./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2687903114 <...> Warning: Permanently added '10.128.1.170' (ED25519) to the list of known hosts. execve("./syz-executor2687903114", ["./syz-executor2687903114"], 0x7ffddd6d8ed0 /* 10 vars */) = 0 brk(NULL) = 0x555556388000 brk(0x555556388d40) = 0x555556388d40 arch_prctl(ARCH_SET_FS, 0x5555563883c0) = 0 set_tid_address(0x555556388690) = 5067 set_robust_list(0x5555563886a0, 24) = 0 rseq(0x555556388ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2687903114", 4096) = 28 getrandom("\x9e\x6e\xda\xd2\x05\xaf\xdd\x2f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556388d40 brk(0x5555563a9d40) = 0x5555563a9d40 brk(0x5555563aa000) = 0x5555563aa000 mprotect(0x7f17f3515000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24 close(3) = 0 mkdir("./syzkaller.B51sqE", 0700) = 0 chmod("./syzkaller.B51sqE", 0777) = 0 chdir("./syzkaller.B51sqE") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached , child_tidptr=0x555556388690) = 5068 [pid 5068] set_robust_list(0x5555563886a0, 24) = 0 [pid 5068] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setsid() = 1 [pid 5068] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5068] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5068] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5068] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5068] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5068] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5068] unshare(CLONE_NEWNS) = 0 [pid 5068] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5068] unshare(CLONE_NEWIPC) = 0 [pid 5068] unshare(CLONE_NEWCGROUP) = 0 [pid 5068] unshare(CLONE_NEWUTS) = 0 [pid 5068] unshare(CLONE_SYSVSEM) = 0 [pid 5068] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "16777216", 8) = 8 [pid 5068] close(3) = 0 [pid 5068] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "536870912", 9) = 9 [pid 5068] close(3) = 0 [pid 5068] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1024", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "8192", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1024", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1024", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5068] close(3) = 0 [pid 5068] getpid() = 1 [pid 5068] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5071] set_robust_list(0x5555563886a0, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 2 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5071] chdir("./0") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5071] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5072 attached [pid 5072] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053) = 0 [pid 5071] <... clone3 resumed> => {parent_tid=[3]}, 88) = 3 [pid 5072] set_robust_list(0x7f17f344b9a0, 24 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5072] <... set_robust_list resumed>) = 0 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] memfd_create("syzkaller", 0 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5072] <... memfd_create resumed>) = 3 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5072] munmap(0x7f17eb000000, 138412032) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5072] close(3) = 0 [pid 5072] close(4) = 0 [pid 5072] mkdir("./file0", 0777) = 0 [ 71.678417][ T5072] loop0: detected capacity change from 0 to 32768 [ 71.707588][ T5072] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5072) [ 71.731787][ T5072] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 71.742833][ T5072] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 71.755662][ T5072] BTRFS info (device loop0): disk space caching is enabled [ 71.797575][ T5072] BTRFS info (device loop0): rebuilding free space tree [ 71.837712][ T5072] BTRFS info (device loop0): disabling free space tree [pid 5072] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5072] chdir("./file0") = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 71.845158][ T5072] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 71.855173][ T5072] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 71.875328][ T5072] BTRFS info (device loop0): checking UUID tree [pid 5072] ioctl(4, LOOP_CLR_FD) = 0 [pid 5072] close(4) = 0 [pid 5072] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] open("./file0", O_RDONLY [pid 5071] <... futex resumed>) = 0 [pid 5072] <... open resumed>) = 4 [pid 5071] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5071] <... futex resumed>) = 0 [pid 5072] <... ioctl resumed>) = 0 [pid 5071] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5072] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5071] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5071] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [ 71.992676][ T5072] BTRFS info (device loop0): balance: start -d -m [ 72.006564][ T5072] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5092 attached => {parent_tid=[4]}, 88) = 4 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5071] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... rseq resumed>) = 0 [pid 5092] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5092] open(".", O_RDONLY) = 5 [pid 5092] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5071] <... futex