 9995] +++ exited with 0 +++ [pid 10013] +++ exited with 0 +++ [pid 9994] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9994, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./246", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./246/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./246/binderfs") = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10014 attached , child_tidptr=0x5555570ad690) = 10014 [pid 10014] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10014] chdir("./247") = 0 [pid 10014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10014] setpgid(0, 0) = 0 [pid 10014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10014] write(3, "1000", 4) = 4 [pid 10014] close(3) = 0 [pid 10014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10014] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10014] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10014] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10014] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10015 attached [pid 10015] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10014] <... clone3 resumed> => {parent_tid=[10015]}, 88) = 10015 [pid 10015] set_robust_list(0x7f0bd5e299a0, 24 [pid 10014] rt_sigprocmask(SIG_SETMASK, [], [pid 10015] <... set_robust_list resumed>) = 0 [pid 10014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10015] rt_sigprocmask(SIG_SETMASK, [], [pid 10014] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10014] <... futex resumed>) = 0 [pid 10015] memfd_create("syzkaller", 0 [pid 10014] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10015] <... memfd_create resumed>) = 3 [pid 10015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10015] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10015] close(3) = 0 [pid 10015] mkdir("./file0", 0777) = 0 [ 267.670881][T10015] loop0: detected capacity change from 0 to 32768 [ 267.684797][T10015] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10015) [ 267.700954][T10015] _btrfs_printk: 14 callbacks suppressed [ 267.700969][T10015] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 267.716144][T10015] BTRFS info (device loop0): force clearing of disk cache [ 267.723273][T10015] BTRFS info (device loop0): setting nodatasum [ 267.729483][T10015] BTRFS info (device loop0): allowing degraded mounts [ 267.736300][T10015] BTRFS info (device loop0): enabling disk space caching [ 267.743312][T10015] BTRFS info (device loop0): disk space caching is enabled [ 267.762340][T10015] BTRFS info (device loop0): enabling ssd optimizations [ 267.769354][T10015] BTRFS info (device loop0): auto enabling async discard [ 267.777535][T10015] BTRFS info (device loop0): rebuilding free space tree [ 267.788388][T10015] BTRFS info (device loop0): disabling free space tree [ 267.795425][T10015] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 267.805127][T10015] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10015] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10015] chdir("./file0") = 0 [pid 10015] ioctl(4, LOOP_CLR_FD) = 0 [pid 10015] close(4) = 0 [pid 10015] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10014] <... futex resumed>) = 0 [pid 10015] <... futex resumed>) = 1 [pid 10014] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10015] open("./file0", O_RDONLY [ 267.818264][T10015] BTRFS info (device loop0): checking UUID tree [pid 10014] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10015] <... open resumed>) = 4 [pid 10015] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10014] <... futex resumed>) = 0 [pid 10014] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10015] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10014] <... futex resumed>) = 0 [pid 10014] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10015] <... ioctl resumed>) = 0 [pid 10015] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10014] <... futex resumed>) = 0 [pid 10015] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10014] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10014] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10014] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10014] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10033 attached [pid 10033] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10033] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10014] <... clone3 resumed> => {parent_tid=[10033]}, 88) = 10033 [pid 10033] rt_sigprocmask(SIG_SETMASK, [], [pid 10014] rt_sigprocmask(SIG_SETMASK, [], [pid 10033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10033] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10014] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10014] <... futex resumed>) = 0 [pid 10033] open(".", O_RDONLY [pid 10014] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10033] <... open resumed>) = 5 [ 267.893406][T10015] BTRFS info (device loop0): balance: start -d -m [ 267.902903][T10015] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 267.930956][T10015] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10033] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10014] <... futex resumed>) = 0 [pid 10014] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10033] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10014] <... futex resumed>) = 0 [pid 10014] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10033] <... ioctl resumed>) = 0 [pid 10033] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10014] <... futex resumed>) = 0 [pid 10033] <... futex resumed>) = 1 [pid 10033] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10015] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10015] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 267.967022][T10015] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 268.005371][T10015] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10015] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10014] exit_group(0) = ? [pid 10033] <... futex resumed>) = ? [pid 10015] <... futex resumed>) = ? [pid 10033] +++ exited with 0 +++ [pid 10015] +++ exited with 0 +++ [pid 10014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10014, si_uid=0, si_status=0, si_utime=0, si_stime=36 /* 0.36 s */} --- umount2("./247", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 268.022176][T10015] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./247/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./247/binderfs") = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./247/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10034 attached , child_tidptr=0x5555570ad690) = 10034 [pid 10034] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10034] chdir("./248") = 0 [pid 10034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10034] setpgid(0, 0) = 0 [pid 10034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10034] write(3, "1000", 4) = 4 [pid 10034] close(3) = 0 [pid 10034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10034] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10034] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10034] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10035 attached [pid 10035] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10034] <... clone3 resumed> => {parent_tid=[10035]}, 88) = 10035 [pid 10035] <... rseq resumed>) = 0 [pid 10034] rt_sigprocmask(SIG_SETMASK, [], [pid 10035] set_robust_list(0x7f0bd5e299a0, 24 [pid 10034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10035] <... set_robust_list resumed>) = 0 [pid 10035] rt_sigprocmask(SIG_SETMASK, [], [pid 10034] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10034] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10035] memfd_create("syzkaller", 0) = 3 [pid 10035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10035] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10035] close(3) = 0 [pid 10035] mkdir("./file0", 0777) = 0 [ 268.575704][T10035] loop0: detected capacity change from 0 to 32768 [ 268.585685][T10035] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10035) [ 268.600799][T10035] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 268.610335][T10035] BTRFS info (device loop0): force clearing of disk cache [ 268.617525][T10035] BTRFS info (device loop0): setting nodatasum [ 268.623686][T10035] BTRFS info (device loop0): allowing degraded mounts [ 268.630496][T10035] BTRFS info (device loop0): enabling disk space caching [ 268.637594][T10035] BTRFS info (device loop0): disk space caching is enabled [ 268.656517][T10035] BTRFS info (device loop0): enabling ssd optimizations [ 268.663493][T10035] BTRFS info (device loop0): auto enabling async discard [pid 10035] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10035] chdir("./file0") = 0 [pid 10035] ioctl(4, LOOP_CLR_FD) = 0 [pid 10035] close(4) = 0 [pid 10035] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10034] <... futex resumed>) = 0 [pid 10035] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10034] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10034] <... futex resumed>) = 0 [pid 10035] open("./file0", O_RDONLY [pid 10034] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10035] <... open resumed>) = 4 [ 268.671950][T10035] BTRFS info (device loop0): rebuilding free space tree [ 268.683015][T10035] BTRFS info (device loop0): disabling free space tree [ 268.690387][T10035] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 268.700117][T10035] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 268.713006][T10035] BTRFS info (device loop0): checking UUID tree [pid 10035] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10035] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10034] <... futex resumed>) = 0 [pid 10034] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10035] <... futex resumed>) = 0 [pid 10034] <... futex resumed>) = 1 [pid 10035] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10035] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10034] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10035] <... futex resumed>) = 0 [pid 10035] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10034] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10035] <... futex resumed>) = 0 [pid 10034] <... futex resumed>) = 1 [pid 10035] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10034] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10034] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10034] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10053]}, 88) = 10053 [pid 10034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10034] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10034] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10053 attached [pid 10053] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10053] set_robust_list(0x7f0bd5e089a0, 24) = 0 [ 268.781109][T10035] BTRFS info (device loop0): balance: start -d -m [ 268.790834][T10035] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 268.815753][T10035] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10053] open(".", O_RDONLY) = 5 [pid 10053] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10034] <... futex resumed>) = 0 [pid 10053] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10034] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10034] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10053] <... ioctl resumed>) = 0 [pid 10053] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10053] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10034] <... futex resumed>) = 0 [pid 10035] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10035] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10035] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10034] exit_group(0 [pid 10053] <... futex resumed>) = ? [pid 10035] <... futex resumed>) = ? [pid 10034] <... exit_group resumed>) = ? [pid 10053] +++ exited with 0 +++ [pid 10035] +++ exited with 0 +++ [ 268.881012][T10035] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 268.903543][T10035] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 268.920708][T10035] BTRFS info (device loop0): balance: ended with status: 0 [pid 10034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10034, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- umount2("./248", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./248/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./248/binderfs") = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./248/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10054 attached [pid 10054] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10054] chdir("./249") = 0 [pid 10054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10054 [pid 10054] setpgid(0, 0) = 0 [pid 10054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10054] write(3, "1000", 4) = 4 [pid 10054] close(3) = 0 [pid 10054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10054] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10054] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10054] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10054] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10055 attached [pid 10055] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10054] <... clone3 resumed> => {parent_tid=[10055]}, 88) = 10055 [pid 10055] <... rseq resumed>) = 0 [pid 10055] set_robust_list(0x7f0bd5e299a0, 24 [pid 10054] rt_sigprocmask(SIG_SETMASK, [], [pid 10055] <... set_robust_list resumed>) = 0 [pid 10054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10055] rt_sigprocmask(SIG_SETMASK, [], [pid 10054] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10055] memfd_create("syzkaller", 0 [pid 10054] <... futex resumed>) = 0 [pid 10054] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10055] <... memfd_create resumed>) = 3 [pid 10055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10055] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10055] close(3) = 0 [pid 10055] mkdir("./file0", 0777) = 0 [ 269.466019][T10055] loop0: detected capacity change from 0 to 32768 [ 269.480577][T10055] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10055) [ 269.496215][T10055] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 269.505496][T10055] BTRFS info (device loop0): force clearing of disk cache [ 269.512594][T10055] BTRFS info (device loop0): setting nodatasum [ 269.518918][T10055] BTRFS info (device loop0): allowing degraded mounts [ 269.525792][T10055] BTRFS info (device loop0): enabling disk space caching [ 269.532828][T10055] BTRFS info (device loop0): disk space caching is enabled [ 269.553271][T10055] BTRFS info (device loop0): enabling ssd optimizations [pid 10055] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10055] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10055] chdir("./file0") = 0 [pid 10055] ioctl(4, LOOP_CLR_FD) = 0 [ 269.560496][T10055] BTRFS info (device loop0): auto enabling async discard [ 269.568532][T10055] BTRFS info (device loop0): rebuilding free space tree [ 269.579434][T10055] BTRFS info (device loop0): disabling free space tree [ 269.586455][T10055] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 269.596194][T10055] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 269.609183][T10055] BTRFS info (device loop0): checking UUID tree [pid 10055] close(4) = 0 [pid 10055] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10054] <... futex resumed>) = 0 [pid 10054] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10055] open("./file0", O_RDONLY [pid 10054] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10055] <... open resumed>) = 4 [pid 10055] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10054] <... futex resumed>) = 0 [pid 10055] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10054] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10054] <... futex resumed>) = 0 [pid 10055] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10054] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10055] <... ioctl resumed>) = 0 [pid 10055] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10054] <... futex resumed>) = 0 [pid 10054] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10055] <... futex resumed>) = 1 [pid 10054] <... futex resumed>) = 0 [pid 10054] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10055] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10054] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10054] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10054] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10073]}, 88) = 10073 [pid 10054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10054] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10054] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10073 attached [pid 10073] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10073] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10073] open(".", O_RDONLY) = 5 [pid 10073] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10054] <... futex resumed>) = 0 [pid 10054] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10054] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10073] <... futex resumed>) = 1 [ 269.697755][T10055] BTRFS info (device loop0): balance: start -d -m [ 269.705666][T10055] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 269.729552][T10055] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10073] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 10073] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10054] <... futex resumed>) = 0 [pid 10073] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10055] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10055] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10055] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10054] exit_group(0 [pid 10073] <... futex resumed>) = ? [pid 10055] <... futex resumed>) = ? [pid 10054] <... exit_group resumed>) = ? [pid 10073] +++ exited with 0 +++ [pid 10055] +++ exited with 0 +++ [pid 10054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10054, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- [ 269.802533][T10055] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 269.822606][T10055] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 269.840581][T10055] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./249/binderfs") = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10074 attached [pid 10074] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10074] chdir("./250") = 0 [pid 10074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10074] setpgid(0, 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10074 [pid 10074] <... setpgid resumed>) = 0 [pid 10074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10074] write(3, "1000", 4) = 4 [pid 10074] close(3) = 0 [pid 10074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10074] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10074] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10074] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10075 attached => {parent_tid=[10075]}, 88) = 10075 [pid 10075] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10074] rt_sigprocmask(SIG_SETMASK, [], [pid 10075] <... rseq resumed>) = 0 [pid 10074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10075] set_robust_list(0x7f0bd5e299a0, 24 [pid 10074] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10075] <... set_robust_list resumed>) = 0 [pid 10074] <... futex resumed>) = 0 [pid 10075] rt_sigprocmask(SIG_SETMASK, [], [pid 10074] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10075] memfd_create("syzkaller", 0) = 3 [pid 10075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10075] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10075] close(3) = 0 [pid 10075] mkdir("./file0", 0777) = 0 [ 270.428085][T10075] loop0: detected capacity change from 0 to 32768 [ 270.441540][T10075] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10075) [ 270.456538][T10075] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 270.465902][T10075] BTRFS info (device loop0): force clearing of disk cache [ 270.473200][T10075] BTRFS info (device loop0): setting nodatasum [ 270.479426][T10075] BTRFS info (device loop0): allowing degraded mounts [ 270.486226][T10075] BTRFS info (device loop0): enabling disk space caching [ 270.493239][T10075] BTRFS info (device loop0): disk space caching is enabled [ 270.511918][T10075] BTRFS info (device loop0): enabling ssd optimizations [ 270.518950][T10075] BTRFS info (device loop0): auto enabling async discard [pid 10075] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10075] chdir("./file0") = 0 [pid 10075] ioctl(4, LOOP_CLR_FD) = 0 [pid 10075] close(4) = 0 [pid 10075] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10075] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10074] <... futex resumed>) = 0 [pid 10074] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10075] <... futex resumed>) = 0 [ 270.526946][T10075] BTRFS info (device loop0): rebuilding free space tree [ 270.537847][T10075] BTRFS info (device loop0): disabling free space tree [ 270.544951][T10075] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 270.554759][T10075] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 270.567825][T10075] BTRFS info (device loop0): checking UUID tree [pid 10075] open("./file0", O_RDONLY) = 4 [pid 10074] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10075] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10075] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10074] <... futex resumed>) = 0 [pid 10074] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10075] <... futex resumed>) = 0 [pid 10074] <... futex resumed>) = 1 [pid 10075] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10074] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10075] <... ioctl resumed>) = 0 [pid 10075] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10074] <... futex resumed>) = 0 [pid 10075] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10074] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10074] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10074] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10074] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10093]}, 88) = 10093 [pid 10074] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10093 attached NULL, 8) = 0 [pid 10093] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10074] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10074] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10093] <... rseq resumed>) = 0 [pid 10093] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10093] open(".", O_RDONLY) = 5 [pid 10093] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10074] <... futex resumed>) = 0 [pid 10093] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10074] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10074] <... futex resumed>) = 0 [pid 10093] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 270.640378][T10075] BTRFS info (device loop0): balance: start -d -m [ 270.648319][T10075] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 270.671955][T10075] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10074] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10093] <... ioctl resumed>) = 0 [pid 10093] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10074] <... futex resumed>) = 0 [pid 10093] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10075] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10075] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10075] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10074] exit_group(0 [pid 10093] <... futex resumed>) = ? [pid 10075] <... futex resumed>) = ? [pid 10074] <... exit_group resumed>) = ? [pid 10093] +++ exited with 0 +++ [pid 10075] +++ exited with 0 +++ [pid 10074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10074, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 270.733795][T10075] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 270.760271][T10075] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 270.778446][T10075] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./250/binderfs") = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10094 attached , child_tidptr=0x5555570ad690) = 10094 [pid 10094] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10094] chdir("./251") = 0 [pid 10094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10094] setpgid(0, 0) = 0 [pid 10094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10094] write(3, "1000", 4) = 4 [pid 10094] close(3) = 0 [pid 10094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10094] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10094] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10094] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10094] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10095 attached [pid 10095] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10095] set_robust_list(0x7f0bd5e299a0, 24 [pid 10094] <... clone3 resumed> => {parent_tid=[10095]}, 88) = 10095 [pid 10095] <... set_robust_list resumed>) = 0 [pid 10094] rt_sigprocmask(SIG_SETMASK, [], [pid 10095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10095] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10094] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10094] <... futex resumed>) = 0 [pid 10095] memfd_create("syzkaller", 0 [pid 10094] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10095] <... memfd_create resumed>) = 3 [pid 10095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10095] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10095] close(3) = 0 [pid 10095] mkdir("./file0", 0777) = 0 [ 271.314295][T10095] loop0: detected capacity change from 0 to 32768 [ 271.339699][T10095] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10095) [ 271.356241][T10095] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 271.365551][T10095] BTRFS info (device loop0): force clearing of disk cache [ 271.372680][T10095] BTRFS info (device loop0): setting nodatasum [ 271.378963][T10095] BTRFS info (device loop0): allowing degraded mounts [ 271.385767][T10095] BTRFS info (device loop0): enabling disk space caching [ 271.392796][T10095] BTRFS info (device loop0): disk space caching is enabled [ 271.411686][T10095] BTRFS info (device loop0): enabling ssd optimizations [ 271.418730][T10095] BTRFS info (device loop0): auto enabling async discard [ 271.427212][T10095] BTRFS info (device loop0): rebuilding free space tree [ 271.437997][T10095] BTRFS info (device loop0): disabling free space tree [ 271.444994][T10095] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 271.454699][T10095] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10095] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10095] chdir("./file0") = 0 [pid 10095] ioctl(4, LOOP_CLR_FD) = 0 [pid 10095] close(4) = 0 [pid 10095] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10094] <... futex resumed>) = 0 [pid 10094] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10095] open("./file0", O_RDONLY [pid 10094] <... futex resumed>) = 0 [pid 10094] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10095] <... open resumed>) = 4 [pid 10095] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10094] <... futex resumed>) = 0 [pid 10094] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10094] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10095] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10095] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10094] <... futex resumed>) = 0 [pid 10094] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10095] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10094] <... futex resumed>) = 0 [ 271.467412][T10095] BTRFS info (device loop0): checking UUID tree [pid 10094] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10094] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10094] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10094] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10094] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10113 attached [pid 10113] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10094] <... clone3 resumed> => {parent_tid=[10113]}, 88) = 10113 [pid 10113] <... rseq resumed>) = 0 [pid 10094] rt_sigprocmask(SIG_SETMASK, [], [pid 10113] set_robust_list(0x7f0bd5e089a0, 24 [pid 10094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10113] <... set_robust_list resumed>) = 0 [pid 10094] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10113] rt_sigprocmask(SIG_SETMASK, [], [pid 10094] <... futex resumed>) = 0 [pid 10113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10094] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10113] open(".", O_RDONLY) = 5 [pid 10113] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10094] <... futex resumed>) = 0 [pid 10113] <... futex resumed>) = 1 [pid 10094] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10113] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10094] <... futex resumed>) = 0 [ 271.536105][T10095] BTRFS info (device loop0): balance: start -d -m [ 271.546512][T10095] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 271.569315][T10095] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10094] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10113] <... ioctl resumed>) = 0 [pid 10113] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10094] <... futex resumed>) = 0 [pid 10113] <... futex resumed>) = 1 [ 271.644218][T10095] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 271.672065][T10095] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10113] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10095] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10095] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10095] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10094] exit_group(0 [pid 10113] <... futex resumed>) = ? [pid 10113] +++ exited with 0 +++ [pid 10095] <... futex resumed>) = ? [pid 10095] +++ exited with 0 +++ [pid 10094] <... exit_group resumed>) = ? [pid 10094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10094, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 271.690607][T10095] BTRFS info (device loop0): balance: ended with status: 0 umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./251/binderfs") = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10114 attached , child_tidptr=0x5555570ad690) = 10114 [pid 10114] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10114] chdir("./252") = 0 [pid 10114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10114] setpgid(0, 0) = 0 [pid 10114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10114] write(3, "1000", 4) = 4 [pid 10114] close(3) = 0 [pid 10114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10114] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10114] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10114] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10115 attached [pid 10115] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10114] <... clone3 resumed> => {parent_tid=[10115]}, 88) = 10115 [pid 10115] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10114] rt_sigprocmask(SIG_SETMASK, [], [pid 10115] rt_sigprocmask(SIG_SETMASK, [], [pid 10114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10114] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10115] memfd_create("syzkaller", 0 [pid 10114] <... futex resumed>) = 0 [pid 10114] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10115] <... memfd_create resumed>) = 3 [pid 10115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10115] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10115] close(3) = 0 [pid 10115] mkdir("./file0", 0777) = 0 [ 272.236816][T10115] loop0: detected capacity change from 0 to 32768 [ 272.262309][T10115] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10115) [pid 10115] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10115] chdir("./file0") = 0 [pid 10115] ioctl(4, LOOP_CLR_FD) = 0 [pid 10115] close(4) = 0 [pid 10115] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10115] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10114] <... futex resumed>) = 0 [pid 10114] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10115] <... futex resumed>) = 0 [ 272.278248][T10115] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 272.287587][T10115] BTRFS info (device loop0): force clearing of disk cache [ 272.294744][T10115] BTRFS info (device loop0): setting nodatasum [ 272.300917][T10115] BTRFS info (device loop0): allowing degraded mounts [ 272.307723][T10115] BTRFS info (device loop0): enabling disk space caching [pid 10115] open("./file0", O_RDONLY [pid 10114] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10115] <... open resumed>) = 4 [pid 10115] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10114] <... futex resumed>) = 0 [pid 10115] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10114] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10114] <... futex resumed>) = 0 [pid 10115] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10115] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10115] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10114] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 10114] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10115] <... futex resumed>) = 0 [pid 10114] <... futex resumed>) = 1 [pid 10115] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10114] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10114] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10114] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10133 attached [pid 10133] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10114] <... clone3 resumed> => {parent_tid=[10133]}, 88) = 10133 [pid 10133] <... rseq resumed>) = 0 [pid 10114] rt_sigprocmask(SIG_SETMASK, [], [pid 10133] set_robust_list(0x7f0bd5e089a0, 24 [pid 10114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10133] <... set_robust_list resumed>) = 0 [pid 10114] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10133] rt_sigprocmask(SIG_SETMASK, [], [pid 10114] <... futex resumed>) = 0 [pid 10133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10114] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10133] open(".", O_RDONLY) = 5 [pid 10133] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10114] <... futex resumed>) = 0 [pid 10114] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10133] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10114] <... futex resumed>) = 0 [pid 10114] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10133] <... ioctl resumed>) = 0 [pid 10114] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10133] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10133] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10115] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10115] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10114] exit_group(0 [pid 10115] <... futex resumed>) = ? [pid 10114] <... exit_group resumed>) = ? [pid 10115] +++ exited with 0 +++ [pid 10133] <... futex resumed>) = ? [pid 10133] +++ exited with 0 +++ [pid 10114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10114, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./252/binderfs") = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10134 attached [pid 10134] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10134] chdir("./253") = 0 [pid 10134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10134 [pid 10134] setpgid(0, 0) = 0 [pid 10134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10134] write(3, "1000", 4) = 4 [pid 10134] close(3) = 0 [pid 10134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10134] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10134] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10134] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10135 attached [pid 10135] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10134] <... clone3 resumed> => {parent_tid=[10135]}, 88) = 10135 [pid 10135] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10134] rt_sigprocmask(SIG_SETMASK, [], [pid 10135] rt_sigprocmask(SIG_SETMASK, [], [pid 10134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10134] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10135] memfd_create("syzkaller", 0 [pid 10134] <... futex resumed>) = 0 [pid 10134] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10135] <... memfd_create resumed>) = 3 [pid 10135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10135] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10135] close(3) = 0 [pid 10135] mkdir("./file0", 0777) = 0 [ 273.004982][T10135] loop0: detected capacity change from 0 to 32768 [ 273.030342][T10135] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10135) [ 273.045582][T10135] _btrfs_printk: 14 callbacks suppressed [ 273.045598][T10135] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 273.060512][T10135] BTRFS info (device loop0): force clearing of disk cache [ 273.067669][T10135] BTRFS info (device loop0): setting nodatasum [ 273.073813][T10135] BTRFS info (device loop0): allowing degraded mounts [ 273.080691][T10135] BTRFS info (device loop0): enabling disk space caching [ 273.087833][T10135] BTRFS info (device loop0): disk space caching is enabled [ 273.105936][T10135] BTRFS info (device loop0): enabling ssd optimizations [ 273.112926][T10135] BTRFS info (device loop0): auto enabling async discard [ 273.120991][T10135] BTRFS info (device loop0): rebuilding free space tree [ 273.132145][T10135] BTRFS info (device loop0): disabling free space tree [ 273.139271][T10135] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10135] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10135] chdir("./file0") = 0 [pid 10135] ioctl(4, LOOP_CLR_FD) = 0 [pid 10135] close(4) = 0 [ 273.149156][T10135] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 273.162079][T10135] BTRFS info (device loop0): checking UUID tree [pid 10135] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10135] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10134] <... futex resumed>) = 0 [pid 10134] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10134] <... futex resumed>) = 0 [pid 10135] open("./file0", O_RDONLY [pid 10134] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10135] <... open resumed>) = 4 [pid 10135] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10134] <... futex resumed>) = 0 [pid 10135] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 10134] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10134] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10135] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10135] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10135] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10134] <... futex resumed>) = 0 [pid 10134] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10134] <... futex resumed>) = 0 [pid 10135] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10134] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10134] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10134] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 273.269204][T10135] BTRFS info (device loop0): balance: start -d -m [ 273.279202][T10135] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 273.300520][T10135] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10153 attached => {parent_tid=[10153]}, 88) = 10153 [pid 10153] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10134] rt_sigprocmask(SIG_SETMASK, [], [pid 10153] <... rseq resumed>) = 0 [pid 10134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10153] set_robust_list(0x7f0bd5e089a0, 24 [pid 10134] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10153] <... set_robust_list resumed>) = 0 [pid 10134] <... futex resumed>) = 0 [pid 10153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10134] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10153] open(".", O_RDONLY) = 5 [pid 10153] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10153] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10134] <... futex resumed>) = 0 [pid 10153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10134] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10153] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10134] <... futex resumed>) = 0 [ 273.334233][T10135] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 273.356483][T10135] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10134] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10153] <... ioctl resumed>) = 0 [pid 10153] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10134] <... futex resumed>) = 0 [pid 10153] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10135] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10135] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10134] exit_group(0 [pid 10153] <... futex resumed>) = ? [pid 10135] <... futex resumed>) = ? [pid 10134] <... exit_group resumed>) = ? [pid 10135] +++ exited with 0 +++ [pid 10153] +++ exited with 0 +++ [pid 10134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10134, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 273.380287][T10135] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./253/binderfs") = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10154 attached , child_tidptr=0x5555570ad690) = 10154 [pid 10154] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10154] chdir("./254") = 0 [pid 10154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10154] setpgid(0, 0) = 0 [pid 10154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10154] write(3, "1000", 4) = 4 [pid 10154] close(3) = 0 [pid 10154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10154] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10154] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10154] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10155 attached [pid 10155] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10154] <... clone3 resumed> => {parent_tid=[10155]}, 88) = 10155 [pid 10155] set_robust_list(0x7f0bd5e299a0, 24 [pid 10154] rt_sigprocmask(SIG_SETMASK, [], [pid 10155] <... set_robust_list resumed>) = 0 [pid 10155] rt_sigprocmask(SIG_SETMASK, [], [pid 10154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10154] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] memfd_create("syzkaller", 0 [pid 10154] <... futex resumed>) = 0 [pid 10155] <... memfd_create resumed>) = 3 [pid 10154] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10155] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10155] close(3) = 0 [pid 10155] mkdir("./file0", 0777) = 0 [ 273.916520][T10155] loop0: detected capacity change from 0 to 32768 [ 273.930566][T10155] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10155) [ 273.946274][T10155] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 273.956153][T10155] BTRFS info (device loop0): force clearing of disk cache [ 273.963304][T10155] BTRFS info (device loop0): setting nodatasum [ 273.969567][T10155] BTRFS info (device loop0): allowing degraded mounts [ 273.976440][T10155] BTRFS info (device loop0): enabling disk space caching [ 273.983464][T10155] BTRFS info (device loop0): disk space caching is enabled [ 274.002102][T10155] BTRFS info (device loop0): enabling ssd optimizations [ 274.009392][T10155] BTRFS info (device loop0): auto enabling async discard [pid 10155] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10155] chdir("./file0") = 0 [pid 10155] ioctl(4, LOOP_CLR_FD) = 0 [pid 10155] close(4) = 0 [pid 10155] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10155] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10154] <... futex resumed>) = 0 [pid 10155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10154] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] open("./file0", O_RDONLY [pid 10154] <... futex resumed>) = 0 [pid 10155] <... open resumed>) = 4 [ 274.017441][T10155] BTRFS info (device loop0): rebuilding free space tree [ 274.028157][T10155] BTRFS info (device loop0): disabling free space tree [ 274.035125][T10155] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 274.044823][T10155] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 274.057707][T10155] BTRFS info (device loop0): checking UUID tree [pid 10154] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10155] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10154] <... futex resumed>) = 0 [pid 10154] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10154] <... futex resumed>) = 0 [pid 10155] <... ioctl resumed>) = 0 [pid 10154] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10155] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10155] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10154] <... futex resumed>) = 0 [pid 10154] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10154] <... futex resumed>) = 0 [pid 10155] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10154] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10154] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10154] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 274.135180][T10155] BTRFS info (device loop0): balance: start -d -m [ 274.144164][T10155] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 274.168634][T10155] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10173]}, 88) = 10173 [pid 10154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10154] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10154] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10173 attached [pid 10173] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10173] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10173] open(".", O_RDONLY) = 5 [pid 10173] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10154] <... futex resumed>) = 0 [pid 10173] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10154] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10154] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10173] <... ioctl resumed>) = 0 [pid 10173] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10154] <... futex resumed>) = 0 [pid 10173] <... futex resumed>) = 1 [ 274.211326][T10155] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 274.247846][T10155] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10173] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10155] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10155] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10155] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10154] exit_group(0 [pid 10155] <... futex resumed>) = ? [pid 10154] <... exit_group resumed>) = ? [pid 10155] +++ exited with 0 +++ [pid 10173] <... futex resumed>) = ? [pid 10173] +++ exited with 0 +++ [pid 10154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10154, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 274.265651][T10155] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./254/binderfs") = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10174 attached [pid 10174] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10174] chdir("./255") = 0 [pid 10174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10174 [pid 10174] setpgid(0, 0) = 0 [pid 10174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10174] write(3, "1000", 4) = 4 [pid 10174] close(3) = 0 [pid 10174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10174] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10174] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10174] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10175 attached [pid 10175] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10174] <... clone3 resumed> => {parent_tid=[10175]}, 88) = 10175 [pid 10175] <... rseq resumed>) = 0 [pid 10175] set_robust_list(0x7f0bd5e299a0, 24 [pid 10174] rt_sigprocmask(SIG_SETMASK, [], [pid 10175] <... set_robust_list resumed>) = 0 [pid 10174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10175] rt_sigprocmask(SIG_SETMASK, [], [pid 10174] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10174] <... futex resumed>) = 0 [pid 10175] memfd_create("syzkaller", 0 [pid 10174] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10175] <... memfd_create resumed>) = 3 [pid 10175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10175] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10175] close(3) = 0 [pid 10175] mkdir("./file0", 0777) = 0 [ 274.842821][T10175] loop0: detected capacity change from 0 to 32768 [ 274.857569][T10175] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10175) [ 274.874566][T10175] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 274.884704][T10175] BTRFS info (device loop0): force clearing of disk cache [ 274.891805][T10175] BTRFS info (device loop0): setting nodatasum [ 274.897998][T10175] BTRFS info (device loop0): allowing degraded mounts [ 274.904911][T10175] BTRFS info (device loop0): enabling disk space caching [ 274.911932][T10175] BTRFS info (device loop0): disk space caching is enabled [ 274.930889][T10175] BTRFS info (device loop0): enabling ssd optimizations [pid 10175] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10175] chdir("./file0") = 0 [pid 10175] ioctl(4, LOOP_CLR_FD) = 0 [pid 10175] close(4) = 0 [pid 10175] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10174] <... futex resumed>) = 0 [pid 10175] open("./file0", O_RDONLY [pid 10174] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10175] <... open resumed>) = 4 [pid 10174] <... futex resumed>) = 0 [pid 10174] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10175] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10174] <... futex resumed>) = 0 [pid 10174] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10175] <... futex resumed>) = 1 [pid 10174] <... futex resumed>) = 0 [pid 10174] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10175] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10175] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10174] <... futex resumed>) = 0 [pid 10175] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10174] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 274.937912][T10175] BTRFS info (device loop0): auto enabling async discard [ 274.945935][T10175] BTRFS info (device loop0): rebuilding free space tree [ 274.957125][T10175] BTRFS info (device loop0): disabling free space tree [ 274.964177][T10175] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 274.973972][T10175] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 274.986824][T10175] BTRFS info (device loop0): checking UUID tree [pid 10174] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10174] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10174] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10193 attached => {parent_tid=[10193]}, 88) = 10193 [pid 10174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10174] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10174] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10193] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10193] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10193] open(".", O_RDONLY) = 5 [pid 10193] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10193] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10174] <... futex resumed>) = 0 [pid 10174] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10193] <... futex resumed>) = 0 [pid 10174] <... futex resumed>) = 1 [pid 10193] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 275.022334][T10175] BTRFS info (device loop0): balance: start -d -m [ 275.030446][T10175] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 275.052853][T10175] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10174] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10193] <... ioctl resumed>) = 0 [pid 10193] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10193] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10174] <... futex resumed>) = 0 [ 275.125943][T10175] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 275.157594][T10175] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10175] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10175] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10175] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10174] exit_group(0 [pid 10193] <... futex resumed>) = ? [pid 10175] <... futex resumed>) = ? [pid 10174] <... exit_group resumed>) = ? [pid 10193] +++ exited with 0 +++ [pid 10175] +++ exited with 0 +++ [pid 10174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10174, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 275.182506][T10175] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./255/binderfs") = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10194 attached , child_tidptr=0x5555570ad690) = 10194 [pid 10194] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10194] chdir("./256") = 0 [pid 10194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10194] setpgid(0, 0) = 0 [pid 10194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10194] write(3, "1000", 4) = 4 [pid 10194] close(3) = 0 [pid 10194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10194] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10194] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10194] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10195 attached [pid 10195] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10194] <... clone3 resumed> => {parent_tid=[10195]}, 88) = 10195 [pid 10195] set_robust_list(0x7f0bd5e299a0, 24 [pid 10194] rt_sigprocmask(SIG_SETMASK, [], [pid 10195] <... set_robust_list resumed>) = 0 [pid 10195] rt_sigprocmask(SIG_SETMASK, [], [pid 10194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10194] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10195] memfd_create("syzkaller", 0 [pid 10194] <... futex resumed>) = 0 [pid 10194] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10195] <... memfd_create resumed>) = 3 [pid 10195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10195] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10195] close(3) = 0 [pid 10195] mkdir("./file0", 0777) = 0 [ 275.703940][T10195] loop0: detected capacity change from 0 to 32768 [ 275.727783][T10195] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10195) [ 275.744450][T10195] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 275.753779][T10195] BTRFS info (device loop0): force clearing of disk cache [ 275.761089][T10195] BTRFS info (device loop0): setting nodatasum [ 275.767333][T10195] BTRFS info (device loop0): allowing degraded mounts [ 275.774221][T10195] BTRFS info (device loop0): enabling disk space caching [ 275.781270][T10195] BTRFS info (device loop0): disk space caching is enabled [ 275.799127][T10195] BTRFS info (device loop0): enabling ssd optimizations [ 275.806301][T10195] BTRFS info (device loop0): auto enabling async discard [ 275.815655][T10195] BTRFS info (device loop0): rebuilding free space tree [ 275.826744][T10195] BTRFS info (device loop0): disabling free space tree [ 275.833659][T10195] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 275.843622][T10195] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10195] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10195] chdir("./file0") = 0 [pid 10195] ioctl(4, LOOP_CLR_FD) = 0 [pid 10195] close(4) = 0 [pid 10195] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10195] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10194] <... futex resumed>) = 0 [pid 10194] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10195] <... futex resumed>) = 0 [pid 10194] <... futex resumed>) = 1 [pid 10195] open("./file0", O_RDONLY [pid 10194] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10195] <... open resumed>) = 4 [ 275.856340][T10195] BTRFS info (device loop0): checking UUID tree [pid 10195] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10194] <... futex resumed>) = 0 [pid 10195] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10194] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10195] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10194] <... futex resumed>) = 0 [pid 10195] <... ioctl resumed>) = 0 [pid 10194] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10195] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10194] <... futex resumed>) = 0 [pid 10195] <... futex resumed>) = 1 [pid 10194] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10195] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10194] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10194] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [ 275.946569][T10195] BTRFS info (device loop0): balance: start -d -m [ 275.958681][T10195] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 275.982038][T10195] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10194] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10213 attached [pid 10213] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10194] <... clone3 resumed> => {parent_tid=[10213]}, 88) = 10213 [pid 10213] <... rseq resumed>) = 0 [pid 10194] rt_sigprocmask(SIG_SETMASK, [], [pid 10213] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10213] rt_sigprocmask(SIG_SETMASK, [], [pid 10194] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10194] <... futex resumed>) = 0 [pid 10213] open(".", O_RDONLY) = 5 [pid 10194] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10213] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10213] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10194] <... futex resumed>) = 0 [pid 10213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10194] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10213] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10194] <... futex resumed>) = 0 [pid 10194] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10195] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10195] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10213] <... ioctl resumed>) = 0 [pid 10195] <... futex resumed>) = 0 [pid 10213] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10195] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10213] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10194] <... futex resumed>) = 0 [pid 10194] exit_group(0) = ? [pid 10213] <... futex resumed>) = ? [pid 10195] <... futex resumed>) = ? [pid 10213] +++ exited with 0 +++ [pid 10195] +++ exited with 0 +++ [pid 10194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10194, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 276.013369][T10195] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 276.034893][T10195] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 276.054374][T10195] BTRFS info (device loop0): balance: ended with status: 0 umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./256/binderfs") = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10214 attached [pid 10214] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10214] chdir("./257" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10214 [pid 10214] <... chdir resumed>) = 0 [pid 10214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10214] setpgid(0, 0) = 0 [pid 10214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10214] write(3, "1000", 4) = 4 [pid 10214] close(3) = 0 [pid 10214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10214] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10214] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10214] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10215 attached [pid 10215] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10214] <... clone3 resumed> => {parent_tid=[10215]}, 88) = 10215 [pid 10215] <... rseq resumed>) = 0 [pid 10215] set_robust_list(0x7f0bd5e299a0, 24 [pid 10214] rt_sigprocmask(SIG_SETMASK, [], [pid 10215] <... set_robust_list resumed>) = 0 [pid 10214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10215] rt_sigprocmask(SIG_SETMASK, [], [pid 10214] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10214] <... futex resumed>) = 0 [pid 10215] memfd_create("syzkaller", 0 [pid 10214] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10215] <... memfd_create resumed>) = 3 [pid 10215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10215] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10215] close(3) = 0 [pid 10215] mkdir("./file0", 0777) = 0 [ 276.535399][T10215] loop0: detected capacity change from 0 to 32768 [ 276.555290][T10215] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10215) [ 276.570270][T10215] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 276.579623][T10215] BTRFS info (device loop0): force clearing of disk cache [ 276.586919][T10215] BTRFS info (device loop0): setting nodatasum [ 276.593089][T10215] BTRFS info (device loop0): allowing degraded mounts [ 276.599937][T10215] BTRFS info (device loop0): enabling disk space caching [ 276.607078][T10215] BTRFS info (device loop0): disk space caching is enabled [ 276.626869][T10215] BTRFS info (device loop0): enabling ssd optimizations [ 276.633953][T10215] BTRFS info (device loop0): auto enabling async discard [ 276.641825][T10215] BTRFS info (device loop0): rebuilding free space tree [ 276.652913][T10215] BTRFS info (device loop0): disabling free space tree [ 276.659933][T10215] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 276.669689][T10215] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10215] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10215] chdir("./file0") = 0 [pid 10215] ioctl(4, LOOP_CLR_FD) = 0 [pid 10215] close(4) = 0 [pid 10215] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10214] <... futex resumed>) = 0 [pid 10215] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 10214] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10215] open("./file0", O_RDONLY [pid 10214] <... futex resumed>) = 0 [pid 10215] <... open resumed>) = 4 [pid 10214] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 276.682866][T10215] BTRFS info (device loop0): checking UUID tree [pid 10215] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10214] <... futex resumed>) = 0 [pid 10215] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10214] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10215] <... ioctl resumed>) = 0 [pid 10214] <... futex resumed>) = 0 [pid 10214] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10215] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10214] <... futex resumed>) = 0 [pid 10214] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10215] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10214] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10214] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10214] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10233 attached [pid 10233] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10214] <... clone3 resumed> => {parent_tid=[10233]}, 88) = 10233 [pid 10233] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10233] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10214] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10233] <... futex resumed>) = 0 [pid 10233] open(".", O_RDONLY) = 5 [pid 10233] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10233] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10214] <... futex resumed>) = 1 [ 276.755620][T10215] BTRFS info (device loop0): balance: start -d -m [ 276.764546][T10215] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 276.791203][T10215] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10214] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 10214] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10233] <... futex resumed>) = 0 [pid 10233] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10214] <... futex resumed>) = 1 [pid 10214] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10233] <... ioctl resumed>) = 0 [pid 10233] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10214] <... futex resumed>) = 0 [ 276.827763][T10215] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 276.860322][T10215] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10233] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10215] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10215] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10214] exit_group(0 [pid 10233] <... futex resumed>) = ? [pid 10233] +++ exited with 0 +++ [pid 10215] <... futex resumed>) = ? [pid 10214] <... exit_group resumed>) = ? [pid 10215] +++ exited with 0 +++ [pid 10214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10214, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 276.879355][T10215] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./257/binderfs") = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10234 attached , child_tidptr=0x5555570ad690) = 10234 [pid 10234] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10234] chdir("./258") = 0 [pid 10234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10234] setpgid(0, 0) = 0 [pid 10234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10234] write(3, "1000", 4) = 4 [pid 10234] close(3) = 0 [pid 10234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10234] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10234] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10234] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10235 attached [pid 10235] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10234] <... clone3 resumed> => {parent_tid=[10235]}, 88) = 10235 [pid 10235] <... rseq resumed>) = 0 [pid 10234] rt_sigprocmask(SIG_SETMASK, [], [pid 10235] set_robust_list(0x7f0bd5e299a0, 24 [pid 10234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10235] <... set_robust_list resumed>) = 0 [pid 10234] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10235] rt_sigprocmask(SIG_SETMASK, [], [pid 10234] <... futex resumed>) = 0 [pid 10235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10234] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10235] memfd_create("syzkaller", 0) = 3 [pid 10235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10235] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10235] close(3) = 0 [pid 10235] mkdir("./file0", 0777) = 0 [ 277.414884][T10235] loop0: detected capacity change from 0 to 32768 [ 277.426072][T10235] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10235) [ 277.442408][T10235] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 277.451788][T10235] BTRFS info (device loop0): force clearing of disk cache [ 277.458973][T10235] BTRFS info (device loop0): setting nodatasum [pid 10235] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10235] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10235] chdir("./file0") = 0 [pid 10235] ioctl(4, LOOP_CLR_FD) = 0 [ 277.465221][T10235] BTRFS info (device loop0): allowing degraded mounts [ 277.471995][T10235] BTRFS info (device loop0): enabling disk space caching [pid 10235] close(4) = 0 [pid 10235] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10235] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10234] <... futex resumed>) = 0 [pid 10234] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10235] <... futex resumed>) = 0 [pid 10234] <... futex resumed>) = 1 [pid 10235] open("./file0", O_RDONLY [pid 10234] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10235] <... open resumed>) = 4 [pid 10235] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10234] <... futex resumed>) = 0 [pid 10235] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10234] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10234] <... futex resumed>) = 0 [pid 10235] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10234] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10235] <... ioctl resumed>) = 0 [pid 10235] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10234] <... futex resumed>) = 0 [pid 10235] <... futex resumed>) = 1 [pid 10234] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10235] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10234] <... futex resumed>) = 0 [pid 10234] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10234] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10234] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10253 attached => {parent_tid=[10253]}, 88) = 10253 [pid 10234] rt_sigprocmask(SIG_SETMASK, [], [pid 10253] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10253] set_robust_list(0x7f0bd5e089a0, 24 [pid 10234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10253] <... set_robust_list resumed>) = 0 [pid 10253] rt_sigprocmask(SIG_SETMASK, [], [pid 10234] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10253] open(".", O_RDONLY) = 5 [pid 10253] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10234] <... futex resumed>) = 0 [pid 10253] <... futex resumed>) = 0 [pid 10234] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10253] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10234] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10253] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10234] <... futex resumed>) = 0 [pid 10234] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10253] <... ioctl resumed>) = 0 [pid 10253] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10234] <... futex resumed>) = 0 [pid 10253] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10235] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10235] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10234] exit_group(0 [pid 10235] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 10234] <... exit_group resumed>) = ? [pid 10253] <... futex resumed>) = ? [pid 10235] +++ exited with 0 +++ [pid 10253] +++ exited with 0 +++ [pid 10234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10234, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./258/binderfs") = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10254 attached , child_tidptr=0x5555570ad690) = 10254 [pid 10254] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10254] chdir("./259") = 0 [pid 10254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10254] setpgid(0, 0) = 0 [pid 10254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10254] write(3, "1000", 4) = 4 [pid 10254] close(3) = 0 [pid 10254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10254] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10254] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10254] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10255 attached [pid 10255] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10254] <... clone3 resumed> => {parent_tid=[10255]}, 88) = 10255 [pid 10255] <... rseq resumed>) = 0 [pid 10254] rt_sigprocmask(SIG_SETMASK, [], [pid 10255] set_robust_list(0x7f0bd5e299a0, 24 [pid 10254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10255] <... set_robust_list resumed>) = 0 [pid 10254] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10254] <... futex resumed>) = 0 [pid 10255] memfd_create("syzkaller", 0 [pid 10254] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10255] <... memfd_create resumed>) = 3 [pid 10255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10255] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10255] close(3) = 0 [pid 10255] mkdir("./file0", 0777) = 0 [ 278.111087][T10255] loop0: detected capacity change from 0 to 32768 [ 278.126299][T10255] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10255) [ 278.142640][T10255] _btrfs_printk: 14 callbacks suppressed [ 278.142652][T10255] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 278.158101][T10255] BTRFS info (device loop0): force clearing of disk cache [ 278.165293][T10255] BTRFS info (device loop0): setting nodatasum [ 278.171550][T10255] BTRFS info (device loop0): allowing degraded mounts [ 278.178467][T10255] BTRFS info (device loop0): enabling disk space caching [ 278.185778][T10255] BTRFS info (device loop0): disk space caching is enabled [ 278.206942][T10255] BTRFS info (device loop0): enabling ssd optimizations [ 278.214017][T10255] BTRFS info (device loop0): auto enabling async discard [ 278.222030][T10255] BTRFS info (device loop0): rebuilding free space tree [ 278.233011][T10255] BTRFS info (device loop0): disabling free space tree [ 278.239968][T10255] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 278.249860][T10255] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10255] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10255] chdir("./file0") = 0 [pid 10255] ioctl(4, LOOP_CLR_FD) = 0 [pid 10255] close(4) = 0 [pid 10255] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10254] <... futex resumed>) = 0 [pid 10255] <... futex resumed>) = 1 [pid 10254] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10255] open("./file0", O_RDONLY [pid 10254] <... futex resumed>) = 0 [pid 10254] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10255] <... open resumed>) = 4 [pid 10255] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10254] <... futex resumed>) = 0 [pid 10255] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10254] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10255] <... ioctl resumed>) = 0 [pid 10254] <... futex resumed>) = 0 [pid 10254] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10255] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10254] <... futex resumed>) = 0 [pid 10255] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10254] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 278.262298][T10255] BTRFS info (device loop0): checking UUID tree [ 278.320651][T10255] BTRFS info (device loop0): balance: start -d -m [ 278.328119][T10255] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 278.344465][T10255] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10254] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10254] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10254] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10272 attached [pid 10255] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10272] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10255] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10272] <... rseq resumed>) = 0 [pid 10255] <... futex resumed>) = 0 [pid 10272] set_robust_list(0x7f0bd5e089a0, 24 [pid 10255] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10272] <... set_robust_list resumed>) = 0 [pid 10272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10254] <... clone3 resumed> => {parent_tid=[10272]}, 88) = 10272 [pid 10272] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10254] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10272] <... futex resumed>) = 0 [pid 10254] <... futex resumed>) = 1 [pid 10272] open(".", O_RDONLY [pid 10254] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10272] <... open resumed>) = 5 [ 278.371139][T10255] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 278.392578][T10255] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 278.410579][T10255] BTRFS info (device loop0): balance: ended with status: 0 [pid 10272] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10254] <... futex resumed>) = 0 [pid 10272] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10254] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10255] <... futex resumed>) = 0 [pid 10254] <... futex resumed>) = 1 [pid 10255] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10254] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10255] <... ioctl resumed>) = 0 [pid 10255] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10255] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10254] <... futex resumed>) = 0 [pid 10254] exit_group(0 [pid 10272] <... futex resumed>) = ? [pid 10255] <... futex resumed>) = ? [pid 10254] <... exit_group resumed>) = ? [pid 10272] +++ exited with 0 +++ [pid 10255] +++ exited with 0 +++ [pid 10254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10254, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./259/binderfs") = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10273 attached , child_tidptr=0x5555570ad690) = 10273 [pid 10273] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10273] chdir("./260") = 0 [pid 10273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10273] setpgid(0, 0) = 0 [pid 10273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10273] write(3, "1000", 4) = 4 [pid 10273] close(3) = 0 [pid 10273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10273] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10273] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10273] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10274 attached => {parent_tid=[10274]}, 88) = 10274 [pid 10273] rt_sigprocmask(SIG_SETMASK, [], [pid 10274] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10274] set_robust_list(0x7f0bd5e299a0, 24 [pid 10273] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10274] <... set_robust_list resumed>) = 0 [pid 10274] rt_sigprocmask(SIG_SETMASK, [], [pid 10273] <... futex resumed>) = 0 [pid 10274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10273] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10274] memfd_create("syzkaller", 0) = 3 [pid 10274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10274] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10274] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10274] close(3) = 0 [pid 10274] mkdir("./file0", 0777) = 0 [ 279.064546][T10274] loop0: detected capacity change from 0 to 32768 [ 279.079031][T10274] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10274) [ 279.095144][T10274] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 279.104487][T10274] BTRFS info (device loop0): force clearing of disk cache [ 279.111620][T10274] BTRFS info (device loop0): setting nodatasum [ 279.117859][T10274] BTRFS info (device loop0): allowing degraded mounts [ 279.124740][T10274] BTRFS info (device loop0): enabling disk space caching [ 279.131784][T10274] BTRFS info (device loop0): disk space caching is enabled [ 279.151637][T10274] BTRFS info (device loop0): enabling ssd optimizations [pid 10274] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10274] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10274] chdir("./file0") = 0 [pid 10274] ioctl(4, LOOP_CLR_FD) = 0 [pid 10274] close(4) = 0 [pid 10274] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10274] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10273] <... futex resumed>) = 0 [pid 10273] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10274] <... futex resumed>) = 0 [pid 10273] <... futex resumed>) = 1 [pid 10274] open("./file0", O_RDONLY [pid 10273] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10274] <... open resumed>) = 4 [ 279.158708][T10274] BTRFS info (device loop0): auto enabling async discard [ 279.166693][T10274] BTRFS info (device loop0): rebuilding free space tree [ 279.177424][T10274] BTRFS info (device loop0): disabling free space tree [ 279.184411][T10274] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 279.194127][T10274] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 279.207142][T10274] BTRFS info (device loop0): checking UUID tree [pid 10274] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10274] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10273] <... futex resumed>) = 0 [pid 10273] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10274] <... futex resumed>) = 0 [pid 10273] <... futex resumed>) = 1 [pid 10274] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10273] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10274] <... ioctl resumed>) = 0 [pid 10274] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10274] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10273] <... futex resumed>) = 0 [pid 10273] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10274] <... futex resumed>) = 0 [pid 10273] <... futex resumed>) = 1 [pid 10274] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10273] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10273] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10273] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10292]}, 88) = 10292 [pid 10273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10273] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10273] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10292 attached [pid 10292] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10292] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10292] open(".", O_RDONLY) = 5 [ 279.273446][T10274] BTRFS info (device loop0): balance: start -d -m [ 279.282110][T10274] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 279.309059][T10274] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10292] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10273] <... futex resumed>) = 0 [pid 10292] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10273] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10273] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10292] <... ioctl resumed>) = 0 [pid 10292] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10273] <... futex resumed>) = 0 [ 279.370904][T10274] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 279.410903][T10274] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10292] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10274] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10274] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10274] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10273] exit_group(0 [pid 10292] <... futex resumed>) = ? [pid 10292] +++ exited with 0 +++ [pid 10274] <... futex resumed>) = ? [pid 10273] <... exit_group resumed>) = ? [pid 10274] +++ exited with 0 +++ [pid 10273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10273, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 279.428349][T10274] BTRFS info (device loop0): balance: ended with status: 0 unlink("./260/binderfs") = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10293 attached [pid 10293] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10293] chdir("./261") = 0 [pid 10293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10293 [pid 10293] setpgid(0, 0) = 0 [pid 10293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10293] write(3, "1000", 4) = 4 [pid 10293] close(3) = 0 [pid 10293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10293] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10293] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10293] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10294 attached [pid 10294] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10293] <... clone3 resumed> => {parent_tid=[10294]}, 88) = 10294 [pid 10294] <... rseq resumed>) = 0 [pid 10293] rt_sigprocmask(SIG_SETMASK, [], [pid 10294] set_robust_list(0x7f0bd5e299a0, 24 [pid 10293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10294] <... set_robust_list resumed>) = 0 [pid 10293] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10293] <... futex resumed>) = 0 [pid 10294] memfd_create("syzkaller", 0 [pid 10293] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10294] <... memfd_create resumed>) = 3 [pid 10294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10294] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10294] close(3) = 0 [pid 10294] mkdir("./file0", 0777) = 0 [ 279.879334][T10294] loop0: detected capacity change from 0 to 32768 [ 279.888794][T10294] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10294) [ 279.904573][T10294] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 279.913897][T10294] BTRFS info (device loop0): force clearing of disk cache [ 279.921023][T10294] BTRFS info (device loop0): setting nodatasum [ 279.927595][T10294] BTRFS info (device loop0): allowing degraded mounts [ 279.934481][T10294] BTRFS info (device loop0): enabling disk space caching [ 279.941546][T10294] BTRFS info (device loop0): disk space caching is enabled [ 279.961003][T10294] BTRFS info (device loop0): enabling ssd optimizations [ 279.968039][T10294] BTRFS info (device loop0): auto enabling async discard [pid 10294] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10294] chdir("./file0") = 0 [pid 10294] ioctl(4, LOOP_CLR_FD) = 0 [pid 10294] close(4) = 0 [pid 10294] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10294] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10293] <... futex resumed>) = 0 [pid 10294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10293] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [ 279.976078][T10294] BTRFS info (device loop0): rebuilding free space tree [ 279.987028][T10294] BTRFS info (device loop0): disabling free space tree [ 279.994134][T10294] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 280.004135][T10294] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 280.016917][T10294] BTRFS info (device loop0): checking UUID tree [pid 10294] open("./file0", O_RDONLY [pid 10293] <... futex resumed>) = 0 [pid 10293] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10294] <... open resumed>) = 4 [pid 10294] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10293] <... futex resumed>) = 0 [pid 10294] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 10293] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10294] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10293] <... futex resumed>) = 0 [pid 10294] <... ioctl resumed>) = 0 [pid 10293] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10294] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10293] <... futex resumed>) = 0 [pid 10293] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10293] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10294] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10293] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10293] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10293] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10312]}, 88) = 10312 [pid 10293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10293] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10293] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10312 attached [pid 10312] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10312] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10312] open(".", O_RDONLY) = 5 [pid 10312] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10293] <... futex resumed>) = 0 [pid 10312] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10293] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10293] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10312] <... futex resumed>) = 0 [ 280.088796][T10294] BTRFS info (device loop0): balance: start -d -m [ 280.097127][T10294] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 280.120171][T10294] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10312] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 10312] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10312] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10293] <... futex resumed>) = 0 [ 280.195726][T10294] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 280.229422][T10294] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10294] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10294] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10294] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10293] exit_group(0 [pid 10312] <... futex resumed>) = ? [pid 10294] <... futex resumed>) = ? [pid 10293] <... exit_group resumed>) = ? [pid 10312] +++ exited with 0 +++ [pid 10294] +++ exited with 0 +++ [pid 10293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10293, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./261/binderfs") = 0 [ 280.246568][T10294] BTRFS info (device loop0): balance: ended with status: 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10313 attached [pid 10313] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10313] chdir("./262") = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10313 [pid 10313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10313] setpgid(0, 0) = 0 [pid 10313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10313] write(3, "1000", 4) = 4 [pid 10313] close(3) = 0 [pid 10313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10313] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10313] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10313] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10314 attached [pid 10314] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10313] <... clone3 resumed> => {parent_tid=[10314]}, 88) = 10314 [pid 10314] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10313] rt_sigprocmask(SIG_SETMASK, [], [pid 10314] rt_sigprocmask(SIG_SETMASK, [], [pid 10313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10313] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10314] memfd_create("syzkaller", 0 [pid 10313] <... futex resumed>) = 0 [pid 10313] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10314] <... memfd_create resumed>) = 3 [pid 10314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10314] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10314] close(3) = 0 [pid 10314] mkdir("./file0", 0777) = 0 [ 280.688022][T10314] loop0: detected capacity change from 0 to 32768 [ 280.697560][T10314] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10314) [ 280.713622][T10314] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 280.723060][T10314] BTRFS info (device loop0): force clearing of disk cache [ 280.730235][T10314] BTRFS info (device loop0): setting nodatasum [ 280.736457][T10314] BTRFS info (device loop0): allowing degraded mounts [ 280.743218][T10314] BTRFS info (device loop0): enabling disk space caching [ 280.750286][T10314] BTRFS info (device loop0): disk space caching is enabled [ 280.769013][T10314] BTRFS info (device loop0): enabling ssd optimizations [ 280.776380][T10314] BTRFS info (device loop0): auto enabling async discard [pid 10314] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10314] chdir("./file0") = 0 [pid 10314] ioctl(4, LOOP_CLR_FD) = 0 [pid 10314] close(4) = 0 [pid 10314] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10313] <... futex resumed>) = 0 [pid 10314] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10313] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10313] <... futex resumed>) = 0 [pid 10314] open("./file0", O_RDONLY [pid 10313] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10314] <... open resumed>) = 4 [pid 10314] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10313] <... futex resumed>) = 0 [pid 10314] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10313] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10314] <... ioctl resumed>) = 0 [pid 10313] <... futex resumed>) = 0 [ 280.785276][T10314] BTRFS info (device loop0): rebuilding free space tree [ 280.797167][T10314] BTRFS info (device loop0): disabling free space tree [ 280.804422][T10314] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 280.814504][T10314] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 280.827129][T10314] BTRFS info (device loop0): checking UUID tree [pid 10313] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10314] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10313] <... futex resumed>) = 0 [pid 10313] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10314] <... futex resumed>) = 1 [pid 10313] <... futex resumed>) = 0 [pid 10313] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10314] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10313] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10313] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10313] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10332 attached [pid 10332] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10313] <... clone3 resumed> => {parent_tid=[10332]}, 88) = 10332 [pid 10332] set_robust_list(0x7f0bd5e089a0, 24 [pid 10313] rt_sigprocmask(SIG_SETMASK, [], [pid 10332] <... set_robust_list resumed>) = 0 [pid 10313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10332] rt_sigprocmask(SIG_SETMASK, [], [pid 10313] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10313] <... futex resumed>) = 0 [pid 10332] open(".", O_RDONLY [pid 10313] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10332] <... open resumed>) = 5 [pid 10332] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10313] <... futex resumed>) = 0 [pid 10332] <... futex resumed>) = 1 [pid 10313] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10332] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10313] <... futex resumed>) = 0 [ 280.900087][T10314] BTRFS info (device loop0): balance: start -d -m [ 280.909395][T10314] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 280.933543][T10314] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10313] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10332] <... ioctl resumed>) = 0 [pid 10332] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10313] <... futex resumed>) = 0 [pid 10332] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10314] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10314] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10314] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10313] exit_group(0 [pid 10332] <... futex resumed>) = ? [pid 10314] <... futex resumed>) = ? [pid 10313] <... exit_group resumed>) = ? [pid 10314] +++ exited with 0 +++ [pid 10332] +++ exited with 0 +++ [pid 10313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10313, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 280.991277][T10314] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 281.014619][T10314] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 281.033465][T10314] BTRFS info (device loop0): balance: ended with status: 0 umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./262/binderfs") = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570ad690) = 10333 ./strace-static-x86_64: Process 10333 attached [pid 10333] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10333] chdir("./263") = 0 [pid 10333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10333] setpgid(0, 0) = 0 [pid 10333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10333] write(3, "1000", 4) = 4 [pid 10333] close(3) = 0 [pid 10333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10333] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10333] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10333] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10333] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10334 attached [pid 10334] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10333] <... clone3 resumed> => {parent_tid=[10334]}, 88) = 10334 [pid 10334] set_robust_list(0x7f0bd5e299a0, 24 [pid 10333] rt_sigprocmask(SIG_SETMASK, [], [pid 10334] <... set_robust_list resumed>) = 0 [pid 10333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10334] rt_sigprocmask(SIG_SETMASK, [], [pid 10333] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10333] <... futex resumed>) = 0 [pid 10334] memfd_create("syzkaller", 0 [pid 10333] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10334] <... memfd_create resumed>) = 3 [pid 10334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10334] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10334] close(3) = 0 [pid 10334] mkdir("./file0", 0777) = 0 [ 281.542401][T10334] loop0: detected capacity change from 0 to 32768 [ 281.559523][T10334] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10334) [ 281.574726][T10334] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 281.584018][T10334] BTRFS info (device loop0): force clearing of disk cache [ 281.591125][T10334] BTRFS info (device loop0): setting nodatasum [ 281.597473][T10334] BTRFS info (device loop0): allowing degraded mounts [ 281.604310][T10334] BTRFS info (device loop0): enabling disk space caching [ 281.611331][T10334] BTRFS info (device loop0): disk space caching is enabled [ 281.630873][T10334] BTRFS info (device loop0): enabling ssd optimizations [ 281.637940][T10334] BTRFS info (device loop0): auto enabling async discard [ 281.645998][T10334] BTRFS info (device loop0): rebuilding free space tree [ 281.656959][T10334] BTRFS info (device loop0): disabling free space tree [ 281.663975][T10334] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 281.673604][T10334] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10334] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10334] chdir("./file0") = 0 [pid 10334] ioctl(4, LOOP_CLR_FD) = 0 [pid 10334] close(4) = 0 [pid 10334] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10333] <... futex resumed>) = 0 [pid 10333] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10334] open("./file0", O_RDONLY [pid 10333] <... futex resumed>) = 0 [pid 10334] <... open resumed>) = 4 [pid 10333] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 281.687141][T10334] BTRFS info (device loop0): checking UUID tree [pid 10334] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10333] <... futex resumed>) = 0 [pid 10333] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10334] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10333] <... futex resumed>) = 0 [pid 10334] <... ioctl resumed>) = 0 [pid 10333] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10334] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10333] <... futex resumed>) = 0 [pid 10334] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10333] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10334] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10333] <... futex resumed>) = 0 [pid 10333] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10333] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10333] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10352]}, 88) = 10352 [pid 10333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10333] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10333] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10352 attached [pid 10352] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10352] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10352] open(".", O_RDONLY) = 5 [pid 10352] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10333] <... futex resumed>) = 0 [pid 10352] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10333] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 281.744380][T10334] BTRFS info (device loop0): balance: start -d -m [ 281.753688][T10334] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 281.779571][T10334] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10333] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10352] <... ioctl resumed>) = 0 [pid 10352] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10333] <... futex resumed>) = 0 [pid 10352] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10334] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10334] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10333] exit_group(0 [pid 10352] <... futex resumed>) = ? [pid 10334] <... futex resumed>) = ? [pid 10333] <... exit_group resumed>) = ? [pid 10352] +++ exited with 0 +++ [pid 10334] +++ exited with 0 +++ [pid 10333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10333, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- [ 281.857531][T10334] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 281.879322][T10334] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 281.896319][T10334] BTRFS info (device loop0): balance: ended with status: 0 umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./263/binderfs") = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10353 attached , child_tidptr=0x5555570ad690) = 10353 [pid 10353] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10353] chdir("./264") = 0 [pid 10353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10353] setpgid(0, 0) = 0 [pid 10353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10353] write(3, "1000", 4) = 4 [pid 10353] close(3) = 0 [pid 10353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10353] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10353] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10353] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10354 attached [pid 10354] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10353] <... clone3 resumed> => {parent_tid=[10354]}, 88) = 10354 [pid 10354] <... rseq resumed>) = 0 [pid 10353] rt_sigprocmask(SIG_SETMASK, [], [pid 10354] set_robust_list(0x7f0bd5e299a0, 24 [pid 10353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10354] <... set_robust_list resumed>) = 0 [pid 10353] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10354] rt_sigprocmask(SIG_SETMASK, [], [pid 10353] <... futex resumed>) = 0 [pid 10354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10354] memfd_create("syzkaller", 0 [pid 10353] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10354] <... memfd_create resumed>) = 3 [pid 10354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10354] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10354] close(3) = 0 [pid 10354] mkdir("./file0", 0777) = 0 [ 282.526873][T10354] loop0: detected capacity change from 0 to 32768 [ 282.542306][T10354] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10354) [ 282.559078][T10354] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 282.568377][T10354] BTRFS info (device loop0): force clearing of disk cache [pid 10354] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10354] chdir("./file0") = 0 [pid 10354] ioctl(4, LOOP_CLR_FD) = 0 [pid 10354] close(4) = 0 [ 282.575606][T10354] BTRFS info (device loop0): setting nodatasum [ 282.581781][T10354] BTRFS info (device loop0): allowing degraded mounts [ 282.588599][T10354] BTRFS info (device loop0): enabling disk space caching [pid 10354] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10353] <... futex resumed>) = 0 [pid 10353] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10354] open("./file0", O_RDONLY [pid 10353] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10354] <... open resumed>) = 4 [pid 10354] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10353] <... futex resumed>) = 0 [pid 10354] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10353] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10353] <... futex resumed>) = 0 [pid 10354] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10353] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10354] <... ioctl resumed>) = 0 [pid 10354] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10353] <... futex resumed>) = 0 [pid 10353] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10354] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10353] <... futex resumed>) = 0 [pid 10353] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10353] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10353] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10372]}, 88) = 10372 [pid 10353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10353] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10372 attached ) = 0 [pid 10353] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10372] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10372] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10372] open(".", O_RDONLY) = 5 [pid 10372] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10353] <... futex resumed>) = 0 [pid 10372] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10353] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10353] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10372] <... futex resumed>) = 0 [pid 10372] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 10372] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10353] <... futex resumed>) = 0 [pid 10372] <... futex resumed>) = 1 [pid 10372] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10354] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10354] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10354] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10353] exit_group(0 [pid 10372] <... futex resumed>) = ? [pid 10353] <... exit_group resumed>) = ? [pid 10372] +++ exited with 0 +++ [pid 10354] <... futex resumed>) = ? [pid 10354] +++ exited with 0 +++ [pid 10353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10353, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./264/binderfs") = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10373 attached [pid 10373] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10373] chdir("./265") = 0 [pid 10373] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10373 [pid 10373] <... prctl resumed>) = 0 [pid 10373] setpgid(0, 0) = 0 [pid 10373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10373] write(3, "1000", 4) = 4 [pid 10373] close(3) = 0 [pid 10373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10373] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10373] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10373] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10374 attached [pid 10374] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10373] <... clone3 resumed> => {parent_tid=[10374]}, 88) = 10374 [pid 10374] set_robust_list(0x7f0bd5e299a0, 24 [pid 10373] rt_sigprocmask(SIG_SETMASK, [], [pid 10374] <... set_robust_list resumed>) = 0 [pid 10373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10373] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10374] memfd_create("syzkaller", 0 [pid 10373] <... futex resumed>) = 0 [pid 10373] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10374] <... memfd_create resumed>) = 3 [pid 10374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10374] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10374] close(3) = 0 [pid 10374] mkdir("./file0", 0777) = 0 [ 283.272353][T10374] loop0: detected capacity change from 0 to 32768 [ 283.309972][T10374] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10374) [ 283.325413][T10374] _btrfs_printk: 14 callbacks suppressed [ 283.325428][T10374] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 283.340726][T10374] BTRFS info (device loop0): force clearing of disk cache [ 283.347916][T10374] BTRFS info (device loop0): setting nodatasum [ 283.354162][T10374] BTRFS info (device loop0): allowing degraded mounts [ 283.360936][T10374] BTRFS info (device loop0): enabling disk space caching [ 283.368023][T10374] BTRFS info (device loop0): disk space caching is enabled [ 283.387388][T10374] BTRFS info (device loop0): enabling ssd optimizations [ 283.394407][T10374] BTRFS info (device loop0): auto enabling async discard [ 283.402380][T10374] BTRFS info (device loop0): rebuilding free space tree [ 283.413307][T10374] BTRFS info (device loop0): disabling free space tree [ 283.420254][T10374] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10374] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10374] chdir("./file0") = 0 [pid 10374] ioctl(4, LOOP_CLR_FD) = 0 [pid 10374] close(4) = 0 [pid 10374] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10373] <... futex resumed>) = 0 [pid 10374] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10373] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10373] <... futex resumed>) = 0 [pid 10374] open("./file0", O_RDONLY [pid 10373] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10374] <... open resumed>) = 4 [pid 10374] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10373] <... futex resumed>) = 0 [pid 10374] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10373] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10373] <... futex resumed>) = 0 [pid 10374] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10373] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10374] <... ioctl resumed>) = 0 [pid 10374] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10373] <... futex resumed>) = 0 [pid 10374] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10373] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10373] <... futex resumed>) = 0 [pid 10374] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 283.429939][T10374] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 283.442421][T10374] BTRFS info (device loop0): checking UUID tree [ 283.476276][T10374] BTRFS info (device loop0): balance: start -d -m [pid 10373] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10373] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10373] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10392 attached => {parent_tid=[10392]}, 88) = 10392 [pid 10373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10373] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10392] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10373] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10392] <... rseq resumed>) = 0 [pid 10392] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10392] open(".", O_RDONLY) = 5 [pid 10392] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10392] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10373] <... futex resumed>) = 0 [pid 10373] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10392] <... futex resumed>) = 0 [pid 10373] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 283.485794][T10374] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 283.509314][T10374] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10392] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 10392] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10373] <... futex resumed>) = 0 [ 283.577146][T10374] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 283.610162][T10374] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10392] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10374] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10374] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10374] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10373] exit_group(0 [pid 10392] <... futex resumed>) = ? [pid 10374] <... futex resumed>) = ? [pid 10373] <... exit_group resumed>) = ? [pid 10374] +++ exited with 0 +++ [pid 10392] +++ exited with 0 +++ [pid 10373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10373, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 283.634384][T10374] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./265/binderfs") = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10393 attached [pid 10393] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10393] chdir("./266") = 0 [pid 10393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10393] setpgid(0, 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10393 [pid 10393] <... setpgid resumed>) = 0 [pid 10393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10393] write(3, "1000", 4) = 4 [pid 10393] close(3) = 0 [pid 10393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10393] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10393] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10393] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10394 attached [pid 10394] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10393] <... clone3 resumed> => {parent_tid=[10394]}, 88) = 10394 [pid 10394] <... rseq resumed>) = 0 [pid 10393] rt_sigprocmask(SIG_SETMASK, [], [pid 10394] set_robust_list(0x7f0bd5e299a0, 24 [pid 10393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10394] <... set_robust_list resumed>) = 0 [pid 10394] rt_sigprocmask(SIG_SETMASK, [], [pid 10393] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10393] <... futex resumed>) = 0 [pid 10394] memfd_create("syzkaller", 0 [pid 10393] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10394] <... memfd_create resumed>) = 3 [pid 10394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10394] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10394] close(3) = 0 [pid 10394] mkdir("./file0", 0777) = 0 [ 284.175589][T10394] loop0: detected capacity change from 0 to 32768 [ 284.190464][T10394] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10394) [ 284.206622][T10394] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 284.215893][T10394] BTRFS info (device loop0): force clearing of disk cache [ 284.222999][T10394] BTRFS info (device loop0): setting nodatasum [ 284.229192][T10394] BTRFS info (device loop0): allowing degraded mounts [ 284.235986][T10394] BTRFS info (device loop0): enabling disk space caching [ 284.243013][T10394] BTRFS info (device loop0): disk space caching is enabled [ 284.261457][T10394] BTRFS info (device loop0): enabling ssd optimizations [ 284.268484][T10394] BTRFS info (device loop0): auto enabling async discard [pid 10394] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10394] chdir("./file0") = 0 [pid 10394] ioctl(4, LOOP_CLR_FD) = 0 [pid 10394] close(4) = 0 [ 284.276875][T10394] BTRFS info (device loop0): rebuilding free space tree [ 284.287747][T10394] BTRFS info (device loop0): disabling free space tree [ 284.294739][T10394] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 284.304434][T10394] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 284.317232][T10394] BTRFS info (device loop0): checking UUID tree [pid 10394] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10393] <... futex resumed>) = 0 [pid 10394] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10393] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10394] <... futex resumed>) = 0 [pid 10393] <... futex resumed>) = 1 [pid 10394] open("./file0", O_RDONLY [pid 10393] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10394] <... open resumed>) = 4 [pid 10394] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10393] <... futex resumed>) = 0 [pid 10394] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 10393] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10394] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10393] <... futex resumed>) = 0 [pid 10394] <... ioctl resumed>) = 0 [pid 10393] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10394] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10394] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10393] <... futex resumed>) = 0 [pid 10393] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10394] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10393] <... futex resumed>) = 0 [pid 10393] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10393] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10393] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10412]}, 88) = 10412 [pid 10393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10393] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10393] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10412 attached [pid 10412] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10412] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 284.402174][T10394] BTRFS info (device loop0): balance: start -d -m [ 284.410198][T10394] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 284.434746][T10394] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10412] open(".", O_RDONLY) = 5 [pid 10412] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10393] <... futex resumed>) = 0 [pid 10412] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10393] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10393] <... futex resumed>) = 0 [pid 10412] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10393] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10412] <... ioctl resumed>) = 0 [pid 10412] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10393] <... futex resumed>) = 0 [pid 10412] <... futex resumed>) = 1 [ 284.475841][T10394] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 284.513338][T10394] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10412] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10394] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10394] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10394] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10393] exit_group(0 [pid 10412] <... futex resumed>) = ? [pid 10394] <... futex resumed>) = ? [pid 10393] <... exit_group resumed>) = ? [pid 10412] +++ exited with 0 +++ [pid 10394] +++ exited with 0 +++ [pid 10393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10393, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./266/binderfs") = 0 [ 284.530877][T10394] BTRFS info (device loop0): balance: ended with status: 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10413 attached , child_tidptr=0x5555570ad690) = 10413 [pid 10413] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10413] chdir("./267") = 0 [pid 10413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10413] setpgid(0, 0) = 0 [pid 10413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10413] write(3, "1000", 4) = 4 [pid 10413] close(3) = 0 [pid 10413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10413] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10413] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10413] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10414 attached [pid 10414] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10413] <... clone3 resumed> => {parent_tid=[10414]}, 88) = 10414 [pid 10414] <... rseq resumed>) = 0 [pid 10414] set_robust_list(0x7f0bd5e299a0, 24 [pid 10413] rt_sigprocmask(SIG_SETMASK, [], [pid 10414] <... set_robust_list resumed>) = 0 [pid 10413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10414] rt_sigprocmask(SIG_SETMASK, [], [pid 10413] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10413] <... futex resumed>) = 0 [pid 10414] memfd_create("syzkaller", 0 [pid 10413] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10414] <... memfd_create resumed>) = 3 [pid 10414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10414] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10414] close(3) = 0 [pid 10414] mkdir("./file0", 0777) = 0 [ 284.945903][T10414] loop0: detected capacity change from 0 to 32768 [ 284.970314][T10414] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10414) [ 284.985468][T10414] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 284.994777][T10414] BTRFS info (device loop0): force clearing of disk cache [ 285.001877][T10414] BTRFS info (device loop0): setting nodatasum [ 285.008149][T10414] BTRFS info (device loop0): allowing degraded mounts [ 285.014959][T10414] BTRFS info (device loop0): enabling disk space caching [ 285.021984][T10414] BTRFS info (device loop0): disk space caching is enabled [ 285.041806][T10414] BTRFS info (device loop0): enabling ssd optimizations [ 285.048836][T10414] BTRFS info (device loop0): auto enabling async discard [ 285.056706][T10414] BTRFS info (device loop0): rebuilding free space tree [ 285.067609][T10414] BTRFS info (device loop0): disabling free space tree [ 285.074808][T10414] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 285.084501][T10414] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10414] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10414] chdir("./file0") = 0 [pid 10414] ioctl(4, LOOP_CLR_FD) = 0 [pid 10414] close(4) = 0 [pid 10414] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10413] <... futex resumed>) = 0 [pid 10413] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10413] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10414] open("./file0", O_RDONLY) = 4 [pid 10414] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10413] <... futex resumed>) = 0 [pid 10413] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10413] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10414] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10414] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10414] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10413] <... futex resumed>) = 0 [ 285.097462][T10414] BTRFS info (device loop0): checking UUID tree [pid 10413] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10413] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10414] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10413] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10413] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10413] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10432]}, 88) = 10432 [pid 10413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10413] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10413] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10432 attached [pid 10432] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10432] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10432] open(".", O_RDONLY) = 5 [pid 10432] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10413] <... futex resumed>) = 0 [pid 10432] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10413] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10413] <... futex resumed>) = 0 [pid 10432] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 285.172343][T10414] BTRFS info (device loop0): balance: start -d -m [ 285.183520][T10414] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 285.208534][T10414] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10413] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10432] <... ioctl resumed>) = 0 [pid 10432] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10413] <... futex resumed>) = 0 [pid 10432] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10414] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10414] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10414] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10413] exit_group(0 [pid 10432] <... futex resumed>) = ? [pid 10414] <... futex resumed>) = ? [pid 10413] <... exit_group resumed>) = ? [pid 10432] +++ exited with 0 +++ [pid 10414] +++ exited with 0 +++ [pid 10413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10413, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 285.272006][T10414] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 285.293366][T10414] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 285.310679][T10414] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./267/binderfs") = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10433 attached , child_tidptr=0x5555570ad690) = 10433 [pid 10433] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10433] chdir("./268") = 0 [pid 10433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10433] setpgid(0, 0) = 0 [pid 10433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10433] write(3, "1000", 4) = 4 [pid 10433] close(3) = 0 [pid 10433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10433] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10433] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10433] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10434 attached => {parent_tid=[10434]}, 88) = 10434 [pid 10434] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10433] rt_sigprocmask(SIG_SETMASK, [], [pid 10434] set_robust_list(0x7f0bd5e299a0, 24 [pid 10433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10434] <... set_robust_list resumed>) = 0 [pid 10434] rt_sigprocmask(SIG_SETMASK, [], [pid 10433] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10433] <... futex resumed>) = 0 [pid 10434] memfd_create("syzkaller", 0 [pid 10433] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10434] <... memfd_create resumed>) = 3 [pid 10434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10434] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10434] close(3) = 0 [pid 10434] mkdir("./file0", 0777) = 0 [ 285.841872][T10434] loop0: detected capacity change from 0 to 32768 [ 285.871965][T10434] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10434) [ 285.886863][T10434] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 285.896134][T10434] BTRFS info (device loop0): force clearing of disk cache [ 285.903492][T10434] BTRFS info (device loop0): setting nodatasum [ 285.909672][T10434] BTRFS info (device loop0): allowing degraded mounts [ 285.916697][T10434] BTRFS info (device loop0): enabling disk space caching [ 285.923747][T10434] BTRFS info (device loop0): disk space caching is enabled [ 285.943762][T10434] BTRFS info (device loop0): enabling ssd optimizations [ 285.950782][T10434] BTRFS info (device loop0): auto enabling async discard [ 285.958904][T10434] BTRFS info (device loop0): rebuilding free space tree [ 285.969595][T10434] BTRFS info (device loop0): disabling free space tree [ 285.976851][T10434] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 10434] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10434] chdir("./file0") = 0 [pid 10434] ioctl(4, LOOP_CLR_FD) = 0 [pid 10434] close(4) = 0 [ 285.986569][T10434] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 285.999177][T10434] BTRFS info (device loop0): checking UUID tree [pid 10434] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10433] <... futex resumed>) = 0 [pid 10433] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10433] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10434] open("./file0", O_RDONLY) = 4 [pid 10434] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10433] <... futex resumed>) = 0 [pid 10434] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10433] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10433] <... futex resumed>) = 0 [pid 10433] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10434] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10434] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10433] <... futex resumed>) = 0 [pid 10433] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10433] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10434] <... futex resumed>) = 1 [pid 10434] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10433] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10433] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10433] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10452]}, 88) = 10452 [pid 10433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10433] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10433] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10452 attached [pid 10452] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10452] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10452] open(".", O_RDONLY) = 5 [pid 10452] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10433] <... futex resumed>) = 0 [pid 10452] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10433] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10452] <... futex resumed>) = 0 [pid 10433] <... futex resumed>) = 1 [pid 10452] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 286.077906][T10434] BTRFS info (device loop0): balance: start -d -m [ 286.086701][T10434] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 286.110742][T10434] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10433] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10452] <... ioctl resumed>) = 0 [pid 10452] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10433] <... futex resumed>) = 0 [pid 10452] <... futex resumed>) = 1 [pid 10452] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10434] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10434] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10434] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10433] exit_group(0 [pid 10452] <... futex resumed>) = ? [pid 10434] <... futex resumed>) = ? [pid 10433] <... exit_group resumed>) = ? [pid 10452] +++ exited with 0 +++ [pid 10434] +++ exited with 0 +++ [pid 10433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10433, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 286.178738][T10434] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 286.200805][T10434] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 286.218426][T10434] BTRFS info (device loop0): balance: ended with status: 0 umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./268/binderfs") = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10453 attached [pid 10453] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10453] chdir("./269") = 0 [pid 10453] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10453 [pid 10453] <... prctl resumed>) = 0 [pid 10453] setpgid(0, 0) = 0 [pid 10453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10453] write(3, "1000", 4) = 4 [pid 10453] close(3) = 0 [pid 10453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10453] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10453] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10453] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10454 attached => {parent_tid=[10454]}, 88) = 10454 [pid 10454] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10454] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10454] rt_sigprocmask(SIG_SETMASK, [], [pid 10453] rt_sigprocmask(SIG_SETMASK, [], [pid 10454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10454] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10453] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10453] <... futex resumed>) = 0 [pid 10453] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10454] memfd_create("syzkaller", 0) = 3 [pid 10454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10454] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10454] close(3) = 0 [pid 10454] mkdir("./file0", 0777) = 0 [ 286.684037][T10454] loop0: detected capacity change from 0 to 32768 [ 286.699001][T10454] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10454) [ 286.715202][T10454] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 286.724499][T10454] BTRFS info (device loop0): force clearing of disk cache [ 286.731742][T10454] BTRFS info (device loop0): setting nodatasum [ 286.738685][T10454] BTRFS info (device loop0): allowing degraded mounts [ 286.745496][T10454] BTRFS info (device loop0): enabling disk space caching [ 286.752508][T10454] BTRFS info (device loop0): disk space caching is enabled [ 286.771129][T10454] BTRFS info (device loop0): enabling ssd optimizations [pid 10454] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10454] chdir("./file0") = 0 [pid 10454] ioctl(4, LOOP_CLR_FD) = 0 [pid 10454] close(4) = 0 [pid 10454] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10453] <... futex resumed>) = 0 [pid 10454] open("./file0", O_RDONLY [pid 10453] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10454] <... open resumed>) = 4 [pid 10453] <... futex resumed>) = 0 [pid 10453] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10454] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10454] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10453] <... futex resumed>) = 0 [pid 10453] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10453] <... futex resumed>) = 0 [pid 10454] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10453] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10454] <... ioctl resumed>) = 0 [pid 10454] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 286.778246][T10454] BTRFS info (device loop0): auto enabling async discard [ 286.786128][T10454] BTRFS info (device loop0): rebuilding free space tree [ 286.797564][T10454] BTRFS info (device loop0): disabling free space tree [ 286.804533][T10454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 286.814204][T10454] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 286.826754][T10454] BTRFS info (device loop0): checking UUID tree [pid 10453] <... futex resumed>) = 0 [pid 10454] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10453] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10453] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10454] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10453] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10453] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10453] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10472 