resumed>) = 1 [pid 5092] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5071] <... futex resumed>) = 1 [ 72.049328][ T5072] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5071] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... ioctl resumed>) = 0 [pid 5071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5092] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.152746][ T5072] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 72.185899][ T5072] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5092] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5072] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] close(3) = 0 [pid 5071] close(4) = 0 [pid 5071] close(5) = 0 [pid 5071] close(6) = -1 EBADF (Bad file descriptor) [pid 5071] close(7) = -1 EBADF (Bad file descriptor) [pid 5071] close(8) = -1 EBADF (Bad file descriptor) [pid 5071] close(9) = -1 EBADF (Bad file descriptor) [pid 5071] close(10) = -1 EBADF (Bad file descriptor) [pid 5071] close(11) = -1 EBADF (Bad file descriptor) [pid 5071] close(12) = -1 EBADF (Bad file descriptor) [pid 5071] close(13) = -1 EBADF (Bad file descriptor) [ 72.209759][ T5072] BTRFS info (device loop0): balance: ended with status: 0 [pid 5071] close(14) = -1 EBADF (Bad file descriptor) [pid 5071] close(15) = -1 EBADF (Bad file descriptor) [pid 5071] close(16) = -1 EBADF (Bad file descriptor) [pid 5071] close(17) = -1 EBADF (Bad file descriptor) [pid 5071] close(18) = -1 EBADF (Bad file descriptor) [pid 5071] close(19) = -1 EBADF (Bad file descriptor) [pid 5071] close(20) = -1 EBADF (Bad file descriptor) [pid 5071] close(21) = -1 EBADF (Bad file descriptor) [pid 5071] close(22) = -1 EBADF (Bad file descriptor) [pid 5071] close(23) = -1 EBADF (Bad file descriptor) [pid 5071] close(24) = -1 EBADF (Bad file descriptor) [pid 5071] close(25) = -1 EBADF (Bad file descriptor) [pid 5071] close(26) = -1 EBADF (Bad file descriptor) [pid 5071] close(27) = -1 EBADF (Bad file descriptor) [pid 5071] close(28) = -1 EBADF (Bad file descriptor) [pid 5071] close(29) = -1 EBADF (Bad file descriptor) [pid 5071] exit_group(0 [pid 5092] <... futex resumed>) = ? [pid 5072] <... futex resumed>) = ? [pid 5092] +++ exited with 0 +++ [pid 5071] <... exit_group resumed>) = ? [pid 5072] +++ exited with 0 +++ [pid 5071] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=56 /* 0.56 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./0/binderfs") = 0 [ 72.376985][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./0/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./0") = 0 [pid 5068] mkdir("./1", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached , child_tidptr=0x555556388690) = 5 [pid 5093] set_robust_list(0x5555563886a0, 24) = 0 [pid 5093] chdir("./1") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5093] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5094 attached [pid 5094] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5093] <... clone3 resumed> => {parent_tid=[6]}, 88) = 6 [pid 5094] <... rseq resumed>) = 0 [pid 5094] set_robust_list(0x7f17f344b9a0, 24 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] <... set_robust_list resumed>) = 0 [pid 5093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], [pid 5093] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5093] <... futex resumed>) = 0 [pid 5094] memfd_create("syzkaller", 0 [pid 5093] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5094] <... memfd_create resumed>) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5094] munmap(0x7f17eb000000, 138412032) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] close(4) = 0 [pid 5094] mkdir("./file0", 0777) = 0 [ 72.905352][ T5094] loop0: detected capacity change from 0 to 32768 [ 72.952489][ T5094] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5094) [ 72.979990][ T5094] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 72.990463][ T5094] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 73.000576][ T5094] BTRFS info (device loop0): disk space caching is enabled [ 73.043404][ T5094] BTRFS info (device loop0): rebuilding free space tree [ 73.063644][ T5094] BTRFS info (device loop0): disabling free space tree [ 73.071234][ T5094] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 73.081852][ T5094] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5094] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./file0") = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [pid 5094] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5093] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] open("./file0", O_RDONLY) = 4 [pid 5094] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5093] <... futex resumed>) = 0 [ 73.098889][ T5094] BTRFS info (device loop0): checking UUID tree [pid 5093] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5094] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5093] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5093] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5093] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5113 attached => {parent_tid=[7]}, 88) = 7 [pid 5113] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], [pid 5113] set_robust_list(0x7f17f342a9a0, 24 [pid 