attached [pid 10472] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10472] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10453] <... clone3 resumed> => {parent_tid=[10472]}, 88) = 10472 [pid 10472] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10453] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10472] <... futex resumed>) = 0 [pid 10453] <... futex resumed>) = 1 [pid 10472] open(".", O_RDONLY [pid 10453] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10472] <... open resumed>) = 5 [pid 10472] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10453] <... futex resumed>) = 0 [pid 10472] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10453] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10453] <... futex resumed>) = 0 [pid 10472] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 286.878786][T10454] BTRFS info (device loop0): balance: start -d -m [ 286.888194][T10454] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 286.911035][T10454] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10453] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10472] <... ioctl resumed>) = 0 [pid 10472] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10453] <... futex resumed>) = 0 [pid 10472] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10454] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10454] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10454] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10453] exit_group(0 [pid 10472] <... futex resumed>) = ? [pid 10454] <... futex resumed>) = ? [pid 10453] <... exit_group resumed>) = ? [pid 10472] +++ exited with 0 +++ [pid 10454] +++ exited with 0 +++ [pid 10453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10453, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 286.992277][T10454] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 287.012510][T10454] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 287.030207][T10454] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./269/binderfs") = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10473 attached , child_tidptr=0x5555570ad690) = 10473 [pid 10473] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10473] chdir("./270") = 0 [pid 10473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10473] setpgid(0, 0) = 0 [pid 10473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10473] write(3, "1000", 4) = 4 [pid 10473] close(3) = 0 [pid 10473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10473] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10473] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10473] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10473] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10474 attached [pid 10474] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10473] <... clone3 resumed> => {parent_tid=[10474]}, 88) = 10474 [pid 10474] set_robust_list(0x7f0bd5e299a0, 24 [pid 10473] rt_sigprocmask(SIG_SETMASK, [], [pid 10474] <... set_robust_list resumed>) = 0 [pid 10473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10474] rt_sigprocmask(SIG_SETMASK, [], [pid 10473] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10473] <... futex resumed>) = 0 [pid 10474] memfd_create("syzkaller", 0 [pid 10473] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10474] <... memfd_create resumed>) = 3 [pid 10474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10474] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10474] close(3) = 0 [pid 10474] mkdir("./file0", 0777) = 0 [ 287.575941][T10474] loop0: detected capacity change from 0 to 32768 [ 287.602173][T10474] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10474) [pid 10474] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10474] chdir("./file0") = 0 [pid 10474] ioctl(4, LOOP_CLR_FD) = 0 [pid 10474] close(4) = 0 [ 287.617273][T10474] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 287.626604][T10474] BTRFS info (device loop0): force clearing of disk cache [ 287.633729][T10474] BTRFS info (device loop0): setting nodatasum [ 287.639942][T10474] BTRFS info (device loop0): allowing degraded mounts [ 287.646812][T10474] BTRFS info (device loop0): enabling disk space caching [pid 10474] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10474] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10473] <... futex resumed>) = 0 [pid 10474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10473] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10474] open("./file0", O_RDONLY [pid 10473] <... futex resumed>) = 0 [pid 10474] <... open resumed>) = 4 [pid 10473] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10474] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10473] <... futex resumed>) = 0 [pid 10474] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10473] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10474] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10473] <... futex resumed>) = 0 [pid 10474] <... ioctl resumed>) = 0 [pid 10473] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10474] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10473] <... futex resumed>) = 0 [pid 10473] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10474] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10473] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10473] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10473] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10492]}, 88) = 10492 [pid 10473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10473] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 10492 attached [pid 10473] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10492] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10492] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10492] open(".", O_RDONLY) = 5 [pid 10492] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10473] <... futex resumed>) = 0 [pid 10492] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10473] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10473] <... futex resumed>) = 0 [pid 10492] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10473] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10492] <... ioctl resumed>) = 0 [pid 10492] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10473] <... futex resumed>) = 0 [pid 10492] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10474] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10474] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10474] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10473] exit_group(0 [pid 10492] <... futex resumed>) = ? [pid 10474] <... futex resumed>) = ? [pid 10473] <... exit_group resumed>) = ? [pid 10492] +++ exited with 0 +++ [pid 10474] +++ exited with 0 +++ [pid 10473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10473, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./270/binderfs") = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10493 attached [pid 10493] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10493] chdir("./271") = 0 [pid 10493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10493 [pid 10493] setpgid(0, 0) = 0 [pid 10493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10493] write(3, "1000", 4) = 4 [pid 10493] close(3) = 0 [pid 10493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10493] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10493] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10493] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10494 attached [pid 10494] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10493] <... clone3 resumed> => {parent_tid=[10494]}, 88) = 10494 [pid 10494] set_robust_list(0x7f0bd5e299a0, 24 [pid 10493] rt_sigprocmask(SIG_SETMASK, [], [pid 10494] <... set_robust_list resumed>) = 0 [pid 10493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10494] rt_sigprocmask(SIG_SETMASK, [], [pid 10493] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10493] <... futex resumed>) = 0 [pid 10494] memfd_create("syzkaller", 0 [pid 10493] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10494] <... memfd_create resumed>) = 3 [pid 10494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10494] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10494] close(3) = 0 [pid 10494] mkdir("./file0", 0777) = 0 [ 288.406172][T10494] loop0: detected capacity change from 0 to 32768 [ 288.421127][T10494] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10494) [ 288.437329][T10494] _btrfs_printk: 14 callbacks suppressed [ 288.437344][T10494] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 288.452335][T10494] BTRFS info (device loop0): force clearing of disk cache [ 288.459536][T10494] BTRFS info (device loop0): setting nodatasum [ 288.465807][T10494] BTRFS info (device loop0): allowing degraded mounts [ 288.472598][T10494] BTRFS info (device loop0): enabling disk space caching [ 288.479748][T10494] BTRFS info (device loop0): disk space caching is enabled [ 288.497736][T10494] BTRFS info (device loop0): enabling ssd optimizations [ 288.504966][T10494] BTRFS info (device loop0): auto enabling async discard [ 288.512897][T10494] BTRFS info (device loop0): rebuilding free space tree [ 288.525538][T10494] BTRFS info (device loop0): disabling free space tree [ 288.532451][T10494] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 288.542176][T10494] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10494] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10494] chdir("./file0") = 0 [pid 10494] ioctl(4, LOOP_CLR_FD) = 0 [pid 10494] close(4) = 0 [ 288.554900][T10494] BTRFS info (device loop0): checking UUID tree [pid 10494] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10494] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10493] <... futex resumed>) = 0 [pid 10493] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10494] <... futex resumed>) = 0 [pid 10493] <... futex resumed>) = 1 [pid 10494] open("./file0", O_RDONLY [pid 10493] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10494] <... open resumed>) = 4 [pid 10494] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10493] <... futex resumed>) = 0 [pid 10494] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10493] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10494] <... ioctl resumed>) = 0 [pid 10493] <... futex resumed>) = 0 [pid 10494] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10493] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10494] <... futex resumed>) = 0 [pid 10493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10494] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10493] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10493] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10493] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 10493] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 10493] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10493] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10512 attached => {parent_tid=[10512]}, 88) = 10512 [pid 10512] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10493] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10493] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10512] <... rseq resumed>) = 0 [pid 10512] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10512] open(".", O_RDONLY) = 5 [pid 10512] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10493] <... futex resumed>) = 0 [pid 10512] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10493] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10493] <... futex resumed>) = 0 [pid 10512] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 288.639070][T10494] BTRFS info (device loop0): balance: start -d -m [ 288.647885][T10494] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 288.676532][T10494] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10493] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10512] <... ioctl resumed>) = 0 [pid 10512] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10493] <... futex resumed>) = 0 [pid 10512] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10494] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10494] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10493] exit_group(0 [pid 10494] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10493] <... exit_group resumed>) = ? [pid 10512] <... futex resumed>) = ? [pid 10494] <... futex resumed>) = ? [pid 10512] +++ exited with 0 +++ [pid 10494] +++ exited with 0 +++ [pid 10493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10493, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./271/binderfs") = 0 [ 288.736008][T10494] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 288.758953][T10494] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 288.776197][T10494] BTRFS info (device loop0): balance: ended with status: 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10513 attached , child_tidptr=0x5555570ad690) = 10513 [pid 10513] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10513] chdir("./272") = 0 [pid 10513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10513] setpgid(0, 0) = 0 [pid 10513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10513] write(3, "1000", 4) = 4 [pid 10513] close(3) = 0 [pid 10513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10513] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10513] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10513] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10514 attached [pid 10514] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10513] <... clone3 resumed> => {parent_tid=[10514]}, 88) = 10514 [pid 10514] <... rseq resumed>) = 0 [pid 10514] set_robust_list(0x7f0bd5e299a0, 24 [pid 10513] rt_sigprocmask(SIG_SETMASK, [], [pid 10514] <... set_robust_list resumed>) = 0 [pid 10513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10514] rt_sigprocmask(SIG_SETMASK, [], [pid 10513] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10513] <... futex resumed>) = 0 [pid 10514] memfd_create("syzkaller", 0 [pid 10513] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10514] <... memfd_create resumed>) = 3 [pid 10514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10514] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10514] close(3) = 0 [pid 10514] mkdir("./file0", 0777) = 0 [ 289.297883][T10514] loop0: detected capacity change from 0 to 32768 [ 289.315567][T10514] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10514) [ 289.331221][T10514] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 289.340546][T10514] BTRFS info (device loop0): force clearing of disk cache [ 289.347797][T10514] BTRFS info (device loop0): setting nodatasum [ 289.354046][T10514] BTRFS info (device loop0): allowing degraded mounts [ 289.360803][T10514] BTRFS info (device loop0): enabling disk space caching [ 289.367905][T10514] BTRFS info (device loop0): disk space caching is enabled [ 289.387700][T10514] BTRFS info (device loop0): enabling ssd optimizations [ 289.394736][T10514] BTRFS info (device loop0): auto enabling async discard [ 289.403130][T10514] BTRFS info (device loop0): rebuilding free space tree [ 289.413927][T10514] BTRFS info (device loop0): disabling free space tree [ 289.421011][T10514] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 289.430935][T10514] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10514] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10514] chdir("./file0") = 0 [pid 10514] ioctl(4, LOOP_CLR_FD) = 0 [pid 10514] close(4) = 0 [pid 10514] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10513] <... futex resumed>) = 0 [pid 10514] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10513] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10513] <... futex resumed>) = 0 [pid 10514] open("./file0", O_RDONLY [pid 10513] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10514] <... open resumed>) = 4 [ 289.443367][T10514] BTRFS info (device loop0): checking UUID tree [pid 10514] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10513] <... futex resumed>) = 0 [pid 10513] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10514] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10513] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10514] <... ioctl resumed>) = 0 [pid 10514] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10514] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10513] <... futex resumed>) = 0 [pid 10513] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10514] <... futex resumed>) = 0 [pid 10513] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10514] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10513] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10513] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10513] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10532 attached => {parent_tid=[10532]}, 88) = 10532 [pid 10532] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10513] rt_sigprocmask(SIG_SETMASK, [], [pid 10532] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10532] rt_sigprocmask(SIG_SETMASK, [], [pid 10513] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10532] open(".", O_RDONLY [pid 10513] <... futex resumed>) = 0 [pid 10532] <... open resumed>) = 5 [pid 10513] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10532] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10513] <... futex resumed>) = 0 [ 289.519220][T10514] BTRFS info (device loop0): balance: start -d -m [ 289.528781][T10514] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 289.551953][T10514] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10532] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10513] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10532] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10513] <... futex resumed>) = 0 [pid 10513] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10532] <... ioctl resumed>) = 0 [pid 10532] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10513] <... futex resumed>) = 0 [ 289.597699][T10514] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 289.632070][T10514] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10532] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10514] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10514] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10513] exit_group(0 [pid 10532] <... futex resumed>) = ? [pid 10514] <... futex resumed>) = ? [pid 10513] <... exit_group resumed>) = ? [pid 10532] +++ exited with 0 +++ [pid 10514] +++ exited with 0 +++ [pid 10513] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10513, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./272/binderfs") = 0 [ 289.649370][T10514] BTRFS info (device loop0): balance: ended with status: 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10533 attached , child_tidptr=0x5555570ad690) = 10533 [pid 10533] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10533] chdir("./273") = 0 [pid 10533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10533] setpgid(0, 0) = 0 [pid 10533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10533] write(3, "1000", 4) = 4 [pid 10533] close(3) = 0 [pid 10533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10533] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10533] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10533] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10533] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10534 attached => {parent_tid=[10534]}, 88) = 10534 [pid 10534] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10533] rt_sigprocmask(SIG_SETMASK, [], [pid 10534] set_robust_list(0x7f0bd5e299a0, 24 [pid 10533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10534] <... set_robust_list resumed>) = 0 [pid 10533] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10534] rt_sigprocmask(SIG_SETMASK, [], [pid 10533] <... futex resumed>) = 0 [pid 10534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10533] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10534] memfd_create("syzkaller", 0) = 3 [pid 10534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10534] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10534] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10534] close(3) = 0 [pid 10534] mkdir("./file0", 0777) = 0 [ 290.118713][T10534] loop0: detected capacity change from 0 to 32768 [ 290.128384][T10534] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10534) [ 290.144171][T10534] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 290.153430][T10534] BTRFS info (device loop0): force clearing of disk cache [ 290.160618][T10534] BTRFS info (device loop0): setting nodatasum [ 290.166823][T10534] BTRFS info (device loop0): allowing degraded mounts [ 290.173579][T10534] BTRFS info (device loop0): enabling disk space caching [ 290.180661][T10534] BTRFS info (device loop0): disk space caching is enabled [ 290.199987][T10534] BTRFS info (device loop0): enabling ssd optimizations [ 290.207016][T10534] BTRFS info (device loop0): auto enabling async discard [pid 10534] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10534] chdir("./file0") = 0 [pid 10534] ioctl(4, LOOP_CLR_FD) = 0 [ 290.215059][T10534] BTRFS info (device loop0): rebuilding free space tree [ 290.225806][T10534] BTRFS info (device loop0): disabling free space tree [ 290.232696][T10534] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 290.242425][T10534] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 290.255297][T10534] BTRFS info (device loop0): checking UUID tree [pid 10534] close(4) = 0 [pid 10534] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10533] <... futex resumed>) = 0 [pid 10534] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10533] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10534] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10533] <... futex resumed>) = 0 [pid 10534] open("./file0", O_RDONLY [pid 10533] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10534] <... open resumed>) = 4 [pid 10534] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10533] <... futex resumed>) = 0 [pid 10534] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10533] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10534] <... ioctl resumed>) = 0 [pid 10533] <... futex resumed>) = 0 [pid 10533] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10534] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10533] <... futex resumed>) = 0 [pid 10534] <... futex resumed>) = 1 [pid 10533] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10534] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10533] <... futex resumed>) = 0 [pid 10533] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 290.326755][T10534] BTRFS info (device loop0): balance: start -d -m [ 290.334222][T10534] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 290.350001][T10534] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10533] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10533] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10551 attached [pid 10551] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10533] <... clone3 resumed> => {parent_tid=[10551]}, 88) = 10551 [pid 10551] <... rseq resumed>) = 0 [pid 10533] rt_sigprocmask(SIG_SETMASK, [], [pid 10551] set_robust_list(0x7f0bd5e089a0, 24 [pid 10533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10551] <... set_robust_list resumed>) = 0 [pid 10533] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10551] rt_sigprocmask(SIG_SETMASK, [], [pid 10534] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10533] <... futex resumed>) = 0 [pid 10533] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10534] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10551] open(".", O_RDONLY [pid 10534] <... futex resumed>) = 0 [pid 10534] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10551] <... open resumed>) = 5 [pid 10551] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10533] <... futex resumed>) = 0 [pid 10533] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10534] <... futex resumed>) = 0 [pid 10533] <... futex resumed>) = 1 [pid 10551] <... futex resumed>) = 1 [pid 10533] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10551] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 290.376192][T10534] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 290.397186][T10534] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 290.415984][T10534] BTRFS info (device loop0): balance: ended with status: 0 [pid 10534] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 10534] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10533] <... futex resumed>) = 0 [pid 10533] exit_group(0 [pid 10551] <... futex resumed>) = ? [pid 10533] <... exit_group resumed>) = ? [pid 10534] <... futex resumed>) = ? [pid 10534] +++ exited with 0 +++ [pid 10551] +++ exited with 0 +++ [pid 10533] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10533, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./273/binderfs") = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10552 attached , child_tidptr=0x5555570ad690) = 10552 [pid 10552] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10552] chdir("./274") = 0 [pid 10552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10552] setpgid(0, 0) = 0 [pid 10552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10552] write(3, "1000", 4) = 4 [pid 10552] close(3) = 0 [pid 10552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10552] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10552] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10552] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10553 attached [pid 10553] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10553] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10552] <... clone3 resumed> => {parent_tid=[10553]}, 88) = 10553 [pid 10553] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10552] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10553] <... futex resumed>) = 0 [pid 10552] <... futex resumed>) = 1 [pid 10553] memfd_create("syzkaller", 0 [pid 10552] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10553] <... memfd_create resumed>) = 3 [pid 10553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10553] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10553] close(3) = 0 [pid 10553] mkdir("./file0", 0777) = 0 [ 290.938001][T10553] loop0: detected capacity change from 0 to 32768 [ 290.947620][T10553] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10553) [ 290.964040][T10553] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 290.973307][T10553] BTRFS info (device loop0): force clearing of disk cache [ 290.980805][T10553] BTRFS info (device loop0): setting nodatasum [ 290.987249][T10553] BTRFS info (device loop0): allowing degraded mounts [ 290.994152][T10553] BTRFS info (device loop0): enabling disk space caching [ 291.001320][T10553] BTRFS info (device loop0): disk space caching is enabled [ 291.021041][T10553] BTRFS info (device loop0): enabling ssd optimizations [ 291.028088][T10553] BTRFS info (device loop0): auto enabling async discard [pid 10553] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10553] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10553] chdir("./file0") = 0 [pid 10553] ioctl(4, LOOP_CLR_FD) = 0 [pid 10553] close(4) = 0 [pid 10553] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10552] <... futex resumed>) = 0 [pid 10552] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10552] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10553] open("./file0", O_RDONLY) = 4 [ 291.036030][T10553] BTRFS info (device loop0): rebuilding free space tree [ 291.047089][T10553] BTRFS info (device loop0): disabling free space tree [ 291.054051][T10553] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 291.064002][T10553] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 291.077604][T10553] BTRFS info (device loop0): checking UUID tree [pid 10553] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10552] <... futex resumed>) = 0 [pid 10552] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10552] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10553] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10553] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10552] <... futex resumed>) = 0 [pid 10552] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10552] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10553] <... futex resumed>) = 1 [pid 10553] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10552] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10552] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 10552] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 10552] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10552] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10571 attached => {parent_tid=[10571]}, 88) = 10571 [pid 10552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10552] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10552] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10571] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10571] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10571] open(".", O_RDONLY) = 5 [pid 10571] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10552] <... futex resumed>) = 0 [pid 10552] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10552] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10571] <... futex resumed>) = 1 [ 291.150039][T10553] BTRFS info (device loop0): balance: start -d -m [ 291.158440][T10553] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 291.183308][T10553] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10571] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 10571] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10552] <... futex resumed>) = 0 [pid 10571] <... futex resumed>) = 1 [pid 10571] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10553] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10553] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10553] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10552] exit_group(0 [pid 10571] <... futex resumed>) = ? [pid 10553] <... futex resumed>) = ? [pid 10552] <... exit_group resumed>) = ? [pid 10571] +++ exited with 0 +++ [pid 10553] +++ exited with 0 +++ [pid 10552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10552, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 291.242135][T10553] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 291.262649][T10553] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 291.280051][T10553] BTRFS info (device loop0): balance: ended with status: 0 umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./274/binderfs") = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10572 attached , child_tidptr=0x5555570ad690) = 10572 [pid 10572] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10572] chdir("./275") = 0 [pid 10572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10572] setpgid(0, 0) = 0 [pid 10572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10572] write(3, "1000", 4) = 4 [pid 10572] close(3) = 0 [pid 10572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10572] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10572] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10572] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10572] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10573 attached [pid 10573] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10572] <... clone3 resumed> => {parent_tid=[10573]}, 88) = 10573 [pid 10573] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10572] rt_sigprocmask(SIG_SETMASK, [], [pid 10573] rt_sigprocmask(SIG_SETMASK, [], [pid 10572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10572] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10573] memfd_create("syzkaller", 0 [pid 10572] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10573] <... memfd_create resumed>) = 3 [pid 10573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10573] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10573] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10573] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10573] close(3) = 0 [pid 10573] mkdir("./file0", 0777) = 0 [ 291.779748][T10573] loop0: detected capacity change from 0 to 32768 [ 291.803091][T10573] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10573) [ 291.818132][T10573] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 291.827463][T10573] BTRFS info (device loop0): force clearing of disk cache [ 291.834668][T10573] BTRFS info (device loop0): setting nodatasum [ 291.840840][T10573] BTRFS info (device loop0): allowing degraded mounts [ 291.847655][T10573] BTRFS info (device loop0): enabling disk space caching [ 291.854734][T10573] BTRFS info (device loop0): disk space caching is enabled [ 291.873422][T10573] BTRFS info (device loop0): enabling ssd optimizations [ 291.880565][T10573] BTRFS info (device loop0): auto enabling async discard [ 291.888838][T10573] BTRFS info (device loop0): rebuilding free space tree [ 291.899906][T10573] BTRFS info (device loop0): disabling free space tree [ 291.906886][T10573] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 291.916622][T10573] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10573] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10573] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10573] chdir("./file0") = 0 [pid 10573] ioctl(4, LOOP_CLR_FD) = 0 [pid 10573] close(4) = 0 [pid 10573] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10573] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10572] <... futex resumed>) = 0 [pid 10572] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10573] <... futex resumed>) = 0 [pid 10572] <... futex resumed>) = 1 [pid 10573] open("./file0", O_RDONLY [pid 10572] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10573] <... open resumed>) = 4 [ 291.929571][T10573] BTRFS info (device loop0): checking UUID tree [pid 10573] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10572] <... futex resumed>) = 0 [pid 10573] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10572] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10573] <... ioctl resumed>) = 0 [pid 10572] <... futex resumed>) = 0 [pid 10573] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10572] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 10573] <... futex resumed>) = 0 [pid 10572] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10573] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10572] <... futex resumed>) = 0 [pid 10572] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10572] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10572] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10591 attached => {parent_tid=[10591]}, 88) = 10591 [pid 10572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10572] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10572] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10591] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10591] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10591] open(".", O_RDONLY) = 5 [pid 10591] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10572] <... futex resumed>) = 0 [pid 10591] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10572] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10591] <... futex resumed>) = 0 [pid 10572] <... futex resumed>) = 1 [pid 10591] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 291.989202][T10573] BTRFS info (device loop0): balance: start -d -m [ 291.999895][T10573] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 292.024301][T10573] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10572] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10591] <... ioctl resumed>) = 0 [pid 10591] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10591] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10572] <... futex resumed>) = 0 [pid 10573] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10573] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10573] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10572] exit_group(0 [pid 10591] <... futex resumed>) = ? [pid 10573] <... futex resumed>) = ? [pid 10572] <... exit_group resumed>) = ? [pid 10573] +++ exited with 0 +++ [pid 10591] +++ exited with 0 +++ [pid 10572] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10572, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 292.093081][T10573] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 292.113428][T10573] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 292.130970][T10573] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./275/binderfs") = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10592 attached [pid 10592] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10592] chdir("./276") = 0 [pid 10592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10592 [pid 10592] setpgid(0, 0) = 0 [pid 10592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10592] write(3, "1000", 4) = 4 [pid 10592] close(3) = 0 [pid 10592] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10592] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10592] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10592] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10592] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10592] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10592] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10593 attached [pid 10593] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10592] <... clone3 resumed> => {parent_tid=[10593]}, 88) = 10593 [pid 10593] <... rseq resumed>) = 0 [pid 10592] rt_sigprocmask(SIG_SETMASK, [], [pid 10593] set_robust_list(0x7f0bd5e299a0, 24 [pid 10592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10593] <... set_robust_list resumed>) = 0 [pid 10592] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10593] rt_sigprocmask(SIG_SETMASK, [], [pid 10592] <... futex resumed>) = 0 [pid 10593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10592] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10593] memfd_create("syzkaller", 0) = 3 [pid 10593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10593] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10593] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10593] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10593] close(3) = 0 [pid 10593] mkdir("./file0", 0777) = 0 [ 292.640006][T10593] loop0: detected capacity change from 0 to 32768 [ 292.649482][T10593] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10593) [ 292.664385][T10593] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 292.673659][T10593] BTRFS info (device loop0): force clearing of disk cache [ 292.681115][T10593] BTRFS info (device loop0): setting nodatasum [pid 10593] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10593] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10593] chdir("./file0") = 0 [pid 10593] ioctl(4, LOOP_CLR_FD) = 0 [pid 10593] close(4) = 0 [pid 10593] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10592] <... futex resumed>) = 0 [pid 10592] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10593] <... futex resumed>) = 1 [pid 10592] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 292.687375][T10593] BTRFS info (device loop0): allowing degraded mounts [ 292.694196][T10593] BTRFS info (device loop0): enabling disk space caching [pid 10593] open("./file0", O_RDONLY) = 4 [pid 10593] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10592] <... futex resumed>) = 0 [pid 10592] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10592] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10593] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10593] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10592] <... futex resumed>) = 0 [pid 10593] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10592] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10592] <... futex resumed>) = 0 [pid 10593] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10592] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10592] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10592] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10592] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10592] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10611]}, 88) = 10611 [pid 10592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10592] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10592] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10611 attached [pid 10611] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10611] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10611] open(".", O_RDONLY) = 5 [pid 10611] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10611] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10592] <... futex resumed>) = 0 [pid 10592] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10611] <... futex resumed>) = 0 [pid 10592] <... futex resumed>) = 1 [pid 10611] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10592] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10611] <... ioctl resumed>) = 0 [pid 10593] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10611] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10593] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10611] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10593] <... futex resumed>) = 0 [pid 10592] <... futex resumed>) = 0 [pid 10593] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10592] exit_group(0 [pid 10593] <... futex resumed>) = ? [pid 10611] <... futex resumed>) = ? [pid 10592] <... exit_group resumed>) = ? [pid 10593] +++ exited with 0 +++ [pid 10611] +++ exited with 0 +++ [pid 10592] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10592, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./276/binderfs") = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10612 attached , child_tidptr=0x5555570ad690) = 10612 [pid 10612] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10612] chdir("./277") = 0 [pid 10612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10612] setpgid(0, 0) = 0 [pid 10612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10612] write(3, "1000", 4) = 4 [pid 10612] close(3) = 0 [pid 10612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10612] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10612] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10612] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10613 attached [pid 10613] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10612] <... clone3 resumed> => {parent_tid=[10613]}, 88) = 10613 [pid 10613] <... rseq resumed>) = 0 [pid 10612] rt_sigprocmask(SIG_SETMASK, [], [pid 10613] set_robust_list(0x7f0bd5e299a0, 24 [pid 10612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10613] <... set_robust_list resumed>) = 0 [pid 10612] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10612] <... futex resumed>) = 0 [pid 10613] memfd_create("syzkaller", 0 [pid 10612] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10613] <... memfd_create resumed>) = 3 [pid 10613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10613] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10613] close(3) = 0 [pid 10613] mkdir("./file0", 0777) = 0 [pid 10613] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 293.391008][T10613] loop0: detected capacity change from 0 to 32768 [ 293.400831][T10613] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10613) [pid 10613] chdir("./file0") = 0 [pid 10613] ioctl(4, LOOP_CLR_FD) = 0 [pid 10613] close(4) = 0 [pid 10613] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10612] <... futex resumed>) = 0 [pid 10613] open("./file0", O_RDONLY [pid 10612] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10613] <... open resumed>) = 4 [pid 10613] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10612] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10613] <... futex resumed>) = 0 [pid 10612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10613] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10612] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10612] <... futex resumed>) = 0 [pid 10613] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10612] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10613] <... ioctl resumed>) = 0 [pid 10613] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10612] <... futex resumed>) = 0 [pid 10613] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10612] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10612] <... futex resumed>) = 0 [pid 10613] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10612] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10612] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10612] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10631 attached => {parent_tid=[10631]}, 88) = 10631 [ 293.490634][T10613] _btrfs_printk: 27 callbacks suppressed [ 293.490648][T10613] BTRFS info (device loop0): balance: start -d -m [ 293.505882][T10613] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 293.528941][T10613] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10631] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10612] rt_sigprocmask(SIG_SETMASK, [], [pid 10631] <... rseq resumed>) = 0 [pid 10631] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10631] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10612] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10631] <... futex resumed>) = 0 [pid 10612] <... futex resumed>) = 1 [pid 10631] open(".", O_RDONLY [pid 10612] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10631] <... open resumed>) = 5 [pid 10631] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10612] <... futex resumed>) = 0 [pid 10631] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10612] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10612] <... futex resumed>) = 0 [pid 10631] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10612] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10631] <... ioctl resumed>) = 0 [ 293.570693][T10613] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 10631] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10612] <... futex resumed>) = 0 [pid 10631] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10613] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10613] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10613] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10612] exit_group(0 [pid 10631] <... futex resumed>) = ? [pid 10631] +++ exited with 0 +++ [pid 10613] <... futex resumed>) = ? [pid 10612] <... exit_group resumed>) = ? [pid 10613] +++ exited with 0 +++ [pid 10612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10612, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./277/binderfs") = 0 [ 293.622613][T10613] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 293.647532][T10613] BTRFS info (device loop0): balance: ended with status: 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10632 attached , child_tidptr=0x5555570ad690) = 10632 [pid 10632] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10632] chdir("./278") = 0 [pid 10632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10632] setpgid(0, 0) = 0 [pid 10632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10632] write(3, "1000", 4) = 4 [pid 10632] close(3) = 0 [pid 10632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10632] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10632] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10632] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10633 attached => {parent_tid=[10633]}, 88) = 10633 [pid 10633] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10632] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10633] <... rseq resumed>) = 0 [pid 10633] set_robust_list(0x7f0bd5e299a0, 24 [pid 10632] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10633] <... set_robust_list resumed>) = 0 [pid 10633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10633] memfd_create("syzkaller", 0) = 3 [pid 10633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10633] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10633] close(3) = 0 [pid 10633] mkdir("./file0", 0777) = 0 [ 294.065964][T10633] loop0: detected capacity change from 0 to 32768 [ 294.079146][T10633] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10633) [ 294.094689][T10633] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 294.104014][T10633] BTRFS info (device loop0): force clearing of disk cache [ 294.111121][T10633] BTRFS info (device loop0): setting nodatasum [ 294.117335][T10633] BTRFS info (device loop0): allowing degraded mounts [ 294.124159][T10633] BTRFS info (device loop0): enabling disk space caching [ 294.132177][T10633] BTRFS info (device loop0): disk space caching is enabled [ 294.151281][T10633] BTRFS info (device loop0): enabling ssd optimizations [ 294.158656][T10633] BTRFS info (device loop0): auto enabling async discard [pid 10633] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10633] chdir("./file0") = 0 [pid 10633] ioctl(4, LOOP_CLR_FD) = 0 [pid 10633] close(4) = 0 [ 294.166839][T10633] BTRFS info (device loop0): rebuilding free space tree [ 294.177886][T10633] BTRFS info (device loop0): disabling free space tree [ 294.184870][T10633] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 294.194575][T10633] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 294.207195][T10633] BTRFS info (device loop0): checking UUID tree [pid 10633] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10632] <... futex resumed>) = 0 [pid 10633] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10632] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10633] <... futex resumed>) = 0 [pid 10632] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10633] open("./file0", O_RDONLY) = 4 [pid 10633] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10632] <... futex resumed>) = 0 [pid 10633] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10632] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10632] <... futex resumed>) = 0 [pid 10633] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10632] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10633] <... ioctl resumed>) = 0 [pid 10633] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10632] <... futex resumed>) = 0 [pid 10632] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10633] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10632] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10632] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10632] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10651]}, 88) = 10651 [pid 10632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10632] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10632] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10651 attached [pid 10651] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10651] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10651] open(".", O_RDONLY) = 5 [pid 10651] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10632] <... futex resumed>) = 0 [pid 10632] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10651] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10632] <... futex resumed>) = 0 [ 294.299520][T10633] BTRFS info (device loop0): balance: start -d -m [ 294.308091][T10633] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 294.332692][T10633] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10632] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10651] <... ioctl resumed>) = 0 [pid 10651] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10651] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10632] <... futex resumed>) = 0 [pid 10633] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10633] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10633] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10632] exit_group(0 [pid 10651] <... futex resumed>) = ? [pid 10633] <... futex resumed>) = ? [pid 10632] <... exit_group resumed>) = ? [pid 10651] +++ exited with 0 +++ [pid 10633] +++ exited with 0 +++ [pid 10632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10632, si_uid=0, si_status=0, si_utime=0, si_stime=33 /* 0.33 s */} --- umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 294.392657][T10633] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 294.412371][T10633] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 294.431501][T10633] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./278/binderfs") = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10652 attached , child_tidptr=0x5555570ad690) = 10652 [pid 10652] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10652] chdir("./279") = 0 [pid 10652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10652] setpgid(0, 0) = 0 [pid 10652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10652] write(3, "1000", 4) = 4 [pid 10652] close(3) = 0 [pid 10652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10652] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10652] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10652] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10652] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10653 attached [pid 10653] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10652] <... clone3 resumed> => {parent_tid=[10653]}, 88) = 10653 [pid 10653] <... rseq resumed>) = 0 [pid 10653] set_robust_list(0x7f0bd5e299a0, 24 [pid 10652] rt_sigprocmask(SIG_SETMASK, [], [pid 10653] <... set_robust_list resumed>) = 0 [pid 10652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10653] rt_sigprocmask(SIG_SETMASK, [], [pid 10652] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10652] <... futex resumed>) = 0 [pid 10653] memfd_create("syzkaller", 0 [pid 10652] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10653] <... memfd_create resumed>) = 3 [pid 10653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10653] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10653] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10653] close(3) = 0 [pid 10653] mkdir("./file0", 0777) = 0 [ 294.933191][T10653] loop0: detected capacity change from 0 to 32768 [ 294.957979][T10653] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10653) [ 294.974005][T10653] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 294.983310][T10653] BTRFS info (device loop0): force clearing of disk cache [ 294.990487][T10653] BTRFS info (device loop0): setting nodatasum [ 294.996840][T10653] BTRFS info (device loop0): allowing degraded mounts [ 295.003619][T10653] BTRFS info (device loop0): enabling disk space caching [ 295.010700][T10653] BTRFS info (device loop0): disk space caching is enabled [ 295.029675][T10653] BTRFS info (device loop0): enabling ssd optimizations [ 295.036722][T10653] BTRFS info (device loop0): auto enabling async discard [ 295.044739][T10653] BTRFS info (device loop0): rebuilding free space tree [ 295.055679][T10653] BTRFS info (device loop0): disabling free space tree [ 295.062563][T10653] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 295.072502][T10653] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10653] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10653] chdir("./file0") = 0 [pid 10653] ioctl(4, LOOP_CLR_FD) = 0 [pid 10653] close(4) = 0 [pid 10653] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10652] <... futex resumed>) = 0 [pid 10652] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10652] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10653] open("./file0", O_RDONLY) = 4 [pid 10653] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10652] <... futex resumed>) = 0 [pid 10653] <... futex resumed>) = 1 [pid 10652] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10653] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [ 295.085278][T10653] BTRFS info (device loop0): checking UUID tree [pid 10652] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10653] <... ioctl resumed>) = 0 [pid 10653] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10652] <... futex resumed>) = 0 [pid 10652] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10652] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10653] <... futex resumed>) = 1 [pid 10653] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10652] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10652] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10652] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10671 attached => {parent_tid=[10671]}, 88) = 10671 [pid 10652] rt_sigprocmask(SIG_SETMASK, [], [pid 10671] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10671] set_robust_list(0x7f0bd5e089a0, 24) = 0 [ 295.159043][T10653] BTRFS info (device loop0): balance: start -d -m [ 295.166849][T10653] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 295.187969][T10653] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10671] rt_sigprocmask(SIG_SETMASK, [], [pid 10652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10652] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10652] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10671] open(".", O_RDONLY) = 5 [pid 10671] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10652] <... futex resumed>) = 0 [pid 10671] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10652] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10671] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10652] <... futex resumed>) = 0 [pid 10671] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 295.234088][T10653] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 295.256471][T10653] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10652] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10671] <... ioctl resumed>) = 0 [pid 10671] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10652] <... futex resumed>) = 0 [pid 10671] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10653] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10653] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10653] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10652] exit_group(0 [pid 10671] <... futex resumed>) = ? [pid 10653] <... futex resumed>) = ? [pid 10652] <... exit_group resumed>) = ? [pid 10653] +++ exited with 0 +++ [pid 10671] +++ exited with 0 +++ [pid 10652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10652, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 295.281555][T10653] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./279/binderfs") = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10672 attached [pid 10672] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10672] chdir("./280") = 0 [pid 10672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10672 [pid 10672] setpgid(0, 0) = 0 [pid 10672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10672] write(3, "1000", 4) = 4 [pid 10672] close(3) = 0 [pid 10672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10672] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10672] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10672] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10672] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10673 attached => {parent_tid=[10673]}, 88) = 10673 [pid 10673] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10672] rt_sigprocmask(SIG_SETMASK, [], [pid 10673] set_robust_list(0x7f0bd5e299a0, 24 [pid 10672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10673] <... set_robust_list resumed>) = 0 [pid 10672] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10673] rt_sigprocmask(SIG_SETMASK, [], [pid 10672] <... futex resumed>) = 0 [pid 10673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10672] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10673] memfd_create("syzkaller", 0) = 3 [pid 10673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10673] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10673] close(3) = 0 [pid 10673] mkdir("./file0", 0777) = 0 [ 295.758040][T10673] loop0: detected capacity change from 0 to 32768 [ 295.771285][T10673] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10673) [ 295.787811][T10673] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 295.797259][T10673] BTRFS info (device loop0): force clearing of disk cache [ 295.804552][T10673] BTRFS info (device loop0): setting nodatasum [ 295.810720][T10673] BTRFS info (device loop0): allowing degraded mounts [ 295.817957][T10673] BTRFS info (device loop0): enabling disk space caching [ 295.825123][T10673] BTRFS info (device loop0): disk space caching is enabled [ 295.844925][T10673] BTRFS info (device loop0): enabling ssd optimizations [pid 10673] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10673] chdir("./file0") = 0 [pid 10673] ioctl(4, LOOP_CLR_FD) = 0 [pid 10673] close(4) = 0 [pid 10673] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10673] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10672] <... futex resumed>) = 0 [pid 10672] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10673] <... futex resumed>) = 0 [pid 10672] <... futex resumed>) = 1 [pid 10673] open("./file0", O_RDONLY) = 4 [ 295.851903][T10673] BTRFS info (device loop0): auto enabling async discard [ 295.859935][T10673] BTRFS info (device loop0): rebuilding free space tree [ 295.870616][T10673] BTRFS info (device loop0): disabling free space tree [ 295.877662][T10673] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 295.887352][T10673] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 295.899890][T10673] BTRFS info (device loop0): checking UUID tree [pid 10672] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10673] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10672] <... futex resumed>) = 0 [pid 10673] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10672] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10673] <... ioctl resumed>) = 0 [pid 10672] <... futex resumed>) = 0 [pid 10673] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10672] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10673] <... futex resumed>) = 0 [pid 10672] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10673] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10672] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10672] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10672] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10672] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10691 attached [pid 10691] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10691] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10672] <... clone3 resumed> => {parent_tid=[10691]}, 88) = 10691 [pid 10691] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10672] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10691] <... futex resumed>) = 0 [pid 10691] open(".", O_RDONLY) = 5 [pid 10691] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10691] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10672] <... futex resumed>) = 1 [pid 10672] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 10672] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10691] <... futex resumed>) = 0 [ 295.953357][T10673] BTRFS info (device loop0): balance: start -d -m [ 295.961822][T10673] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 295.986520][T10673] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10691] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10672] <... futex resumed>) = 1 [pid 10672] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10691] <... ioctl resumed>) = 0 [pid 10691] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10672] <... futex resumed>) = 0 [pid 10691] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10673] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10673] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10673] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10672] exit_group(0 [pid 10691] <... futex resumed>) = ? [pid 10673] <... futex resumed>) = ? [pid 10672] <... exit_group resumed>) = ? [pid 10691] +++ exited with 0 +++ [pid 10673] +++ exited with 0 +++ [pid 10672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10672, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- [ 296.067347][T10673] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 296.092267][T10673] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 296.109653][T10673] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./280/binderfs") = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10692 attached , child_tidptr=0x5555570ad690) = 10692 [pid 10692] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10692] chdir("./281") = 0 [pid 10692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10692] setpgid(0, 0) = 0 [pid 10692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10692] write(3, "1000", 4) = 4 [pid 10692] close(3) = 0 [pid 10692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10692] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10692] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10692] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10692] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10693 attached => {parent_tid=[10693]}, 88) = 10693 [pid 10693] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10693] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10692] rt_sigprocmask(SIG_SETMASK, [], [pid 10693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10693] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10692] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10692] <... futex resumed>) = 0 [pid 10693] memfd_create("syzkaller", 0 [pid 10692] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10693] <... memfd_create resumed>) = 3 [pid 10693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10693] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10693] close(3) = 0 [pid 10693] mkdir("./file0", 0777) = 0 [ 296.639406][T10693] loop0: detected capacity change from 0 to 32768 [ 296.663108][T10693] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10693) [ 296.679534][T10693] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 296.688819][T10693] BTRFS info (device loop0): force clearing of disk cache [ 296.695955][T10693] BTRFS info (device loop0): setting nodatasum [ 296.702103][T10693] BTRFS info (device loop0): allowing degraded mounts [ 296.708926][T10693] BTRFS info (device loop0): enabling disk space caching [ 296.716002][T10693] BTRFS info (device loop0): disk space caching is enabled [ 296.734764][T10693] BTRFS info (device loop0): enabling ssd optimizations [ 296.741968][T10693] BTRFS info (device loop0): auto enabling async discard [ 296.750008][T10693] BTRFS info (device loop0): rebuilding free space tree [ 296.761119][T10693] BTRFS info (device loop0): disabling free space tree [ 296.768262][T10693] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 296.778062][T10693] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10693] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10693] chdir("./file0") = 0 [pid 10693] ioctl(4, LOOP_CLR_FD) = 0 [pid 10693] close(4) = 0 [pid 10693] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10693] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10692] <... futex resumed>) = 0 [pid 10692] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] <... futex resumed>) = 0 [pid 10692] <... futex resumed>) = 1 [pid 10693] open("./file0", O_RDONLY [pid 10692] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10693] <... open resumed>) = 4 [pid 10693] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10692] <... futex resumed>) = 0 [pid 10692] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10692] <... futex resumed>) = 0 [pid 10693] <... ioctl resumed>) = 0 [ 296.790559][T10693] BTRFS info (device loop0): checking UUID tree [pid 10693] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10692] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10693] <... futex resumed>) = 0 [pid 10692] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10692] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10692] <... futex resumed>) = 0 [pid 10692] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10692] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10692] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10711 attached => {parent_tid=[10711]}, 88) = 10711 [pid 10711] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10692] rt_sigprocmask(SIG_SETMASK, [], [pid 10711] <... rseq resumed>) = 0 [pid 10692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10711] set_robust_list(0x7f0bd5e089a0, 24 [pid 10692] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10711] <... set_robust_list resumed>) = 0 [pid 10692] <... futex resumed>) = 0 [pid 10711] rt_sigprocmask(SIG_SETMASK, [], [pid 10692] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10711] open(".", O_RDONLY) = 5 [pid 10711] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10692] <... futex resumed>) = 0 [pid 10692] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10711] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 296.861021][T10693] BTRFS info (device loop0): balance: start -d -m [ 296.869285][T10693] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 296.892344][T10693] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10692] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10711] <... ioctl resumed>) = 0 [pid 10711] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10692] <... futex resumed>) = 0 [ 296.945188][T10693] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 10711] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10693] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10693] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10693] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10692] exit_group(0 [pid 10711] <... futex resumed>) = ? [pid 10693] <... futex resumed>) = ? [pid 10692] <... exit_group resumed>) = ? [pid 10711] +++ exited with 0 +++ [pid 10693] +++ exited with 0 +++ [pid 10692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10692, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 296.993682][T10693] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 297.010275][T10693] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./281/binderfs") = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10712 attached [pid 10712] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10712] chdir("./282" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10712 [pid 10712] <... chdir resumed>) = 0 [pid 10712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10712] setpgid(0, 0) = 0 [pid 10712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10712] write(3, "1000", 4) = 4 [pid 10712] close(3) = 0 [pid 10712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10712] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10712] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10712] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10712] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10713 attached [pid 10713] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10712] <... clone3 resumed> => {parent_tid=[10713]}, 88) = 10713 [pid 10713] <... rseq resumed>) = 0 [pid 10713] set_robust_list(0x7f0bd5e299a0, 24 [pid 10712] rt_sigprocmask(SIG_SETMASK, [], [pid 10713] <... set_robust_list resumed>) = 0 [pid 10712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10713] rt_sigprocmask(SIG_SETMASK, [], [pid 10712] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10713] memfd_create("syzkaller", 0 [pid 10712] <... futex resumed>) = 0 [pid 10712] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10713] <... memfd_create resumed>) = 3 [pid 10713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10713] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10713] close(3) = 0 [pid 10713] mkdir("./file0", 0777) = 0 [ 297.507383][T10713] loop0: detected capacity change from 0 to 32768 [ 297.532261][T10713] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10713) [ 297.547942][T10713] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 297.557235][T10713] BTRFS info (device loop0): force clearing of disk cache [ 297.564385][T10713] BTRFS info (device loop0): setting nodatasum [ 297.570551][T10713] BTRFS info (device loop0): allowing degraded mounts [ 297.577435][T10713] BTRFS info (device loop0): enabling disk space caching [ 297.584496][T10713] BTRFS info (device loop0): disk space caching is enabled [ 297.603647][T10713] BTRFS info (device loop0): enabling ssd optimizations [ 297.610681][T10713] BTRFS info (device loop0): auto enabling async discard [ 297.618722][T10713] BTRFS info (device loop0): rebuilding free space tree [ 297.629453][T10713] BTRFS info (device loop0): disabling free space tree [ 297.636590][T10713] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 297.646290][T10713] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10713] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10713] chdir("./file0") = 0 [pid 10713] ioctl(4, LOOP_CLR_FD) = 0 [pid 10713] close(4) = 0 [pid 10713] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10712] <... futex resumed>) = 0 [pid 10712] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10713] open("./file0", O_RDONLY [pid 10712] <... futex resumed>) = 0 [pid 10713] <... open resumed>) = 4 [pid 10712] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10713] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10713] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10712] <... futex resumed>) = 0 [pid 10712] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10712] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10713] <... futex resumed>) = 0 [pid 10713] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10713] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10712] <... futex resumed>) = 0 [pid 10712] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10712] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 297.659355][T10713] BTRFS info (device loop0): checking UUID tree [pid 10713] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10712] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10712] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10712] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10731]}, 88) = 10731 ./strace-static-x86_64: Process 10731 attached [pid 10712] rt_sigprocmask(SIG_SETMASK, [], [ 297.701290][T10713] BTRFS info (device loop0): balance: start -d -m [ 297.709279][T10713] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 297.731470][T10713] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10731] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10731] <... rseq resumed>) = 0 [pid 10731] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10731] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10712] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10731] <... futex resumed>) = 0 [pid 10731] open(".", O_RDONLY) = 5 [pid 10731] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10731] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10712] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 10712] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10731] <... futex resumed>) = 0 [pid 10731] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10712] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10731] <... ioctl resumed>) = 0 [pid 10731] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10712] <... futex resumed>) = 0 [ 297.773469][T10713] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 10731] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10713] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10713] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10713] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10712] exit_group(0 [pid 10731] <... futex resumed>) = ? [pid 10713] <... futex resumed>) = ? [pid 10712] <... exit_group resumed>) = ? [pid 10731] +++ exited with 0 +++ [pid 10713] +++ exited with 0 +++ [pid 10712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10712, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 297.825749][T10713] BTRFS info (device loop0): found 1 extents, stage: update data pointers openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./282/binderfs") = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10732 attached [pid 10732] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10732] chdir("./283") = 0 [pid 10732] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10732 [pid 10732] <... prctl resumed>) = 0 [pid 10732] setpgid(0, 0) = 0 [pid 10732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10732] write(3, "1000", 4) = 4 [pid 10732] close(3) = 0 [pid 10732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10732] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10732] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10732] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10733 attached [pid 10733] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10732] <... clone3 resumed> => {parent_tid=[10733]}, 88) = 10733 [pid 10733] <... rseq resumed>) = 0 [pid 10732] rt_sigprocmask(SIG_SETMASK, [], [pid 10733] set_robust_list(0x7f0bd5e299a0, 24 [pid 10732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10733] <... set_robust_list resumed>) = 0 [pid 10732] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10733] rt_sigprocmask(SIG_SETMASK, [], [pid 10732] <... futex resumed>) = 0 [pid 10733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10732] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10733] memfd_create("syzkaller", 0) = 3 [pid 10733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10733] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10733] close(3) = 0 [pid 10733] mkdir("./file0", 0777) = 0 [pid 10733] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10733] chdir("./file0") = 0 [pid 10733] ioctl(4, LOOP_CLR_FD) = 0 [pid 10733] close(4) = 0 [pid 10733] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10732] <... futex resumed>) = 0 [pid 10732] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10733] <... futex resumed>) = 1 [pid 10732] <... futex resumed>) = 0 [pid 10732] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10733] open("./file0", O_RDONLY) = 4 [pid 10733] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10732] <... futex resumed>) = 0 [pid 10733] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10732] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10733] <... ioctl resumed>) = 0 [pid 10732] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10733] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10733] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10732] <... futex resumed>) = 0 [pid 10733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10732] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10733] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10732] <... futex resumed>) = 0 [ 298.359068][T10733] loop0: detected capacity change from 0 to 32768 [ 298.372126][T10733] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10733) [pid 10732] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10732] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10732] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10751 attached [pid 10751] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10732] <... clone3 resumed> => {parent_tid=[10751]}, 88) = 10751 [pid 10751] <... rseq resumed>) = 0 [pid 10732] rt_sigprocmask(SIG_SETMASK, [], [pid 10751] set_robust_list(0x7f0bd5e089a0, 24 [pid 10732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10751] <... set_robust_list resumed>) = 0 [pid 10732] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10751] rt_sigprocmask(SIG_SETMASK, [], [pid 10732] <... futex resumed>) = 0 [pid 10751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10732] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10751] open(".", O_RDONLY) = 5 [pid 10751] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10732] <... futex resumed>) = 0 [pid 10751] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10732] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10732] <... futex resumed>) = 0 [pid 10751] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10732] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10751] <... ioctl resumed>) = 0 [pid 10751] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10732] <... futex resumed>) = 0 [ 298.502727][T10733] _btrfs_printk: 17 callbacks suppressed [ 298.502744][T10733] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 10751] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10733] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10733] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10733] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10732] exit_group(0 [pid 10751] <... futex resumed>) = ? [pid 10751] +++ exited with 0 +++ [pid 10732] <... exit_group resumed>) = ? [pid 10733] <... futex resumed>) = ? [pid 10733] +++ exited with 0 +++ [pid 10732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10732, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- [ 298.573773][T10733] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 298.590684][T10733] BTRFS info (device loop0): balance: ended with status: 0 umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./283/binderfs") = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10752 attached [pid 10752] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10752] chdir("./284") = 0 [pid 10752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10752 [pid 10752] setpgid(0, 0) = 0 [pid 10752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10752] write(3, "1000", 4) = 4 [pid 10752] close(3) = 0 [pid 10752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10752] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10752] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10752] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10753 attached => {parent_tid=[10753]}, 88) = 10753 [pid 10752] rt_sigprocmask(SIG_SETMASK, [], [pid 10753] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10753] <... rseq resumed>) = 0 [pid 10753] set_robust_list(0x7f0bd5e299a0, 24 [pid 10752] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10753] <... set_robust_list resumed>) = 0 [pid 10752] <... futex resumed>) = 0 [pid 10753] rt_sigprocmask(SIG_SETMASK, [], [pid 10752] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10753] memfd_create("syzkaller", 0) = 3 [pid 10753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10753] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10753] close(3) = 0 [pid 10753] mkdir("./file0", 0777) = 0 [ 299.158732][T10753] loop0: detected capacity change from 0 to 32768 [ 299.168841][T10753] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10753) [ 299.184619][T10753] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 299.193938][T10753] BTRFS info (device loop0): force clearing of disk cache [ 299.201041][T10753] BTRFS info (device loop0): setting nodatasum [ 299.207254][T10753] BTRFS info (device loop0): allowing degraded mounts [ 299.214092][T10753] BTRFS info (device loop0): enabling disk space caching [ 299.221103][T10753] BTRFS info (device loop0): disk space caching is enabled [ 299.241011][T10753] BTRFS info (device loop0): enabling ssd optimizations [ 299.248147][T10753] BTRFS info (device loop0): auto enabling async discard [pid 10753] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10753] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10753] chdir("./file0") = 0 [pid 10753] ioctl(4, LOOP_CLR_FD) = 0 [ 299.256140][T10753] BTRFS info (device loop0): rebuilding free space tree [ 299.267378][T10753] BTRFS info (device loop0): disabling free space tree [ 299.274358][T10753] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 299.284031][T10753] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 299.296445][T10753] BTRFS info (device loop0): checking UUID tree [pid 10753] close(4) = 0 [pid 10753] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10752] <... futex resumed>) = 0 [pid 10753] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 10752] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10753] open("./file0", O_RDONLY [pid 10752] <... futex resumed>) = 0 [pid 10752] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10753] <... open resumed>) = 4 [pid 10753] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10752] <... futex resumed>) = 0 [pid 10753] <... futex resumed>) = 1 [pid 10752] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10753] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10752] <... futex resumed>) = 0 [pid 10753] <... ioctl resumed>) = 0 [pid 10752] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10753] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10752] <... futex resumed>) = 0 [pid 10753] <... futex resumed>) = 1 [pid 10752] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10753] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10752] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10752] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10752] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10771]}, 88) = 10771 [pid 10752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10752] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10752] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10771 attached [pid 10771] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10771] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10771] open(".", O_RDONLY) = 5 [pid 10771] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10752] <... futex resumed>) = 0 [pid 10771] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10752] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10752] <... futex resumed>) = 0 [pid 10771] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 299.385100][T10753] BTRFS info (device loop0): balance: start -d -m [ 299.393488][T10753] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 299.419345][T10753] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10752] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10771] <... ioctl resumed>) = 0 [pid 10771] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10771] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10752] <... futex resumed>) = 0 [pid 10753] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10753] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10752] exit_group(0 [pid 10771] <... futex resumed>) = ? [pid 10771] +++ exited with 0 +++ [pid 10752] <... exit_group resumed>) = ? [pid 10753] <... futex resumed>) = ? [pid 10753] +++ exited with 0 +++ [pid 10752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10752, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 299.491793][T10753] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 299.512772][T10753] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 299.530028][T10753] BTRFS info (device loop0): balance: ended with status: 0 umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./284/binderfs") = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10772 attached [pid 10772] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10772] chdir("./285") = 0 [pid 10772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10772 [pid 10772] setpgid(0, 0) = 0 [pid 10772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10772] write(3, "1000", 4) = 4 [pid 10772] close(3) = 0 [pid 