5093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] <... set_robust_list resumed>) = 0 [pid 5093] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], [pid 5093] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] open(".", O_RDONLY) = 5 [pid 5113] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5113] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5113] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 73.195499][ T5094] BTRFS info (device loop0): balance: start -d -m [ 73.206610][ T5094] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 73.232573][ T5094] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5093] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... ioctl resumed>) = 0 [pid 5113] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [ 73.317194][ T5094] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 73.356815][ T5094] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5113] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5094] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] close(3) = 0 [pid 5093] close(4) = 0 [pid 5093] close(5) = 0 [pid 5093] close(6) = -1 EBADF (Bad file descriptor) [pid 5093] close(7) = -1 EBADF (Bad file descriptor) [pid 5093] close(8) = -1 EBADF (Bad file descriptor) [pid 5093] close(9) = -1 EBADF (Bad file descriptor) [pid 5093] close(10) = -1 EBADF (Bad file descriptor) [pid 5093] close(11) = -1 EBADF (Bad file descriptor) [pid 5093] close(12) = -1 EBADF (Bad file descriptor) [pid 5093] close(13) = -1 EBADF (Bad file descriptor) [pid 5093] close(14) = -1 EBADF (Bad file descriptor) [ 73.379162][ T5094] BTRFS info (device loop0): balance: ended with status: 0 [pid 5093] close(15) = -1 EBADF (Bad file descriptor) [pid 5093] close(16) = -1 EBADF (Bad file descriptor) [pid 5093] close(17) = -1 EBADF (Bad file descriptor) [pid 5093] close(18) = -1 EBADF (Bad file descriptor) [pid 5093] close(19) = -1 EBADF (Bad file descriptor) [pid 5093] close(20) = -1 EBADF (Bad file descriptor) [pid 5093] close(21) = -1 EBADF (Bad file descriptor) [pid 5093] close(22) = -1 EBADF (Bad file descriptor) [pid 5093] close(23) = -1 EBADF (Bad file descriptor) [pid 5093] close(24) = -1 EBADF (Bad file descriptor) [pid 5093] close(25) = -1 EBADF (Bad file descriptor) [pid 5093] close(26) = -1 EBADF (Bad file descriptor) [pid 5093] close(27) = -1 EBADF (Bad file descriptor) [pid 5093] close(28) = -1 EBADF (Bad file descriptor) [pid 5093] close(29) = -1 EBADF (Bad file descriptor) [pid 5093] exit_group(0 [pid 5113] <... futex resumed>) = ? [pid 5094] <... futex resumed>) = ? [pid 5093] <... exit_group resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=48 /* 0.48 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./1/binderfs") = 0 [ 73.524374][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./1/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./1") = 0 [pid 5068] mkdir("./2", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556388690) = 8 ./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x5555563886a0, 24) = 0 [pid 5115] chdir("./2") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5115] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5116 attached [pid 5116] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5115] <... clone3 resumed> => {parent_tid=[9]}, 88) = 9 [pid 5116] <... rseq resumed>) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] set_robust_list(0x7f17f344b9a0, 24 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5115] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5115] <... futex resumed>) = 0 [pid 5116] memfd_create("syzkaller", 0 [pid 5115] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5116] <... memfd_create resumed>) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5116] munmap(0x7f17eb000000, 138412032) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] close(4) = 0 [pid 5116] mkdir("./file0", 0777) = 0 [ 74.032922][ T5116] loop0: detected capacity change from 0 to 32768 [ 74.054814][ T5116] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5116) [ 74.078481][ T5116] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 74.088942][ T5116] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.098533][ T5116] BTRFS info (device loop0): disk space caching is enabled [ 74.139737][ T5116] BTRFS info (device loop0): rebuilding free space tree [ 74.155827][ T5116] BTRFS info (device loop0): disabling free space tree [ 74.163751][ T5116] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 74.174780][ T5116] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5116] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./file0") = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_CLR_FD) = 0 [pid 5116] close(4) = 0 [pid 5116] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5116] open("./file0", O_RDONLY [pid 5115] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... open resumed>) = 4 [pid 5116] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5116] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5115] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5115] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 74.192499][ T5116] BTRFS info (device loop0): checking UUID tree [pid 