10772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10772] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10772] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10772] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10772] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10773 attached => {parent_tid=[10773]}, 88) = 10773 [pid 10773] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10772] rt_sigprocmask(SIG_SETMASK, [], [pid 10773] set_robust_list(0x7f0bd5e299a0, 24 [pid 10772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10773] <... set_robust_list resumed>) = 0 [pid 10773] rt_sigprocmask(SIG_SETMASK, [], [pid 10772] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10772] <... futex resumed>) = 0 [pid 10773] memfd_create("syzkaller", 0 [pid 10772] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10773] <... memfd_create resumed>) = 3 [pid 10773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10773] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10773] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10773] close(3) = 0 [pid 10773] mkdir("./file0", 0777) = 0 [ 300.017899][T10773] loop0: detected capacity change from 0 to 32768 [ 300.031175][T10773] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10773) [ 300.047227][T10773] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 300.056554][T10773] BTRFS info (device loop0): force clearing of disk cache [ 300.063654][T10773] BTRFS info (device loop0): setting nodatasum [ 300.069845][T10773] BTRFS info (device loop0): allowing degraded mounts [ 300.076677][T10773] BTRFS info (device loop0): enabling disk space caching [ 300.083704][T10773] BTRFS info (device loop0): disk space caching is enabled [ 300.102236][T10773] BTRFS info (device loop0): enabling ssd optimizations [ 300.109278][T10773] BTRFS info (device loop0): auto enabling async discard [pid 10773] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10773] chdir("./file0") = 0 [pid 10773] ioctl(4, LOOP_CLR_FD) = 0 [pid 10773] close(4) = 0 [pid 10773] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10773] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10772] <... futex resumed>) = 0 [ 300.117265][T10773] BTRFS info (device loop0): rebuilding free space tree [ 300.128345][T10773] BTRFS info (device loop0): disabling free space tree [ 300.135346][T10773] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 300.145047][T10773] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 300.157716][T10773] BTRFS info (device loop0): checking UUID tree [pid 10772] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10773] <... futex resumed>) = 0 [pid 10772] <... futex resumed>) = 1 [pid 10773] open("./file0", O_RDONLY) = 4 [pid 10772] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10773] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10772] <... futex resumed>) = 0 [pid 10772] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10773] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10772] <... futex resumed>) = 0 [pid 10772] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10773] <... ioctl resumed>) = 0 [pid 10773] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10772] <... futex resumed>) = 0 [pid 10772] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10773] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10772] <... futex resumed>) = 0 [pid 10772] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10772] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10772] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10791]}, 88) = 10791 [pid 10772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10772] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10772] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10791 attached [pid 10791] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [ 300.235660][T10773] BTRFS info (device loop0): balance: start -d -m [ 300.245525][T10773] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 300.266305][T10773] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10791] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10791] open(".", O_RDONLY) = 5 [pid 10791] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10791] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10772] <... futex resumed>) = 0 [pid 10772] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10791] <... futex resumed>) = 0 [pid 10772] <... futex resumed>) = 1 [pid 10791] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 300.308416][T10773] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 10772] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10791] <... ioctl resumed>) = 0 [pid 10791] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10772] <... futex resumed>) = 0 [pid 10791] <... futex resumed>) = 1 [pid 10791] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10773] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10773] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10773] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10772] exit_group(0 [pid 10773] <... futex resumed>) = ? [pid 10772] <... exit_group resumed>) = ? [pid 10791] <... futex resumed>) = ? [pid 10773] +++ exited with 0 +++ [pid 10791] +++ exited with 0 +++ [pid 10772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10772, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- [ 300.359735][T10773] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 300.377413][T10773] BTRFS info (device loop0): balance: ended with status: 0 umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./285/binderfs") = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10792 attached [pid 10792] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10792] chdir("./286") = 0 [pid 10792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10792 [pid 10792] setpgid(0, 0) = 0 [pid 10792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10792] write(3, "1000", 4) = 4 [pid 10792] close(3) = 0 [pid 10792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10792] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10792] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10792] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10793 attached [pid 10793] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10792] <... clone3 resumed> => {parent_tid=[10793]}, 88) = 10793 [pid 10793] <... rseq resumed>) = 0 [pid 10792] rt_sigprocmask(SIG_SETMASK, [], [pid 10793] set_robust_list(0x7f0bd5e299a0, 24 [pid 10792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10793] <... set_robust_list resumed>) = 0 [pid 10792] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10793] rt_sigprocmask(SIG_SETMASK, [], [pid 10792] <... futex resumed>) = 0 [pid 10793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10792] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10793] memfd_create("syzkaller", 0) = 3 [pid 10793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10793] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10793] close(3) = 0 [pid 10793] mkdir("./file0", 0777) = 0 [ 300.932675][T10793] loop0: detected capacity change from 0 to 32768 [ 300.950449][T10793] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10793) [ 300.966916][T10793] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 300.976185][T10793] BTRFS info (device loop0): force clearing of disk cache [ 300.983287][T10793] BTRFS info (device loop0): setting nodatasum [ 300.989473][T10793] BTRFS info (device loop0): allowing degraded mounts [ 300.996393][T10793] BTRFS info (device loop0): enabling disk space caching [ 301.003409][T10793] BTRFS info (device loop0): disk space caching is enabled [ 301.023019][T10793] BTRFS info (device loop0): enabling ssd optimizations [ 301.030075][T10793] BTRFS info (device loop0): auto enabling async discard [ 301.038204][T10793] BTRFS info (device loop0): rebuilding free space tree [ 301.049333][T10793] BTRFS info (device loop0): disabling free space tree [ 301.056697][T10793] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 301.066517][T10793] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10793] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10793] chdir("./file0") = 0 [pid 10793] ioctl(4, LOOP_CLR_FD) = 0 [pid 10793] close(4) = 0 [pid 10793] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10793] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10792] <... futex resumed>) = 0 [pid 10792] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10793] <... futex resumed>) = 0 [pid 10792] <... futex resumed>) = 1 [pid 10792] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10793] open("./file0", O_RDONLY) = 4 [pid 10793] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 301.079493][T10793] BTRFS info (device loop0): checking UUID tree [pid 10793] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10792] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10792] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10793] <... futex resumed>) = 0 [pid 10792] <... futex resumed>) = 1 [pid 10793] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10792] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10793] <... ioctl resumed>) = 0 [pid 10793] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10792] <... futex resumed>) = 0 [pid 10793] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10792] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10792] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10792] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10792] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10811 attached => {parent_tid=[10811]}, 88) = 10811 [pid 10811] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10792] rt_sigprocmask(SIG_SETMASK, [], [pid 10811] <... rseq resumed>) = 0 [pid 10792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10811] set_robust_list(0x7f0bd5e089a0, 24 [pid 10792] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10811] <... set_robust_list resumed>) = 0 [pid 10792] <... futex resumed>) = 0 [pid 10811] rt_sigprocmask(SIG_SETMASK, [], [pid 10792] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10811] open(".", O_RDONLY) = 5 [pid 10811] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10792] <... futex resumed>) = 0 [pid 10811] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10792] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10792] <... futex resumed>) = 0 [pid 10811] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 301.131293][T10793] BTRFS info (device loop0): balance: start -d -m [ 301.140498][T10793] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 301.167205][T10793] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10792] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10811] <... ioctl resumed>) = 0 [pid 10811] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10792] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10811] <... futex resumed>) = 0 [pid 10811] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10793] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10793] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10792] exit_group(0 [pid 10811] <... futex resumed>) = ? [pid 10792] <... exit_group resumed>) = ? [pid 10811] +++ exited with 0 +++ [pid 10793] <... futex resumed>) = ? [pid 10793] +++ exited with 0 +++ [pid 10792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10792, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 301.252665][T10793] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 301.274316][T10793] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 301.290835][T10793] BTRFS info (device loop0): balance: ended with status: 0 umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./286/binderfs") = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10812 attached , child_tidptr=0x5555570ad690) = 10812 [pid 10812] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10812] chdir("./287") = 0 [pid 10812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10812] setpgid(0, 0) = 0 [pid 10812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10812] write(3, "1000", 4) = 4 [pid 10812] close(3) = 0 [pid 10812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10812] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10812] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10812] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10812] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10813 attached [pid 10813] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10812] <... clone3 resumed> => {parent_tid=[10813]}, 88) = 10813 [pid 10813] set_robust_list(0x7f0bd5e299a0, 24 [pid 10812] rt_sigprocmask(SIG_SETMASK, [], [pid 10813] <... set_robust_list resumed>) = 0 [pid 10812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10813] rt_sigprocmask(SIG_SETMASK, [], [pid 10812] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10812] <... futex resumed>) = 0 [pid 10813] memfd_create("syzkaller", 0 [pid 10812] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10813] <... memfd_create resumed>) = 3 [pid 10813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10813] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10813] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10813] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10813] close(3) = 0 [pid 10813] mkdir("./file0", 0777) = 0 [ 301.769859][T10813] loop0: detected capacity change from 0 to 32768 [ 301.784751][T10813] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10813) [ 301.800275][T10813] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 301.809606][T10813] BTRFS info (device loop0): force clearing of disk cache [ 301.816776][T10813] BTRFS info (device loop0): setting nodatasum [ 301.822948][T10813] BTRFS info (device loop0): allowing degraded mounts [ 301.829759][T10813] BTRFS info (device loop0): enabling disk space caching [ 301.836842][T10813] BTRFS info (device loop0): disk space caching is enabled [ 301.855545][T10813] BTRFS info (device loop0): enabling ssd optimizations [ 301.862519][T10813] BTRFS info (device loop0): auto enabling async discard [pid 10813] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10813] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10813] chdir("./file0") = 0 [pid 10813] ioctl(4, LOOP_CLR_FD) = 0 [pid 10813] close(4) = 0 [pid 10813] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10812] <... futex resumed>) = 0 [pid 10813] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10812] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10813] <... futex resumed>) = 0 [pid 10812] <... futex resumed>) = 1 [pid 10813] open("./file0", O_RDONLY [pid 10812] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10813] <... open resumed>) = 4 [pid 10813] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10812] <... futex resumed>) = 0 [pid 10813] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10812] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10813] <... ioctl resumed>) = 0 [pid 10812] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10813] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10812] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10813] <... futex resumed>) = 0 [pid 10812] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10813] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10812] <... futex resumed>) = 0 [ 301.870917][T10813] BTRFS info (device loop0): rebuilding free space tree [ 301.881848][T10813] BTRFS info (device loop0): disabling free space tree [ 301.888818][T10813] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 301.898554][T10813] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 301.911151][T10813] BTRFS info (device loop0): checking UUID tree [pid 10812] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10812] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10812] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10831]}, 88) = 10831 [pid 10812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10812] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10812] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10831 attached [pid 10831] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10831] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10831] open(".", O_RDONLY) = 5 [pid 10831] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10812] <... futex resumed>) = 0 [pid 10831] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10812] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 301.951784][T10813] BTRFS info (device loop0): balance: start -d -m [ 301.960560][T10813] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 301.982845][T10813] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10812] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10831] <... ioctl resumed>) = 0 [pid 10831] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10812] <... futex resumed>) = 0 [pid 10831] <... futex resumed>) = 1 [ 302.053238][T10813] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 302.092624][T10813] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10831] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10813] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10813] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10813] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10812] exit_group(0 [pid 10831] <... futex resumed>) = ? [pid 10812] <... exit_group resumed>) = ? [pid 10831] +++ exited with 0 +++ [pid 10813] <... futex resumed>) = ? [pid 10813] +++ exited with 0 +++ [pid 10812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10812, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 302.113179][T10813] BTRFS info (device loop0): balance: ended with status: 0 umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./287/binderfs") = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10832 attached [pid 10832] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10832] chdir("./288") = 0 [pid 10832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10832 [pid 10832] setpgid(0, 0) = 0 [pid 10832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10832] write(3, "1000", 4) = 4 [pid 10832] close(3) = 0 [pid 10832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10832] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10832] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10832] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10833 attached [pid 10833] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10832] <... clone3 resumed> => {parent_tid=[10833]}, 88) = 10833 [pid 10833] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10832] rt_sigprocmask(SIG_SETMASK, [], [pid 10833] rt_sigprocmask(SIG_SETMASK, [], [pid 10832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10832] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10833] memfd_create("syzkaller", 0 [pid 10832] <... futex resumed>) = 0 [pid 10832] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10833] <... memfd_create resumed>) = 3 [pid 10833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10833] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10833] close(3) = 0 [pid 10833] mkdir("./file0", 0777) = 0 [ 302.723916][T10833] loop0: detected capacity change from 0 to 32768 [ 302.743701][T10833] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10833) [ 302.759313][T10833] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 302.768783][T10833] BTRFS info (device loop0): force clearing of disk cache [ 302.775962][T10833] BTRFS info (device loop0): setting nodatasum [ 302.782136][T10833] BTRFS info (device loop0): allowing degraded mounts [ 302.788994][T10833] BTRFS info (device loop0): enabling disk space caching [ 302.796200][T10833] BTRFS info (device loop0): disk space caching is enabled [ 302.815823][T10833] BTRFS info (device loop0): enabling ssd optimizations [ 302.822960][T10833] BTRFS info (device loop0): auto enabling async discard [ 302.830930][T10833] BTRFS info (device loop0): rebuilding free space tree [ 302.841948][T10833] BTRFS info (device loop0): disabling free space tree [ 302.849012][T10833] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 302.858952][T10833] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10833] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10833] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10833] chdir("./file0") = 0 [pid 10833] ioctl(4, LOOP_CLR_FD) = 0 [pid 10833] close(4) = 0 [pid 10833] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10832] <... futex resumed>) = 0 [pid 10833] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10832] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10833] <... futex resumed>) = 0 [pid 10832] <... futex resumed>) = 1 [pid 10833] open("./file0", O_RDONLY [pid 10832] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10833] <... open resumed>) = 4 [ 302.871902][T10833] BTRFS info (device loop0): checking UUID tree [pid 10833] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10832] <... futex resumed>) = 0 [pid 10833] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10832] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10832] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10833] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10833] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10832] <... futex resumed>) = 0 [pid 10832] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10833] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10832] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10832] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10832] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 302.944304][T10833] BTRFS info (device loop0): balance: start -d -m [ 302.955149][T10833] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 302.980703][T10833] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10851 attached [pid 10851] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10851] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10832] <... clone3 resumed> => {parent_tid=[10851]}, 88) = 10851 [pid 10851] rt_sigprocmask(SIG_SETMASK, [], [pid 10832] rt_sigprocmask(SIG_SETMASK, [], [pid 10851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10851] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10832] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10832] <... futex resumed>) = 0 [pid 10851] open(".", O_RDONLY [pid 10832] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10851] <... open resumed>) = 5 [pid 10851] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10832] <... futex resumed>) = 0 [pid 10851] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10832] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 303.016428][T10833] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 303.037288][T10833] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10832] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10851] <... ioctl resumed>) = 0 [pid 10851] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10851] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10833] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10832] <... futex resumed>) = 0 [pid 10833] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10832] exit_group(0 [pid 10851] <... futex resumed>) = ? [pid 10833] <... futex resumed>) = ? [pid 10832] <... exit_group resumed>) = ? [pid 10851] +++ exited with 0 +++ [pid 10833] +++ exited with 0 +++ [pid 10832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10832, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 303.064114][T10833] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./288/binderfs") = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10852 attached [pid 10852] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10852] chdir("./289") = 0 [pid 10852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10852 [pid 10852] setpgid(0, 0) = 0 [pid 10852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10852] write(3, "1000", 4) = 4 [pid 10852] close(3) = 0 [pid 10852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10852] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10852] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10852] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10853 attached => {parent_tid=[10853]}, 88) = 10853 [pid 10852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10852] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10853] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10852] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10853] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10853] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10853] memfd_create("syzkaller", 0) = 3 [pid 10853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10853] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10853] close(3) = 0 [pid 10853] mkdir("./file0", 0777) = 0 [ 303.549768][T10853] loop0: detected capacity change from 0 to 32768 [ 303.564567][T10853] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10853) [ 303.580226][T10853] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 303.589530][T10853] BTRFS info (device loop0): force clearing of disk cache [ 303.596724][T10853] BTRFS info (device loop0): setting nodatasum [ 303.602886][T10853] BTRFS info (device loop0): allowing degraded mounts [ 303.609795][T10853] BTRFS info (device loop0): enabling disk space caching [ 303.616898][T10853] BTRFS info (device loop0): disk space caching is enabled [ 303.635898][T10853] BTRFS info (device loop0): enabling ssd optimizations [ 303.642918][T10853] BTRFS info (device loop0): auto enabling async discard [pid 10853] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10853] chdir("./file0") = 0 [pid 10853] ioctl(4, LOOP_CLR_FD) = 0 [pid 10853] close(4) = 0 [ 303.651163][T10853] BTRFS info (device loop0): rebuilding free space tree [ 303.662171][T10853] BTRFS info (device loop0): disabling free space tree [ 303.669155][T10853] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 303.678841][T10853] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 303.691372][T10853] BTRFS info (device loop0): checking UUID tree [pid 10853] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10853] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10852] <... futex resumed>) = 0 [pid 10852] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10853] <... futex resumed>) = 0 [pid 10852] <... futex resumed>) = 1 [pid 10853] open("./file0", O_RDONLY) = 4 [pid 10852] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10853] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10852] <... futex resumed>) = 0 [pid 10853] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10852] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10853] <... ioctl resumed>) = 0 [pid 10852] <... futex resumed>) = 0 [pid 10852] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10853] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10852] <... futex resumed>) = 0 [pid 10853] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10852] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10852] <... futex resumed>) = 0 [pid 10853] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10852] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10852] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10852] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10871 attached => {parent_tid=[10871]}, 88) = 10871 [pid 10852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10852] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10852] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10871] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10871] set_robust_list(0x7f0bd5e089a0, 24) = 0 [ 303.762366][T10853] BTRFS info (device loop0): balance: start -d -m [ 303.771440][T10853] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 303.795663][T10853] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10871] open(".", O_RDONLY) = 5 [pid 10871] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10852] <... futex resumed>) = 0 [pid 10871] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10852] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10852] <... futex resumed>) = 0 [pid 10871] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10852] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10871] <... ioctl resumed>) = 0 [pid 10871] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10871] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10852] <... futex resumed>) = 0 [ 303.854876][T10853] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 303.886657][T10853] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10853] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10853] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10853] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10852] exit_group(0) = ? [pid 10871] <... futex resumed>) = ? [pid 10853] <... futex resumed>) = ? [pid 10871] +++ exited with 0 +++ [pid 10853] +++ exited with 0 +++ [pid 10852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10852, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 303.905173][T10853] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./289/binderfs") = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10872 attached , child_tidptr=0x5555570ad690) = 10872 [pid 10872] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10872] chdir("./290") = 0 [pid 10872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10872] setpgid(0, 0) = 0 [pid 10872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10872] write(3, "1000", 4) = 4 [pid 10872] close(3) = 0 [pid 10872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10872] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10872] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10872] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10873 attached [pid 10873] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10872] <... clone3 resumed> => {parent_tid=[10873]}, 88) = 10873 [pid 10873] <... rseq resumed>) = 0 [pid 10872] rt_sigprocmask(SIG_SETMASK, [], [pid 10873] set_robust_list(0x7f0bd5e299a0, 24 [pid 10872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10873] <... set_robust_list resumed>) = 0 [pid 10872] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10873] rt_sigprocmask(SIG_SETMASK, [], [pid 10872] <... futex resumed>) = 0 [pid 10873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10872] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10873] memfd_create("syzkaller", 0) = 3 [pid 10873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10873] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10873] close(3) = 0 [pid 10873] mkdir("./file0", 0777) = 0 [ 304.411765][T10873] loop0: detected capacity change from 0 to 32768 [ 304.436752][T10873] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10873) [ 304.452484][T10873] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 304.462030][T10873] BTRFS info (device loop0): force clearing of disk cache [ 304.469252][T10873] BTRFS info (device loop0): setting nodatasum [ 304.475509][T10873] BTRFS info (device loop0): allowing degraded mounts [ 304.482294][T10873] BTRFS info (device loop0): enabling disk space caching [ 304.489393][T10873] BTRFS info (device loop0): disk space caching is enabled [ 304.508294][T10873] BTRFS info (device loop0): enabling ssd optimizations [ 304.515353][T10873] BTRFS info (device loop0): auto enabling async discard [ 304.523132][T10873] BTRFS info (device loop0): rebuilding free space tree [ 304.534322][T10873] BTRFS info (device loop0): disabling free space tree [ 304.541217][T10873] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 304.550894][T10873] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10873] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10873] chdir("./file0") = 0 [pid 10873] ioctl(4, LOOP_CLR_FD) = 0 [pid 10873] close(4) = 0 [pid 10873] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10872] <... futex resumed>) = 0 [pid 10873] <... futex resumed>) = 1 [pid 10872] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10873] open("./file0", O_RDONLY [pid 10872] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10873] <... open resumed>) = 4 [pid 10873] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10872] <... futex resumed>) = 0 [pid 10872] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10873] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10872] <... futex resumed>) = 0 [pid 10872] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10873] <... ioctl resumed>) = 0 [pid 10873] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10872] <... futex resumed>) = 0 [pid 10872] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10873] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 304.563401][T10873] BTRFS info (device loop0): checking UUID tree [pid 10872] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10872] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10872] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 304.624006][T10873] BTRFS info (device loop0): balance: start -d -m [ 304.632796][T10873] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 304.654767][T10873] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10891]}, 88) = 10891 [pid 10872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10872] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10872] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10891 attached [pid 10891] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10891] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10891] open(".", O_RDONLY) = 5 [pid 10891] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10872] <... futex resumed>) = 0 [pid 10891] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10872] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10891] <... futex resumed>) = 0 [pid 10872] <... futex resumed>) = 1 [pid 10891] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 304.699107][T10873] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 10872] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10891] <... ioctl resumed>) = 0 [pid 10891] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10872] <... futex resumed>) = 0 [pid 10891] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10873] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10873] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10872] exit_group(0 [pid 10891] <... futex resumed>) = ? [pid 10873] <... futex resumed>) = ? [pid 10872] <... exit_group resumed>) = ? [pid 10891] +++ exited with 0 +++ [pid 10873] +++ exited with 0 +++ [pid 10872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10872, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 304.769153][T10873] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 304.788391][T10873] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./290/binderfs") = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10892 attached , child_tidptr=0x5555570ad690) = 10892 [pid 10892] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10892] chdir("./291") = 0 [pid 10892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10892] setpgid(0, 0) = 0 [pid 10892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10892] write(3, "1000", 4) = 4 [pid 10892] close(3) = 0 [pid 10892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10892] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10892] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10892] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10893 attached [pid 10893] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10892] <... clone3 resumed> => {parent_tid=[10893]}, 88) = 10893 [pid 10893] <... rseq resumed>) = 0 [pid 10892] rt_sigprocmask(SIG_SETMASK, [], [pid 10893] set_robust_list(0x7f0bd5e299a0, 24 [pid 10892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10893] <... set_robust_list resumed>) = 0 [pid 10892] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10892] <... futex resumed>) = 0 [pid 10893] memfd_create("syzkaller", 0 [pid 10892] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10893] <... memfd_create resumed>) = 3 [pid 10893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10893] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10893] close(3) = 0 [pid 10893] mkdir("./file0", 0777) = 0 [ 305.258832][T10893] loop0: detected capacity change from 0 to 32768 [ 305.275587][T10893] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10893) [ 305.290692][T10893] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 305.300333][T10893] BTRFS info (device loop0): force clearing of disk cache [ 305.307744][T10893] BTRFS info (device loop0): setting nodatasum [ 305.313972][T10893] BTRFS info (device loop0): allowing degraded mounts [ 305.320737][T10893] BTRFS info (device loop0): enabling disk space caching [ 305.327815][T10893] BTRFS info (device loop0): disk space caching is enabled [ 305.346371][T10893] BTRFS info (device loop0): enabling ssd optimizations [pid 10893] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10893] chdir("./file0") = 0 [pid 10893] ioctl(4, LOOP_CLR_FD) = 0 [pid 10893] close(4) = 0 [pid 10893] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10892] <... futex resumed>) = 0 [pid 10893] open("./file0", O_RDONLY [pid 10892] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10893] <... open resumed>) = 4 [pid 10892] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10893] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10892] <... futex resumed>) = 0 [pid 10893] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10892] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10893] <... ioctl resumed>) = 0 [pid 10892] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10893] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10892] <... futex resumed>) = 0 [pid 10893] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10892] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10892] <... futex resumed>) = 0 [pid 10893] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 305.353346][T10893] BTRFS info (device loop0): auto enabling async discard [ 305.361365][T10893] BTRFS info (device loop0): rebuilding free space tree [ 305.372459][T10893] BTRFS info (device loop0): disabling free space tree [ 305.379464][T10893] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 305.389182][T10893] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 305.401929][T10893] BTRFS info (device loop0): checking UUID tree [pid 10892] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10892] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10892] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10911 attached => {parent_tid=[10911]}, 88) = 10911 [pid 10911] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10892] rt_sigprocmask(SIG_SETMASK, [], [pid 10911] <... rseq resumed>) = 0 [pid 10892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10911] set_robust_list(0x7f0bd5e089a0, 24 [pid 10892] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10911] <... set_robust_list resumed>) = 0 [pid 10892] <... futex resumed>) = 0 [pid 10911] rt_sigprocmask(SIG_SETMASK, [], [pid 10892] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10911] open(".", O_RDONLY) = 5 [pid 10911] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10892] <... futex resumed>) = 0 [pid 10911] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10892] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10892] <... futex resumed>) = 0 [pid 10911] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 305.434777][T10893] BTRFS info (device loop0): balance: start -d -m [ 305.443460][T10893] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 305.467503][T10893] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10892] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10911] <... ioctl resumed>) = 0 [pid 10911] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10892] <... futex resumed>) = 0 [ 305.556786][T10893] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 305.582443][T10893] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10911] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10893] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10893] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10893] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10892] exit_group(0 [pid 10893] <... futex resumed>) = ? [pid 10892] <... exit_group resumed>) = ? [pid 10911] <... futex resumed>) = ? [pid 10893] +++ exited with 0 +++ [pid 10911] +++ exited with 0 +++ [pid 10892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10892, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- [ 305.600695][T10893] BTRFS info (device loop0): balance: ended with status: 0 umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./291/binderfs") = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10912 attached , child_tidptr=0x5555570ad690) = 10912 [pid 10912] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10912] chdir("./292") = 0 [pid 10912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10912] setpgid(0, 0) = 0 [pid 10912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10912] write(3, "1000", 4) = 4 [pid 10912] close(3) = 0 [pid 10912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10912] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10912] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10912] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10912] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10913 attached [pid 10913] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10912] <... clone3 resumed> => {parent_tid=[10913]}, 88) = 10913 [pid 10913] <... rseq resumed>) = 0 [pid 10912] rt_sigprocmask(SIG_SETMASK, [], [pid 10913] set_robust_list(0x7f0bd5e299a0, 24 [pid 10912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10913] <... set_robust_list resumed>) = 0 [pid 10912] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10912] <... futex resumed>) = 0 [pid 10912] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10913] memfd_create("syzkaller", 0) = 3 [pid 10913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10913] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10913] close(3) = 0 [pid 10913] mkdir("./file0", 0777) = 0 [ 306.169586][T10913] loop0: detected capacity change from 0 to 32768 [ 306.185876][T10913] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10913) [ 306.200882][T10913] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 306.210223][T10913] BTRFS info (device loop0): force clearing of disk cache [ 306.217417][T10913] BTRFS info (device loop0): setting nodatasum [ 306.223587][T10913] BTRFS info (device loop0): allowing degraded mounts [ 306.230409][T10913] BTRFS info (device loop0): enabling disk space caching [ 306.237492][T10913] BTRFS info (device loop0): disk space caching is enabled [ 306.256742][T10913] BTRFS info (device loop0): enabling ssd optimizations [pid 10913] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10913] chdir("./file0") = 0 [pid 10913] ioctl(4, LOOP_CLR_FD) = 0 [ 306.263716][T10913] BTRFS info (device loop0): auto enabling async discard [ 306.271764][T10913] BTRFS info (device loop0): rebuilding free space tree [ 306.282475][T10913] BTRFS info (device loop0): disabling free space tree [ 306.289466][T10913] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 306.299148][T10913] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 306.311736][T10913] BTRFS info (device loop0): checking UUID tree [pid 10913] close(4) = 0 [pid 10913] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10913] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10912] <... futex resumed>) = 0 [pid 10912] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10913] <... futex resumed>) = 0 [pid 10912] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10913] open("./file0", O_RDONLY) = 4 [pid 10913] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10912] <... futex resumed>) = 0 [pid 10912] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10913] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10912] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10913] <... ioctl resumed>) = 0 [pid 10913] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10912] <... futex resumed>) = 0 [pid 10913] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10912] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10912] <... futex resumed>) = 0 [pid 10913] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10912] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10912] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10912] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10931 attached [pid 10931] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10912] <... clone3 resumed> => {parent_tid=[10931]}, 88) = 10931 [pid 10931] <... rseq resumed>) = 0 [pid 10912] rt_sigprocmask(SIG_SETMASK, [], [pid 10931] set_robust_list(0x7f0bd5e089a0, 24 [pid 10912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10931] <... set_robust_list resumed>) = 0 [pid 10931] rt_sigprocmask(SIG_SETMASK, [], [pid 10912] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10912] <... futex resumed>) = 0 [pid 10931] open(".", O_RDONLY [pid 10912] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10931] <... open resumed>) = 5 [pid 10931] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10912] <... futex resumed>) = 0 [pid 10931] <... futex resumed>) = 1 [pid 10912] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10931] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10912] <... futex resumed>) = 0 [ 306.401356][T10913] BTRFS info (device loop0): balance: start -d -m [ 306.412964][T10913] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 306.440354][T10913] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10912] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10931] <... ioctl resumed>) = 0 [pid 10931] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10912] <... futex resumed>) = 0 [pid 10931] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10913] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10913] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10913] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10912] exit_group(0 [pid 10931] <... futex resumed>) = ? [pid 10931] +++ exited with 0 +++ [pid 10913] <... futex resumed>) = ? [pid 10912] <... exit_group resumed>) = ? [pid 10913] +++ exited with 0 +++ [pid 10912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10912, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- [ 306.502553][T10913] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 306.522772][T10913] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 306.540286][T10913] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./292", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./292/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./292/binderfs") = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10932 attached , child_tidptr=0x5555570ad690) = 10932 [pid 10932] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10932] chdir("./293") = 0 [pid 10932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10932] setpgid(0, 0) = 0 [pid 10932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10932] write(3, "1000", 4) = 4 [pid 10932] close(3) = 0 [pid 10932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10932] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10932] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10932] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10932] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10933 attached [pid 10933] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10932] <... clone3 resumed> => {parent_tid=[10933]}, 88) = 10933 [pid 10933] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10932] rt_sigprocmask(SIG_SETMASK, [], [pid 10933] rt_sigprocmask(SIG_SETMASK, [], [pid 10932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10932] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10933] memfd_create("syzkaller", 0 [pid 10932] <... futex resumed>) = 0 [pid 10932] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10933] <... memfd_create resumed>) = 3 [pid 10933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10933] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10933] close(3) = 0 [pid 10933] mkdir("./file0", 0777) = 0 [ 307.167648][T10933] loop0: detected capacity change from 0 to 32768 [ 307.181437][T10933] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10933) [ 307.197381][T10933] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 307.206719][T10933] BTRFS info (device loop0): force clearing of disk cache [ 307.213910][T10933] BTRFS info (device loop0): setting nodatasum [ 307.220092][T10933] BTRFS info (device loop0): allowing degraded mounts [ 307.226930][T10933] BTRFS info (device loop0): enabling disk space caching [ 307.234054][T10933] BTRFS info (device loop0): disk space caching is enabled [ 307.253724][T10933] BTRFS info (device loop0): enabling ssd optimizations [ 307.260785][T10933] BTRFS info (device loop0): auto enabling async discard [pid 10933] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10933] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10933] chdir("./file0") = 0 [pid 10933] ioctl(4, LOOP_CLR_FD) = 0 [pid 10933] close(4) = 0 [ 307.268832][T10933] BTRFS info (device loop0): rebuilding free space tree [ 307.279945][T10933] BTRFS info (device loop0): disabling free space tree [ 307.286925][T10933] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 307.296640][T10933] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 307.309511][T10933] BTRFS info (device loop0): checking UUID tree [pid 10933] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10932] <... futex resumed>) = 0 [pid 10932] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10933] open("./file0", O_RDONLY [pid 10932] <... futex resumed>) = 0 [pid 10933] <... open resumed>) = 4 [pid 10933] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10933] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10932] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 10932] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10932] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10933] <... futex resumed>) = 0 [pid 10933] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10933] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10932] <... futex resumed>) = 0 [pid 10932] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10933] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10932] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10932] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10932] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[10951]}, 88) = 10951 ./strace-static-x86_64: Process 10951 attached [pid 10932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10932] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10932] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10951] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10951] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10951] open(".", O_RDONLY) = 5 [pid 10951] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10951] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10932] <... futex resumed>) = 0 [pid 10932] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10951] <... futex resumed>) = 0 [pid 10932] <... futex resumed>) = 1 [pid 10951] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 307.411102][T10933] BTRFS info (device loop0): balance: start -d -m [ 307.421228][T10933] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 307.442351][T10933] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10932] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10951] <... ioctl resumed>) = 0 [pid 10951] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10932] <... futex resumed>) = 0 [ 307.486945][T10933] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 307.522506][T10933] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 10951] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10933] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10933] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10932] exit_group(0 [pid 10933] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 10932] <... exit_group resumed>) = ? [pid 10951] <... futex resumed>) = ? [pid 10933] +++ exited with 0 +++ [pid 10951] +++ exited with 0 +++ [pid 10932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10932, si_uid=0, si_status=0, si_utime=0, si_stime=37 /* 0.37 s */} --- umount2("./293", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 307.541300][T10933] BTRFS info (device loop0): balance: ended with status: 0 umount2("./293/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./293/binderfs") = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10952 attached , child_tidptr=0x5555570ad690) = 10952 [pid 10952] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10952] chdir("./294") = 0 [pid 10952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10952] setpgid(0, 0) = 0 [pid 10952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10952] write(3, "1000", 4) = 4 [pid 10952] close(3) = 0 [pid 10952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10952] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10952] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10952] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10952] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10953 attached [pid 10953] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10952] <... clone3 resumed> => {parent_tid=[10953]}, 88) = 10953 [pid 10953] <... rseq resumed>) = 0 [pid 10953] set_robust_list(0x7f0bd5e299a0, 24 [pid 10952] rt_sigprocmask(SIG_SETMASK, [], [pid 10953] <... set_robust_list resumed>) = 0 [pid 10952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10953] rt_sigprocmask(SIG_SETMASK, [], [pid 10952] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10952] <... futex resumed>) = 0 [pid 10953] memfd_create("syzkaller", 0 [pid 10952] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10953] <... memfd_create resumed>) = 3 [pid 10953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10953] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10953] close(3) = 0 [pid 10953] mkdir("./file0", 0777) = 0 [ 308.043290][T10953] loop0: detected capacity change from 0 to 32768 [ 308.052719][T10953] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10953) [ 308.069592][T10953] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 308.078902][T10953] BTRFS info (device loop0): force clearing of disk cache [ 308.086062][T10953] BTRFS info (device loop0): setting nodatasum [pid 10953] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10953] chdir("./file0") = 0 [pid 10953] ioctl(4, LOOP_CLR_FD) = 0 [pid 10953] close(4) = 0 [ 308.092250][T10953] BTRFS info (device loop0): allowing degraded mounts [ 308.099056][T10953] BTRFS info (device loop0): enabling disk space caching [pid 10953] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10952] <... futex resumed>) = 0 [pid 10952] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10953] open("./file0", O_RDONLY [pid 10952] <... futex resumed>) = 0 [pid 10952] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10953] <... open resumed>) = 4 [pid 10953] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10952] <... futex resumed>) = 0 [pid 10953] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10952] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10952] <... futex resumed>) = 0 [pid 10953] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10952] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10953] <... ioctl resumed>) = 0 [pid 10953] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10952] <... futex resumed>) = 0 [pid 10953] <... futex resumed>) = 1 [pid 10952] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10953] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10952] <... futex resumed>) = 0 [pid 10952] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10952] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10952] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10971 attached [pid 10971] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10952] <... clone3 resumed> => {parent_tid=[10971]}, 88) = 10971 [pid 10971] <... rseq resumed>) = 0 [pid 10952] rt_sigprocmask(SIG_SETMASK, [], [pid 10971] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 10952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10971] rt_sigprocmask(SIG_SETMASK, [], [pid 10952] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10971] open(".", O_RDONLY) = 5 [pid 10952] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10971] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10952] <... futex resumed>) = 0 [pid 10952] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10952] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10971] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 10971] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10952] <... futex resumed>) = 0 [pid 10971] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10953] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10953] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10953] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10952] exit_group(0 [pid 10971] <... futex resumed>) = ? [pid 10953] <... futex resumed>) = ? [pid 10971] +++ exited with 0 +++ [pid 10953] +++ exited with 0 +++ [pid 10952] <... exit_group resumed>) = ? [pid 10952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10952, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./294", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./294/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./294/binderfs") = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10972 attached [pid 10972] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10972] chdir("./295") = 0 [pid 10972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10972 [pid 10972] setpgid(0, 0) = 0 [pid 10972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10972] write(3, "1000", 4) = 4 [pid 10972] close(3) = 0 [pid 10972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10972] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10972] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10972] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10973 attached => {parent_tid=[10973]}, 88) = 10973 [pid 10973] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 10972] rt_sigprocmask(SIG_SETMASK, [], [pid 10973] set_robust_list(0x7f0bd5e299a0, 24 [pid 10972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10973] <... set_robust_list resumed>) = 0 [pid 10972] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10973] rt_sigprocmask(SIG_SETMASK, [], [pid 10972] <... futex resumed>) = 0 [pid 10973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10972] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10973] memfd_create("syzkaller", 0) = 3 [pid 10973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10973] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10973] close(3) = 0 [pid 10973] mkdir("./file0", 0777) = 0 [ 308.867905][T10973] loop0: detected capacity change from 0 to 32768 [ 308.881521][T10973] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10973) [ 308.897699][T10973] _btrfs_printk: 14 callbacks suppressed [ 308.897714][T10973] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 308.912950][T10973] BTRFS info (device loop0): force clearing of disk cache [ 308.920161][T10973] BTRFS info (device loop0): setting nodatasum [ 308.926361][T10973] BTRFS info (device loop0): allowing degraded mounts [ 308.933118][T10973] BTRFS info (device loop0): enabling disk space caching [ 308.940197][T10973] BTRFS info (device loop0): disk space caching is enabled [ 308.958949][T10973] BTRFS info (device loop0): enabling ssd optimizations [ 308.966124][T10973] BTRFS info (device loop0): auto enabling async discard [ 308.973772][T10973] BTRFS info (device loop0): rebuilding free space tree [ 308.986213][T10973] BTRFS info (device loop0): disabling free space tree [ 308.993428][T10973] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 309.003501][T10973] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 10973] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10973] chdir("./file0") = 0 [pid 10973] ioctl(4, LOOP_CLR_FD) = 0 [pid 10973] close(4) = 0 [pid 10973] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10972] <... futex resumed>) = 0 [pid 10973] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 10972] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10973] open("./file0", O_RDONLY [pid 10972] <... futex resumed>) = 0 [pid 10973] <... open resumed>) = 4 [ 309.016622][T10973] BTRFS info (device loop0): checking UUID tree [pid 10972] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10973] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10972] <... futex resumed>) = 0 [pid 10973] <... futex resumed>) = 1 [pid 10972] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10973] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 10972] <... futex resumed>) = 0 [pid 10973] <... ioctl resumed>) = 0 [pid 10972] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10973] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10972] <... futex resumed>) = 0 [pid 10972] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10973] <... futex resumed>) = 1 [pid 10972] <... futex resumed>) = 0 [pid 10973] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10972] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 10972] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10972] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 10991 attached => {parent_tid=[10991]}, 88) = 10991 [pid 10972] rt_sigprocmask(SIG_SETMASK, [], [pid 10991] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 10972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10991] <... rseq resumed>) = 0 [pid 10972] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10991] set_robust_list(0x7f0bd5e089a0, 24 [pid 10972] <... futex resumed>) = 0 [pid 10991] <... set_robust_list resumed>) = 0 [pid 10972] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10991] open(".", O_RDONLY) = 5 [pid 10991] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10972] <... futex resumed>) = 0 [pid 10972] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10972] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 309.066690][T10973] BTRFS info (device loop0): balance: start -d -m [ 309.075578][T10973] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 309.099707][T10973] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10991] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 10991] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10972] <... futex resumed>) = 0 [pid 10991] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10973] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10973] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10973] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10972] exit_group(0 [pid 10991] <... futex resumed>) = ? [pid 10973] <... futex resumed>) = ? [pid 10972] <... exit_group resumed>) = ? [pid 10991] +++ exited with 0 +++ [pid 10973] +++ exited with 0 +++ [pid 10972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10972, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./295", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 309.183255][T10973] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 309.203953][T10973] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 309.221718][T10973] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./295/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./295/binderfs") = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10992 attached [pid 10992] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 10992] chdir("./296") = 0 [pid 10992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 10992 [pid 10992] setpgid(0, 0) = 0 [pid 10992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10992] write(3, "1000", 4) = 4 [pid 10992] close(3) = 0 [pid 10992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10992] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10992] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 10992] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 10992] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 10993 attached [pid 10993] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 10992] <... clone3 resumed> => {parent_tid=[10993]}, 88) = 10993 [pid 10993] <... rseq resumed>) = 0 [pid 10993] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 10993] rt_sigprocmask(SIG_SETMASK, [], [pid 10992] rt_sigprocmask(SIG_SETMASK, [], [pid 10993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10993] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10992] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10993] <... futex resumed>) = 0 [pid 10992] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10993] memfd_create("syzkaller", 0) = 3 [pid 10993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 10993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 10993] munmap(0x7f0bcda09000, 138412032) = 0 [pid 10993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10993] close(3) = 0 [pid 10993] mkdir("./file0", 0777) = 0 [ 309.731909][T10993] loop0: detected capacity change from 0 to 32768 [ 309.741730][T10993] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (10993) [ 309.757411][T10993] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 309.766903][T10993] BTRFS info (device loop0): force clearing of disk cache [ 309.774098][T10993] BTRFS info (device loop0): setting nodatasum [ 309.780456][T10993] BTRFS info (device loop0): allowing degraded mounts [ 309.787577][T10993] BTRFS info (device loop0): enabling disk space caching [ 309.794715][T10993] BTRFS info (device loop0): disk space caching is enabled [ 309.813265][T10993] BTRFS info (device loop0): enabling ssd optimizations [ 309.820563][T10993] BTRFS info (device loop0): auto enabling async discard [pid 10993] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 10993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10993] chdir("./file0") = 0 [pid 10993] ioctl(4, LOOP_CLR_FD) = 0 [pid 10993] close(4) = 0 [pid 10993] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10992] <... futex resumed>) = 0 [pid 10993] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10992] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10993] <... futex resumed>) = 0 [pid 10992] <... futex resumed>) = 1 [ 309.828792][T10993] BTRFS info (device loop0): rebuilding free space tree [ 309.839902][T10993] BTRFS info (device loop0): disabling free space tree [ 309.846937][T10993] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 309.856675][T10993] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 309.869503][T10993] BTRFS info (device loop0): checking UUID tree [pid 10993] open("./file0", O_RDONLY [pid 10992] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10993] <... open resumed>) = 4 [pid 10993] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10992] <... futex resumed>) = 0 [pid 10992] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10993] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 10992] <... futex resumed>) = 0 [pid 10993] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10992] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10993] <... futex resumed>) = 0 [pid 10992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10993] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10992] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10992] <... futex resumed>) = 0 [pid 10992] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10993] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 10992] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10992] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 10992] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 309.936845][T10993] BTRFS info (device loop0): balance: start -d -m [ 309.945104][T10993] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 309.966896][T10993] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 10992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[11011]}, 88) = 11011 ./strace-static-x86_64: Process 11011 attached [pid 10992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10992] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11011] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 10992] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11011] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 11011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11011] open(".", O_RDONLY) = 5 [pid 11011] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10992] <... futex resumed>) = 0 [pid 11011] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10992] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11011] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 10992] <... futex resumed>) = 0 [ 310.019232][T10993] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 10992] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11011] <... ioctl resumed>) = 0 [pid 11011] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10992] <... futex resumed>) = 0 [pid 11011] <... futex resumed>) = 1 [pid 11011] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10993] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 10993] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10992] exit_group(0 [pid 11011] <... futex resumed>) = ? [pid 10993] <... futex resumed>) = ? [pid 10992] <... exit_group resumed>) = ? [pid 11011] +++ exited with 0 +++ [pid 10993] +++ exited with 0 +++ [pid 10992] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10992, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 310.060509][T10993] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 310.077445][T10993] BTRFS info (device loop0): balance: ended with status: 0 umount2("./296", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./296/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./296/binderfs") = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./296/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11012 attached [pid 11012] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 11012] chdir("./297") = 0 [pid 11012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11012] setpgid(0, 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 11012 [pid 11012] <... setpgid resumed>) = 0 [pid 11012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11012] write(3, "1000", 4) = 4 [pid 11012] close(3) = 0 [pid 11012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11012] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11012] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 11012] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 11012] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 11013 attached [pid 11013] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 11012] <... clone3 resumed> => {parent_tid=[11013]}, 88) = 11013 [pid 11013] <... rseq resumed>) = 0 [pid 11012] rt_sigprocmask(SIG_SETMASK, [], [pid 11013] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 11012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11013] rt_sigprocmask(SIG_SETMASK, [], [pid 11012] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11012] <... futex resumed>) = 0 [pid 11012] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11013] memfd_create("syzkaller", 0) = 3 [pid 11013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 11013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 11013] munmap(0x7f0bcda09000, 138412032) = 0 [pid 11013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11013] close(3) = 0 [pid 11013] mkdir("./file0", 0777) = 0 [ 310.543437][T11013] loop0: detected capacity change from 0 to 32768 [ 310.553153][T11013] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (11013) [ 310.568779][T11013] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 310.578087][T11013] BTRFS info (device loop0): force clearing of disk cache [ 310.585296][T11013] BTRFS info (device loop0): setting nodatasum [ 310.591457][T11013] BTRFS info (device loop0): allowing degraded mounts [ 310.598268][T11013] BTRFS info (device loop0): enabling disk space caching [ 310.605369][T11013] BTRFS info (device loop0): disk space caching is enabled [ 310.624218][T11013] BTRFS info (device loop0): enabling ssd optimizations [ 310.631198][T11013] BTRFS info (device loop0): auto enabling async discard [pid 11013] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 11013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11013] chdir("./file0") = 0 [pid 11013] ioctl(4, LOOP_CLR_FD) = 0 [pid 11013] close(4) = 0 [pid 11013] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11012] <... futex resumed>) = 0 [pid 11013] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11012] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11012] <... futex resumed>) = 0 [pid 11013] open("./file0", O_RDONLY [pid 11012] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11013] <... open resumed>) = 4 [ 310.639627][T11013] BTRFS info (device loop0): rebuilding free space tree [ 310.650861][T11013] BTRFS info (device loop0): disabling free space tree [ 310.657845][T11013] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 310.667511][T11013] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 310.680071][T11013] BTRFS info (device loop0): checking UUID tree [pid 11013] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11012] <... futex resumed>) = 0 [pid 11012] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11013] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 11012] <... futex resumed>) = 0 [pid 11012] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11013] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11013] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11012] <... futex resumed>) = 0 [pid 11012] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11012] <... futex resumed>) = 0 [pid 11013] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 11012] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 11012] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 11012] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 310.770341][T11013] BTRFS info (device loop0): balance: start -d -m [ 310.778505][T11013] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 310.802358][T11013] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 11012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 11031 attached [pid 11031] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 11012] <... clone3 resumed> => {parent_tid=[11031]}, 88) = 11031 [pid 11031] set_robust_list(0x7f0bd5e089a0, 24 [pid 11012] rt_sigprocmask(SIG_SETMASK, [], [pid 11031] <... set_robust_list resumed>) = 0 [pid 11012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11031] rt_sigprocmask(SIG_SETMASK, [], [pid 11012] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11031] open(".", O_RDONLY) = 5 [pid 11012] <... futex resumed>) = 0 [pid 11012] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11031] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11012] <... futex resumed>) = 0 [pid 11012] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11012] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11031] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 11031] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11012] <... futex resumed>) = 0 [ 310.837228][T11013] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 310.857930][T11013] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 11031] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11013] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 11013] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11013] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11012] exit_group(0 [pid 11031] <... futex resumed>) = ? [pid 11013] <... futex resumed>) = ? [pid 11012] <... exit_group resumed>) = ? [pid 11031] +++ exited with 0 +++ [pid 11013] +++ exited with 0 +++ [pid 11012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11012, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./297", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./297/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./297/binderfs") = 0 [ 310.892419][T11013] BTRFS info (device loop0): balance: ended with status: 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11032 attached , child_tidptr=0x5555570ad690) = 11032 [pid 11032] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 11032] chdir("./298") = 0 [pid 11032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11032] setpgid(0, 0) = 0 [pid 11032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11032] write(3, "1000", 4) = 4 [pid 11032] close(3) = 0 [pid 11032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11032] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11032] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 11032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 11032] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 11033 attached => {parent_tid=[11033]}, 88) = 11033 [pid 11033] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 11033] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 11033] rt_sigprocmask(SIG_SETMASK, [], [pid 11032] rt_sigprocmask(SIG_SETMASK, [], [pid 11033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11033] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11032] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11032] <... futex resumed>) = 0 [pid 11033] memfd_create("syzkaller", 0 [pid 11032] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11033] <... memfd_create resumed>) = 3 [pid 11033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 11033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 11033] munmap(0x7f0bcda09000, 138412032) = 0 [pid 11033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11033] close(3) = 0 [pid 11033] mkdir("./file0", 0777) = 0 [ 311.381052][T11033] loop0: detected capacity change from 0 to 32768 [ 311.395213][T11033] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (11033) [ 311.411751][T11033] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 311.421116][T11033] BTRFS info (device loop0): force clearing of disk cache [ 311.428292][T11033] BTRFS info (device loop0): setting nodatasum [ 311.434491][T11033] BTRFS info (device loop0): allowing degraded mounts [ 311.441239][T11033] BTRFS info (device loop0): enabling disk space caching [ 311.448315][T11033] BTRFS info (device loop0): disk space caching is enabled [ 311.467295][T11033] BTRFS info (device loop0): enabling ssd optimizations [ 311.474311][T11033] BTRFS info (device loop0): auto enabling async discard [pid 11033] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 11033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11033] chdir("./file0") = 0 [pid 11033] ioctl(4, LOOP_CLR_FD) = 0 [ 311.482152][T11033] BTRFS info (device loop0): rebuilding free space tree [ 311.493219][T11033] BTRFS info (device loop0): disabling free space tree [ 311.500210][T11033] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 311.509909][T11033] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 311.522475][T11033] BTRFS info (device loop0): checking UUID tree [pid 11033] close(4) = 0 [pid 11033] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11032] <... futex resumed>) = 0 [pid 11033] <... futex resumed>) = 1 [pid 11032] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11033] open("./file0", O_RDONLY [pid 11032] <... futex resumed>) = 0 [pid 11032] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11033] <... open resumed>) = 4 [pid 11033] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11032] <... futex resumed>) = 0 [pid 11032] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11033] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 11032] <... futex resumed>) = 0 [pid 11033] <... ioctl resumed>) = 0 [pid 11032] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11033] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11032] <... futex resumed>) = 0 [pid 11032] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11032] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11033] <... futex resumed>) = 1 [pid 11033] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 11032] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 11032] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 11032] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 311.593068][T11033] BTRFS info (device loop0): balance: start -d -m [ 311.601876][T11033] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 311.627302][T11033] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 11032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[11051]}, 88) = 11051 [pid 11032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11032] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11032] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11051 attached [pid 11051] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 11051] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 11051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11051] open(".", O_RDONLY) = 5 [pid 11051] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11032] <... futex resumed>) = 0 [pid 11051] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11032] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11051] <... futex resumed>) = 0 [pid 11032] <... futex resumed>) = 1 [pid 11051] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 311.673409][T11033] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 11032] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11051] <... ioctl resumed>) = 0 [pid 11051] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11032] <... futex resumed>) = 0 [pid 11051] <... futex resumed>) = 1 [pid 11051] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11033] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 11033] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11032] exit_group(0 [pid 11051] <... futex resumed>) = ? [pid 11032] <... exit_group resumed>) = ? [pid 11051] +++ exited with 0 +++ [pid 11033] <... futex resumed>) = ? [pid 11033] +++ exited with 0 +++ [pid 11032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11032, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- umount2("./298", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./298/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 311.723252][T11033] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 311.740418][T11033] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./298/binderfs") = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11052 attached , child_tidptr=0x5555570ad690) = 11052 [pid 11052] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 11052] chdir("./299") = 0 [pid 11052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11052] setpgid(0, 0) = 0 [pid 11052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11052] write(3, "1000", 4) = 4 [pid 11052] close(3) = 0 [pid 11052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11052] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11052] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 11052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 11052] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 11053 attached [pid 11053] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 11052] <... clone3 resumed> => {parent_tid=[11053]}, 88) = 11053 [pid 11053] set_robust_list(0x7f0bd5e299a0, 24 [pid 11052] rt_sigprocmask(SIG_SETMASK, [], [pid 11053] <... set_robust_list resumed>) = 0 [pid 11053] rt_sigprocmask(SIG_SETMASK, [], [pid 11052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11052] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11053] memfd_create("syzkaller", 0 [pid 11052] <... futex resumed>) = 0 [pid 11052] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11053] <... memfd_create resumed>) = 3 [pid 11053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 11053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 11053] munmap(0x7f0bcda09000, 138412032) = 0 [pid 11053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11053] close(3) = 0 [pid 11053] mkdir("./file0", 0777) = 0 [ 312.209801][T11053] loop0: detected capacity change from 0 to 32768 [ 312.225059][T11053] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (11053) [ 312.240686][T11053] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 312.250016][T11053] BTRFS info (device loop0): force clearing of disk cache [ 312.257195][T11053] BTRFS info (device loop0): setting nodatasum [ 312.263381][T11053] BTRFS info (device loop0): allowing degraded mounts [ 312.270244][T11053] BTRFS info (device loop0): enabling disk space caching [ 312.277310][T11053] BTRFS info (device loop0): disk space caching is enabled [ 312.296850][T11053] BTRFS info (device loop0): enabling ssd optimizations [pid 11053] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 11053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11053] chdir("./file0") = 0 [pid 11053] ioctl(4, LOOP_CLR_FD) = 0 [pid 11053] close(4) = 0 [pid 11053] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11052] <... futex resumed>) = 0 [pid 11053] open("./file0", O_RDONLY [pid 11052] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11053] <... open resumed>) = 4 [pid 11052] <... futex resumed>) = 0 [pid 11052] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11053] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11052] <... futex resumed>) = 0 [pid 11053] <... futex resumed>) = 1 [pid 11052] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11053] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 11052] <... futex resumed>) = 0 [ 312.303947][T11053] BTRFS info (device loop0): auto enabling async discard [ 312.311824][T11053] BTRFS info (device loop0): rebuilding free space tree [ 312.323003][T11053] BTRFS info (device loop0): disabling free space tree [ 312.330082][T11053] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 312.339827][T11053] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 312.352525][T11053] BTRFS info (device loop0): checking UUID tree [pid 11052] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11053] <... ioctl resumed>) = 0 [pid 11053] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11052] <... futex resumed>) = 0 [pid 11053] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11052] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11053] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 11052] <... futex resumed>) = 0 [pid 11052] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 11052] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 11052] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[11071]}, 88) = 11071 ./strace-static-x86_64: Process 11071 attached [pid 11052] rt_sigprocmask(SIG_SETMASK, [], [pid 11071] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 11052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11052] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11052] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11071] <... rseq resumed>) = 0 [pid 11071] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 11071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11071] open(".", O_RDONLY) = 5 [pid 11071] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11052] <... futex resumed>) = 0 [pid 11071] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11052] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11052] <... futex resumed>) = 0 [pid 11071] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 312.424582][T11053] BTRFS info (device loop0): balance: start -d -m [ 312.434685][T11053] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 312.459142][T11053] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 11052] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11071] <... ioctl resumed>) = 0 [pid 11071] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11052] <... futex resumed>) = 0 [pid 11071] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11053] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 11053] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11053] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11052] exit_group(0 [pid 11071] <... futex resumed>) = ? [pid 11053] <... futex resumed>) = ? [pid 11052] <... exit_group resumed>) = ? [pid 11071] +++ exited with 0 +++ [pid 11053] +++ exited with 0 +++ [pid 11052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11052, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./299", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 312.515601][T11053] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 312.537248][T11053] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 312.554716][T11053] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./299/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./299/binderfs") = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11072 attached , child_tidptr=0x5555570ad690) = 11072 [pid 11072] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 11072] chdir("./300") = 0 [pid 11072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11072] setpgid(0, 0) = 0 [pid 11072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11072] write(3, "1000", 4) = 4 [pid 11072] close(3) = 0 [pid 11072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11072] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11072] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 11072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 11072] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 11073 attached [pid 11073] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 11072] <... clone3 resumed> => {parent_tid=[11073]}, 88) = 11073 [pid 11073] set_robust_list(0x7f0bd5e299a0, 24 [pid 11072] rt_sigprocmask(SIG_SETMASK, [], [pid 11073] <... set_robust_list resumed>) = 0 [pid 11072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11072] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11073] memfd_create("syzkaller", 0 [pid 11072] <... futex resumed>) = 0 [pid 11073] <... memfd_create resumed>) = 3 [pid 11072] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 11073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 11073] munmap(0x7f0bcda09000, 138412032) = 0 [pid 11073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11073] close(3) = 0 [pid 11073] mkdir("./file0", 0777) = 0 [ 312.997919][T11073] loop0: detected capacity change from 0 to 32768 [ 313.012061][T11073] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (11073) [ 313.027781][T11073] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 313.037089][T11073] BTRFS info (device loop0): force clearing of disk cache [pid 11073] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 11073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11073] chdir("./file0") = 0 [ 313.044254][T11073] BTRFS info (device loop0): setting nodatasum [ 313.050424][T11073] BTRFS info (device loop0): allowing degraded mounts [ 313.057257][T11073] BTRFS info (device loop0): enabling disk space caching [pid 11073] ioctl(4, LOOP_CLR_FD) = 0 [pid 11073] close(4) = 0 [pid 11073] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11072] <... futex resumed>) = 0 [pid 11073] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 11072] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11073] open("./file0", O_RDONLY [pid 11072] <... futex resumed>) = 0 [pid 11073] <... open resumed>) = 4 [pid 11072] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11073] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11073] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 11072] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11073] <... ioctl resumed>) = 0 [pid 11073] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11072] <... futex resumed>) = 0 [pid 11073] <... futex resumed>) = 0 [pid 11072] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11073] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11072] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11073] <... futex resumed>) = 0 [pid 11073] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 11072] <... futex resumed>) = 1 [pid 11072] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 11072] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 11072] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 11091 attached => {parent_tid=[11091]}, 88) = 11091 [pid 11091] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 11072] rt_sigprocmask(SIG_SETMASK, [], [pid 11091] <... rseq resumed>) = 0 [pid 11072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11091] set_robust_list(0x7f0bd5e089a0, 24 [pid 11072] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11091] <... set_robust_list resumed>) = 0 [pid 11072] <... futex resumed>) = 0 [pid 11091] rt_sigprocmask(SIG_SETMASK, [], [pid 11072] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11091] open(".", O_RDONLY) = 5 [pid 11091] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11072] <... futex resumed>) = 0 [pid 11091] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 11072] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11072] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11091] <... ioctl resumed>) = 0 [pid 11091] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11072] <... futex resumed>) = 0 [pid 11091] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11073] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 11073] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11073] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11072] exit_group(0 [pid 11091] <... futex resumed>) = ? [pid 11073] <... futex resumed>) = ? [pid 11072] <... exit_group resumed>) = ? [pid 11091] +++ exited with 0 +++ [pid 11073] +++ exited with 0 +++ [pid 11072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11072, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- umount2("./300", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./300/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./300/binderfs") = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11092 attached , child_tidptr=0x5555570ad690) = 11092 [pid 11092] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 11092] chdir("./301") = 0 [pid 11092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11092] setpgid(0, 0) = 0 [pid 11092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11092] write(3, "1000", 4) = 4 [pid 11092] close(3) = 0 [pid 11092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11092] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11092] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 11092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 11092] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 11093 attached [pid 11093] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 11092] <... clone3 resumed> => {parent_tid=[11093]}, 88) = 11093 [pid 11093] <... rseq resumed>) = 0 [pid 11092] rt_sigprocmask(SIG_SETMASK, [], [pid 11093] set_robust_list(0x7f0bd5e299a0, 24 [pid 11092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11093] <... set_robust_list resumed>) = 0 [pid 11092] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11092] <... futex resumed>) = 0 [pid 11093] memfd_create("syzkaller", 0 [pid 11092] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11093] <... memfd_create resumed>) = 3 [pid 11093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 11093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 11093] munmap(0x7f0bcda09000, 138412032) = 0 [pid 11093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11093] close(3) = 0 [pid 11093] mkdir("./file0", 0777) = 0 [pid 11093] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 11093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 313.808795][T11093] loop0: detected capacity change from 0 to 32768 [ 313.818389][T11093] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (11093) [pid 11093] chdir("./file0") = 0 [pid 11093] ioctl(4, LOOP_CLR_FD) = 0 [pid 11093] close(4) = 0 [pid 11093] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11092] <... futex resumed>) = 0 [pid 11093] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11092] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11092] <... futex resumed>) = 0 [pid 11093] open("./file0", O_RDONLY [pid 11092] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11093] <... open resumed>) = 4 [pid 11093] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11092] <... futex resumed>) = 0 [pid 11093] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11092] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11092] <... futex resumed>) = 0 [pid 11093] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 11092] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11093] <... ioctl resumed>) = 0 [pid 11093] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11092] <... futex resumed>) = 0 [pid 11092] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11093] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 11092] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 11092] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 11092] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[11111]}, 88) = 11111 [pid 11092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11092] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11092] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11111 attached [pid 11111] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 11111] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 11111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11111] open(".", O_RDONLY) = 5 [pid 11111] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11092] <... futex resumed>) = 0 [ 313.930329][T11093] _btrfs_printk: 27 callbacks suppressed [ 313.930345][T11093] BTRFS info (device loop0): balance: start -d -m [ 313.944084][T11093] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 313.968470][T11093] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 11111] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11092] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11111] <... futex resumed>) = 0 [pid 11111] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 11092] <... futex resumed>) = 1 [pid 11092] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11111] <... ioctl resumed>) = 0 [pid 11111] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11092] <... futex resumed>) = 0 [ 314.016809][T11093] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 314.051073][T11093] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 11111] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11093] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 11093] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11093] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11092] exit_group(0 [pid 11111] <... futex resumed>) = ? [pid 11093] <... futex resumed>) = ? [pid 11092] <... exit_group resumed>) = ? [pid 11111] +++ exited with 0 +++ [pid 11093] +++ exited with 0 +++ [pid 11092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11092, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- umount2("./301", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./301/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./301/binderfs") = 0 [ 314.069870][T11093] BTRFS info (device loop0): balance: ended with status: 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./301/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11112 attached [pid 11112] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 11112] chdir("./302" [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 11112 [pid 11112] <... chdir resumed>) = 0 [pid 11112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11112] setpgid(0, 0) = 0 [pid 11112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11112] write(3, "1000", 4) = 4 [pid 11112] close(3) = 0 [pid 11112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11112] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11112] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 11112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 11112] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 11113 attached [pid 11113] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 11112] <... clone3 resumed> => {parent_tid=[11113]}, 88) = 11113 [pid 11113] <... rseq resumed>) = 0 [pid 11112] rt_sigprocmask(SIG_SETMASK, [], [pid 11113] set_robust_list(0x7f0bd5e299a0, 24 [pid 11112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11113] <... set_robust_list resumed>) = 0 [pid 11112] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] rt_sigprocmask(SIG_SETMASK, [], [pid 11112] <... futex resumed>) = 0 [pid 11113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11112] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11113] memfd_create("syzkaller", 0) = 3 [pid 11113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 11113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 11113] munmap(0x7f0bcda09000, 138412032) = 0 [pid 11113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11113] close(3) = 0 [pid 11113] mkdir("./file0", 0777) = 0 [ 314.555301][T11113] loop0: detected capacity change from 0 to 32768 [ 314.585290][T11113] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (11113) [ 314.600206][T11113] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 314.609536][T11113] BTRFS info (device loop0): force clearing of disk cache [ 314.616706][T11113] BTRFS info (device loop0): setting nodatasum [ 314.622883][T11113] BTRFS info (device loop0): allowing degraded mounts [ 314.629749][T11113] BTRFS info (device loop0): enabling disk space caching [ 314.636874][T11113] BTRFS info (device loop0): disk space caching is enabled [ 314.657756][T11113] BTRFS info (device loop0): enabling ssd optimizations [ 314.664799][T11113] BTRFS info (device loop0): auto enabling async discard [ 314.673215][T11113] BTRFS info (device loop0): rebuilding free space tree [ 314.684553][T11113] BTRFS info (device loop0): disabling free space tree [ 314.691438][T11113] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 11113] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 11113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11113] chdir("./file0") = 0 [pid 11113] ioctl(4, LOOP_CLR_FD) = 0 [pid 11113] close(4) = 0 [pid 11113] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11112] <... futex resumed>) = 0 [pid 11113] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11112] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11112] <... futex resumed>) = 0 [pid 11113] open("./file0", O_RDONLY [pid 11112] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11113] <... open resumed>) = 4 [pid 11113] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11112] <... futex resumed>) = 0 [pid 11112] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 11112] <... futex resumed>) = 0 [pid 11112] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11113] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11113] <... futex resumed>) = 0 [pid 11112] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 11112] <... futex resumed>) = 0 [ 314.701139][T11113] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 314.713748][T11113] BTRFS info (device loop0): checking UUID tree [pid 11112] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 11112] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 11112] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[11131]}, 88) = 11131 [pid 11112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11112] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11112] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11131 attached [ 314.768796][T11113] BTRFS info (device loop0): balance: start -d -m [ 314.777554][T11113] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 314.798857][T11113] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 11131] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 11131] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 11131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11131] open(".", O_RDONLY) = 5 [pid 11131] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11131] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11112] <... futex resumed>) = 0 [pid 11112] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11131] <... futex resumed>) = 0 [pid 11112] <... futex resumed>) = 1 [pid 11131] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 11112] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11131] <... ioctl resumed>) = 0 [ 314.840358][T11113] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 11131] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11112] <... futex resumed>) = 0 [pid 11131] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11113] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 11113] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11112] exit_group(0) = ? [pid 11131] <... futex resumed>) = ? [pid 11131] +++ exited with 0 +++ [pid 11113] +++ exited with 0 +++ [pid 11112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11112, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- [ 314.894151][T11113] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 314.917744][T11113] BTRFS info (device loop0): balance: ended with status: 0 umount2("./302", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 umount2("./302/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./302/binderfs") = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11132 attached [pid 11132] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 11132] chdir("./303") = 0 [pid 11132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 11132 [pid 11132] setpgid(0, 0) = 0 [pid 11132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11132] write(3, "1000", 4) = 4 [pid 11132] close(3) = 0 [pid 11132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11132] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11132] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 11132] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 11132] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 11133 attached => {parent_tid=[11133]}, 88) = 11133 [pid 11133] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 11132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11132] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11132] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11133] <... rseq resumed>) = 0 [pid 11133] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 11133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11133] memfd_create("syzkaller", 0) = 3 [pid 11133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 11133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 11133] munmap(0x7f0bcda09000, 138412032) = 0 [pid 11133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11133] close(3) = 0 [pid 11133] mkdir("./file0", 0777) = 0 [ 315.493613][T11133] loop0: detected capacity change from 0 to 32768 [ 315.518071][T11133] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (11133) [ 315.534028][T11133] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 315.543276][T11133] BTRFS info (device loop0): force clearing of disk cache [ 315.550466][T11133] BTRFS info (device loop0): setting nodatasum [ 315.556686][T11133] BTRFS info (device loop0): allowing degraded mounts [ 315.563469][T11133] BTRFS info (device loop0): enabling disk space caching [ 315.570552][T11133] BTRFS info (device loop0): disk space caching is enabled [ 315.589280][T11133] BTRFS info (device loop0): enabling ssd optimizations [ 315.596337][T11133] BTRFS info (device loop0): auto enabling async discard [ 315.604513][T11133] BTRFS info (device loop0): rebuilding free space tree [ 315.615479][T11133] BTRFS info (device loop0): disabling free space tree [ 315.622366][T11133] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 315.632110][T11133] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 11133] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 11133] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11133] chdir("./file0") = 0 [pid 11133] ioctl(4, LOOP_CLR_FD) = 0 [pid 11133] close(4) = 0 [pid 11133] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11132] <... futex resumed>) = 0 [ 315.644903][T11133] BTRFS info (device loop0): checking UUID tree [pid 11133] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11132] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11133] <... futex resumed>) = 0 [pid 11133] open("./file0", O_RDONLY) = 4 [pid 11133] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11133] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11132] <... futex resumed>) = 1 [pid 11132] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 11132] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11133] <... futex resumed>) = 0 [pid 11133] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 11133] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11133] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11132] <... futex resumed>) = 1 [pid 11132] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 11132] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11133] <... futex resumed>) = 0 [pid 11133] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 11132] <... futex resumed>) = 1 [pid 11132] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 11132] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 11132] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0} => {parent_tid=[11151]}, 88) = 11151 [pid 11132] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 11151 attached [ 315.730943][T11133] BTRFS info (device loop0): balance: start -d -m [ 315.740458][T11133] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 315.761757][T11133] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata NULL, 8) = 0 [pid 11151] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053 [pid 11132] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11132] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11151] <... rseq resumed>) = 0 [pid 11151] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 11151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11151] open(".", O_RDONLY) = 5 [pid 11151] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11151] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11132] <... futex resumed>) = 0 [pid 11132] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11151] <... futex resumed>) = 0 [pid 11132] <... futex resumed>) = 1 [pid 11151] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 11132] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11151] <... ioctl resumed>) = 0 [pid 11151] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11132] <... futex resumed>) = 0 [ 315.802848][T11133] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 11151] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11133] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 11133] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11133] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11132] exit_group(0 [pid 11151] <... futex resumed>) = ? [pid 11151] +++ exited with 0 +++ [pid 11132] <... exit_group resumed>) = ? [pid 11133] <... futex resumed>) = ? [pid 11133] +++ exited with 0 +++ [pid 11132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11132, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- umount2("./303", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 315.852692][T11133] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 315.869796][T11133] BTRFS info (device loop0): balance: ended with status: 0 umount2("./303/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./303/binderfs") = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11152 attached , child_tidptr=0x5555570ad690) = 11152 [pid 11152] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 11152] chdir("./304") = 0 [pid 11152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11152] setpgid(0, 0) = 0 [pid 11152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11152] write(3, "1000", 4) = 4 [pid 11152] close(3) = 0 [pid 11152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11152] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11152] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 11152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 11152] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 11153 attached => {parent_tid=[11153]}, 88) = 11153 [pid 11153] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 11152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11152] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11152] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11153] <... rseq resumed>) = 0 [pid 11153] set_robust_list(0x7f0bd5e299a0, 24) = 0 [pid 11153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11153] memfd_create("syzkaller", 0) = 3 [pid 11153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 11153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 11153] munmap(0x7f0bcda09000, 138412032) = 0 [pid 11153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11153] close(3) = 0 [pid 11153] mkdir("./file0", 0777) = 0 [ 316.435853][T11153] loop0: detected capacity change from 0 to 32768 [ 316.449588][T11153] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (11153) [ 316.466966][T11153] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 316.476464][T11153] BTRFS info (device loop0): force clearing of disk cache [ 316.483572][T11153] BTRFS info (device loop0): setting nodatasum [ 316.489775][T11153] BTRFS info (device loop0): allowing degraded mounts [ 316.496600][T11153] BTRFS info (device loop0): enabling disk space caching [ 316.503618][T11153] BTRFS info (device loop0): disk space caching is enabled [ 316.523091][T11153] BTRFS info (device loop0): enabling ssd optimizations [ 316.530422][T11153] BTRFS info (device loop0): auto enabling async discard [ 316.539276][T11153] BTRFS info (device loop0): rebuilding free space tree [ 316.550504][T11153] BTRFS info (device loop0): disabling free space tree [ 316.557539][T11153] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 316.567228][T11153] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 11153] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 11153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11153] chdir("./file0") = 0 [pid 11153] ioctl(4, LOOP_CLR_FD) = 0 [pid 11153] close(4) = 0 [pid 11153] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11152] <... futex resumed>) = 0 [pid 11153] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11152] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11153] open("./file0", O_RDONLY [pid 11152] <... futex resumed>) = 0 [pid 11153] <... open resumed>) = 4 [pid 11152] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11153] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11152] <... futex resumed>) = 0 [pid 11153] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 11152] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11153] <... ioctl resumed>) = 0 [pid 11152] <... futex resumed>) = 0 [pid 11152] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11153] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11152] <... futex resumed>) = 0 [ 316.580080][T11153] BTRFS info (device loop0): checking UUID tree [pid 11153] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 11152] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11152] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 11152] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 11152] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 11171 attached => {parent_tid=[11171]}, 88) = 11171 [pid 11171] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 11152] rt_sigprocmask(SIG_SETMASK, [], [pid 11171] set_robust_list(0x7f0bd5e089a0, 24) = 0 [pid 11152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11152] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11171] rt_sigprocmask(SIG_SETMASK, [], [pid 11152] <... futex resumed>) = 0 [pid 11171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11152] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11171] open(".", O_RDONLY) = 5 [pid 11171] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11152] <... futex resumed>) = 0 [pid 11171] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11152] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11171] <... futex resumed>) = 0 [pid 11152] <... futex resumed>) = 1 [pid 11171] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 316.612645][T11153] BTRFS info (device loop0): balance: start -d -m [ 316.621883][T11153] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 316.647497][T11153] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 11152] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11171] <... ioctl resumed>) = 0 [pid 11171] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11152] <... futex resumed>) = 0 [ 316.712665][T11153] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 316.744889][T11153] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 11171] futex(0x7f0bd5ef96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11153] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 11153] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11153] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11152] exit_group(0 [pid 11171] <... futex resumed>) = ? [pid 11153] <... futex resumed>) = ? [pid 11152] <... exit_group resumed>) = ? [pid 11171] +++ exited with 0 +++ [pid 11153] +++ exited with 0 +++ [pid 11152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11152, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./304", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555570ae730 /* 4 entries */, 32768) = 112 [ 316.766762][T11153] BTRFS info (device loop0): balance: ended with status: 0 umount2("./304/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./304/binderfs") = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555570b6770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555570b6770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/file0") = 0 getdents64(3, 0x5555570ae730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11172 attached [pid 11172] set_robust_list(0x5555570ad6a0, 24) = 0 [pid 11172] chdir("./305") = 0 [pid 11172] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5059] <... clone resumed>, child_tidptr=0x5555570ad690) = 11172 [pid 11172] <... prctl resumed>) = 0 [pid 11172] setpgid(0, 0) = 0 [pid 11172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11172] write(3, "1000", 4) = 4 [pid 11172] close(3) = 0 [pid 11172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11172] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11172] rt_sigaction(SIGRT_1, {sa_handler=0x7f0bd5e93030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0bd5e841e0}, NULL, 8) = 0 [pid 11172] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5e09000 [pid 11172] mprotect(0x7f0bd5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e29990, parent_tid=0x7f0bd5e29990, exit_signal=0, stack=0x7f0bd5e09000, stack_size=0x20300, tls=0x7f0bd5e296c0}./strace-static-x86_64: Process 11173 attached [pid 11173] rseq(0x7f0bd5e29fe0, 0x20, 0, 0x53053053 [pid 11172] <... clone3 resumed> => {parent_tid=[11173]}, 88) = 11173 [pid 11173] <... rseq resumed>) = 0 [pid 11172] rt_sigprocmask(SIG_SETMASK, [], [pid 11173] set_robust_list(0x7f0bd5e299a0, 24 [pid 11172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11173] <... set_robust_list resumed>) = 0 [pid 11172] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11172] <... futex resumed>) = 0 [pid 11173] memfd_create("syzkaller", 0 [pid 11172] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11173] <... memfd_create resumed>) = 3 [pid 11173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0bcda09000 [pid 11173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 11173] munmap(0x7f0bcda09000, 138412032) = 0 [pid 11173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11173] close(3) = 0 [pid 11173] mkdir("./file0", 0777) = 0 [ 317.295483][T11173] loop0: detected capacity change from 0 to 32768 [ 317.308568][T11173] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor326 (11173) [ 317.336590][T11173] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 317.347624][T11173] BTRFS info (device loop0): force clearing of disk cache [ 317.355538][T11173] BTRFS info (device loop0): setting nodatasum [ 317.362123][T11173] BTRFS info (device loop0): allowing degraded mounts [ 317.369754][T11173] BTRFS info (device loop0): enabling disk space caching [ 317.377572][T11173] BTRFS info (device loop0): disk space caching is enabled [ 317.406261][T11173] BTRFS info (device loop0): enabling ssd optimizations [ 317.413675][T11173] BTRFS info (device loop0): auto enabling async discard [ 317.422973][T11173] BTRFS info (device loop0): rebuilding free space tree [ 317.441006][T11173] BTRFS info (device loop0): disabling free space tree [pid 11173] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 11173] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11173] chdir("./file0") = 0 [pid 11173] ioctl(4, LOOP_CLR_FD) = 0 [pid 11173] close(4) = 0 [pid 11173] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11173] futex(0x7f0bd5ef96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11172] <... futex resumed>) = 0 [pid 11172] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11173] <... futex resumed>) = 0 [pid 11173] open("./file0", O_RDONLY [pid 11172] <... futex resumed>) = 1 [pid 11173] <... open resumed>) = 4 [pid 11172] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11173] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11172] <... futex resumed>) = 0 [pid 11173] <... futex resumed>) = 1 [pid 11172] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11172] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 317.448422][T11173] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 317.458967][T11173] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 317.475109][T11173] BTRFS info (device loop0): checking UUID tree [pid 11173] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 11173] futex(0x7f0bd5ef96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11172] <... futex resumed>) = 0 [pid 11172] futex(0x7f0bd5ef96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11173] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 11172] futex(0x7f0bd5ef96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 11172] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0bd5de8000 [pid 11172] mprotect(0x7f0bd5de9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 317.555380][T11173] BTRFS info (device loop0): balance: start -d -m [ 317.570355][T11173] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 11172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0bd5e08990, parent_tid=0x7f0bd5e08990, exit_signal=0, stack=0x7f0bd5de8000, stack_size=0x20300, tls=0x7f0bd5e086c0}./strace-static-x86_64: Process 11191 attached [pid 11191] rseq(0x7f0bd5e08fe0, 0x20, 0, 0x53053053) = 0 [pid 11172] <... clone3 resumed> => {parent_tid=[11191]}, 88) = 11191 [pid 11191] set_robust_list(0x7f0bd5e089a0, 24 [pid 11172] rt_sigprocmask(SIG_SETMASK, [], [pid 11191] <... set_robust_list resumed>) = 0 [pid 11172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11191] rt_sigprocmask(SIG_SETMASK, [], [pid 11172] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11172] <... futex resumed>) = 0 [pid 11191] open(".", O_RDONLY [pid 11172] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11191] <... open resumed>) = 5 [pid 11191] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11172] <... futex resumed>) = 0 [pid 11172] futex(0x7f0bd5ef96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11191] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 11172] <... futex resumed>) = 0 [pid 11172] futex(0x7f0bd5ef96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 11191] <... ioctl resumed>) = 0 [pid 11191] futex(0x7f0bd5ef96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 317.634918][T11173] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 317.664171][ T2456] BTRFS warning (device loop0): Skipping commit of aborted transaction. [ 317.672748][ T2456] ------------[ cut here ]------------ [ 317.678273][ T2456] BTRFS: Transaction aborted (error -28) [ 317.714077][ T2456] WARNING: CPU: 1 PID: 2456 at fs/btrfs/transaction.c:2057 btrfs_commit_transaction+0x2e97/0x3740 [ 317.724859][ T2456] Modules linked in: [ 317.728770][ T2456] CPU: 1 PID: 2456 Comm: kworker/u4:6 Not tainted 6.7.0-rc1-syzkaller-00019-gc42d9eeef8e5 #0 [ 317.739185][ T2456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 317.749296][ T2456] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 317.756949][ T2456] RIP: 0010:btrfs_commit_transaction+0x2e97/0x3740 [ 317.763475][ T2456] Code: 01 00 00 00 4c 89 ff e8 57 3d ee 00 e9 ad d7 ff ff e8 bd c5 f9 fd 90 48 c7 c7 00 4b ab 8b 8b 5c 24 10 89 de e8 fa 9e bf fd 90 <0f> 0b 90 90 4c 8b 64 24 20 e9 7b f9 ff ff 44 89 f1 80 e1 07 80 c1 [ 317.783177][ T2456] RSP: 0018:ffffc90009b876e0 EFLAGS: 00010246 [ 317.789335][ T2456] RAX: f153a46f7131a900 RBX: 00000000ffffffe4 RCX: ffff888025a95940 [ 317.797376][ T2456] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 317.805389][ T2456] RBP: ffffc90009b87a10 R08: ffffffff81545a92 R09: 1ffff92001370e30 [ 317.813388][ T2456] R10: dffffc0000000000 R11: fffff52001370e31 R12: ffff8880210d0000 [ 317.821465][ T2456] R13: ffff888025a96b88 R14: 0000000000000000 R15: dffffc0000000000 [ 317.829502][ T2456] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 317.838472][ T2456] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 317.845108][ T2456] CR2: 0000562fdc8a3e28 CR3: 000000001eb87000 CR4: 00000000003506f0 [ 317.853113][ T2456] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 317.861145][ T2456] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 317.869323][ T2456] Call Trace: [ 317.872599][ T2456] [ 317.875579][ T2456] ? __warn+0x162/0x4b0 [ 317.879852][ T2456] ? btrfs_commit_transaction+0x2e97/0x3740 [ 317.885823][ T2456] ? report_bug+0x2b3/0x500 [ 317.890434][ T2456] ? btrfs_commit_transaction+0x2e97/0x3740 [ 317.896373][ T2456] ? handle_bug+0x3e/0x60 [ 317.900736][ T2456] ? exc_invalid_op+0x1a/0x50 [ 317.905466][ T2456] ? asm_exc_invalid_op+0x1a/0x20 [ 317.910618][ T2456] ? __warn_printk+0x292/0x360 [ 317.915427][ T2456] ? btrfs_commit_transaction+0x2e97/0x3740 [ 317.921341][ T2456] ? btrfs_commit_transaction+0x17b/0x3740 [ 317.927207][ T2456] ? btrfs_commit_transaction_async+0x480/0x480 [ 317.933484][ T2456] ? lockdep_softirqs_off+0x430/0x430 [ 317.938952][ T2456] ? join_transaction+0x401/0xcf0 [ 317.944035][ T2456] ? btrfs_record_root_in_trans+0x92/0x180 [ 317.949870][ T2456] ? start_transaction+0x3dc/0x1780 [ 317.955149][ T2456] flush_space+0x9ae/0xcf0 [ 317.959576][ T2456] ? btrfs_async_reclaim_metadata_space+0x288/0x350 [ 317.966232][ T2456] ? do_raw_spin_lock+0x14e/0x370 [ 317.971269][ T2456] ? btrfs_calc_reclaim_metadata_size+0x450/0x450 [ 317.977729][ T2456] ? do_raw_spin_unlock+0x13b/0x8b0 [ 317.983027][ T2456] ? btrfs_calc_reclaim_metadata_size+0x2ad/0x450 [ 317.989492][ T2456] btrfs_async_reclaim_metadata_space+0x29f/0x350 [ 317.996035][ T2456] ? process_scheduled_works+0x825/0x1420 [ 318.001783][ T2456] process_scheduled_works+0x90f/0x1420 [ 318.007399][ T2456] ? assign_work+0x3d0/0x3d0 [ 318.012021][ T2456] ? assign_work+0x364/0x3d0 [ 318.016677][ T2456] worker_thread+0xa5f/0x1000 [ 318.021371][ T2456] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 318.027413][ T2456] kthread+0x2d3/0x370 [ 318.031493][ T2456] ? pr_cont_work+0x5e0/0x5e0 [ 318.036208][ T2456] ? kthread_blkcg+0xd0/0xd0 [ 318.040809][ T2456] ret_from_fork+0x48/0x80 [ 318.045309][ T2456] ? kthread_blkcg+0xd0/0xd0 [ 318.049907][ T2456] ret_from_fork_asm+0x11/0x20 [ 318.054746][ T2456] [ 318.057778][ T2456] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 318.065048][ T2456] CPU: 1 PID: 2456 Comm: kworker/u4:6 Not tainted 6.7.0-rc1-syzkaller-00019-gc42d9eeef8e5 #0 [ 318.075190][ T2456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 318.085240][ T2456] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 318.092791][ T2456] Call Trace: [ 318.096063][ T2456] [ 318.098986][ T2456] dump_stack_lvl+0x1e7/0x2d0 [ 318.103661][ T2456] ? nf_tcp_handle_invalid+0x650/0x650 [ 318.109111][ T2456] ? panic+0x850/0x850 [ 318.113202][ T2456] ? vscnprintf+0x5d/0x80 [ 318.117525][ T2456] panic+0x349/0x850 [ 318.121418][ T2456] ? __warn+0x171/0x4b0 [ 318.125575][ T2456] ? __memcpy_flushcache+0x2b0/0x2b0 [ 318.130870][ T2456] ? ret_from_fork_asm+0x11/0x20 [ 318.135809][ T2456] __warn+0x318/0x4b0 [ 318.139811][ T2456] ? btrfs_commit_transaction+0x2e97/0x3740 [ 318.145704][ T2456] report_bug+0x2b3/0x500 [ 318.150028][ T2456] ? btrfs_commit_transaction+0x2e97/0x3740 [ 318.155922][ T2456] handle_bug+0x3e/0x60 [ 318.160071][ T2456] exc_invalid_op+0x1a/0x50 [ 318.164568][ T2456] asm_exc_invalid_op+0x1a/0x20 [ 318.169417][ T2456] RIP: 0010:btrfs_commit_transaction+0x2e97/0x3740 [ 318.175915][ T2456] Code: 01 00 00 00 4c 89 ff e8 57 3d ee 00 e9 ad d7 ff ff e8 bd c5 f9 fd 90 48 c7 c7 00 4b ab 8b 8b 5c 24 10 89 de e8 fa 9e bf fd 90 <0f> 0b 90 90 4c 8b 64 24 20 e9 7b f9 ff ff 44 89 f1 80 e1 07 80 c1 [ 318.195510][ T2456] RSP: 0018:ffffc90009b876e0 EFLAGS: 00010246 [ 318.201573][ T2456] RAX: f153a46f7131a900 RBX: 00000000ffffffe4 RCX: ffff888025a95940 [ 318.209534][ T2456] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 318.217500][ T2456] RBP: ffffc90009b87a10 R08: ffffffff81545a92 R09: 1ffff92001370e30 [ 318.225476][ T2456] R10: dffffc0000000000 R11: fffff52001370e31 R12: ffff8880210d0000 [ 318.233435][ T2456] R13: ffff888025a96b88 R14: 0000000000000000 R15: dffffc0000000000 [ 318.241409][ T2456] ? __warn_printk+0x292/0x360 [ 318.246179][ T2456] ? btrfs_commit_transaction+0x17b/0x3740 [ 318.251994][ T2456] ? btrfs_commit_transaction_async+0x480/0x480 [ 318.258233][ T2456] ? lockdep_softirqs_off+0x430/0x430 [ 318.263604][ T2456] ? join_transaction+0x401/0xcf0 [ 318.268641][ T2456] ? btrfs_record_root_in_trans+0x92/0x180 [ 318.274443][ T2456] ? start_transaction+0x3dc/0x1780 [ 318.279649][ T2456] flush_space+0x9ae/0xcf0 [ 318.284064][ T2456] ? btrfs_async_reclaim_metadata_space+0x288/0x350 [ 318.290648][ T2456] ? do_raw_spin_lock+0x14e/0x370 [ 318.295667][ T2456] ? btrfs_calc_reclaim_metadata_size+0x450/0x450 [ 318.302078][ T2456] ? do_raw_spin_unlock+0x13b/0x8b0 [ 318.307277][ T2456] ? btrfs_calc_reclaim_metadata_size+0x2ad/0x450 [ 318.313684][ T2456] btrfs_async_reclaim_metadata_space+0x29f/0x350 [ 318.320103][ T2456] ? process_scheduled_works+0x825/0x1420 [ 318.325902][ T2456] process_scheduled_works+0x90f/0x1420 [ 318.331457][ T2456] ? assign_work+0x3d0/0x3d0 [ 318.336043][ T2456] ? assign_work+0x364/0x3d0 [ 318.340650][ T2456] worker_thread+0xa5f/0x1000 [ 318.345357][ T2456] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 318.351283][ T2456] kthread+0x2d3/0x370 [ 318.355367][ T2456] ? pr_cont_work+0x5e0/0x5e0 [ 318.360044][ T2456] ? kthread_blkcg+0xd0/0xd0 [ 318.364632][ T2456] ret_from_fork+0x48/0x80 [ 318.369045][ T2456] ? kthread_blkcg+0xd0/0xd0 [ 318.373628][ T2456] ret_from_fork_asm+0x11/0x20 [ 318.378396][ T2456] [ 318.381598][ T2456] Kernel Offset: disabled [ 318.386019][ T2456] Rebooting in 86400 seconds..