5116] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5115] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5115] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5115] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5134 attached [ 74.251006][ T5116] BTRFS info (device loop0): balance: start -d -m [ 74.259662][ T5116] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 74.280079][ T5116] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5134] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5115] <... clone3 resumed> => {parent_tid=[10]}, 88) = 10 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5115] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... rseq resumed>) = 0 [pid 5134] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5134] open(".", O_RDONLY) = 5 [pid 5134] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5115] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... ioctl resumed>) = 0 [pid 5134] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [ 74.322222][ T5116] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 74.353664][ T5116] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5134] <... futex resumed>) = 1 [pid 5134] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5116] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] close(3) = 0 [pid 5115] close(4) = 0 [pid 5115] close(5) = 0 [pid 5115] close(6) = -1 EBADF (Bad file descriptor) [pid 5115] close(7) = -1 EBADF (Bad file descriptor) [pid 5115] close(8) = -1 EBADF (Bad file descriptor) [pid 5115] close(9) = -1 EBADF (Bad file descriptor) [pid 5115] close(10) = -1 EBADF (Bad file descriptor) [pid 5115] close(11) = -1 EBADF (Bad file descriptor) [pid 5115] close(12) = -1 EBADF (Bad file descriptor) [ 74.404537][ T5116] BTRFS info (device loop0): balance: ended with status: 0 [pid 5115] close(13) = -1 EBADF (Bad file descriptor) [pid 5115] close(14) = -1 EBADF (Bad file descriptor) [pid 5115] close(15) = -1 EBADF (Bad file descriptor) [pid 5115] close(16) = -1 EBADF (Bad file descriptor) [pid 5115] close(17) = -1 EBADF (Bad file descriptor) [pid 5115] close(18) = -1 EBADF (Bad file descriptor) [pid 5115] close(19) = -1 EBADF (Bad file descriptor) [pid 5115] close(20) = -1 EBADF (Bad file descriptor) [pid 5115] close(21) = -1 EBADF (Bad file descriptor) [pid 5115] close(22) = -1 EBADF (Bad file descriptor) [pid 5115] close(23) = -1 EBADF (Bad file descriptor) [pid 5115] close(24) = -1 EBADF (Bad file descriptor) [pid 5115] close(25) = -1 EBADF (Bad file descriptor) [pid 5115] close(26) = -1 EBADF (Bad file descriptor) [pid 5115] close(27) = -1 EBADF (Bad file descriptor) [pid 5115] close(28) = -1 EBADF (Bad file descriptor) [pid 5115] close(29) = -1 EBADF (Bad file descriptor) [pid 5115] exit_group(0 [pid 5134] <... futex resumed>) = ? [pid 5116] <... futex resumed>) = ? [pid 5115] <... exit_group resumed>) = ? [pid 5134] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=42 /* 0.42 s */} --- [pid 5068] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./2/binderfs") = 0 [ 74.582532][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./2/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./2") = 0 [pid 5068] mkdir("./3", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x5555563886a0, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 11 [pid 5135] <... set_robust_list resumed>) = 0 [pid 5135] chdir("./3") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5135] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5136 attached [pid 5136] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5135] <... clone3 resumed> => {parent_tid=[12]}, 88) = 12 [pid 5136] <... rseq resumed>) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] set_robust_list(0x7f17f344b9a0, 24 [pid 5135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5135] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5136] <... set_robust_list resumed>) = 0 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5136] munmap(0x7f17eb000000, 138412032) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5136] close(3) = 0 [pid 5136] close(4) = 0 [pid 5136] mkdir("./file0", 0777) = 0 [ 75.077518][ T5136] loop0: detected capacity change from 0 to 32768 [ 75.106339][ T5136] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5136) [ 75.126592][ T5136] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 75.136964][ T5136] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 75.147233][ T5136] BTRFS info (device loop0): disk space caching is enabled [ 75.193523][ T5136] BTRFS info (device loop0): rebuilding free space tree [ 75.209329][ T5136] BTRFS info (device loop0): disabling free space tree [ 75.216547][ T5136] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 75.226921][ T5136] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5136] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./file0") = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5136] ioctl(4, LOOP_CLR_FD) = 0 [pid 5136] close(4) = 0 [pid 5136] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] open("./file0", O_RDONLY [pid 5135] <... futex resumed>) = 0 [ 75.244028][ T5136] BTRFS info (device loop0): checking UUID tree [pid 5135] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... open resumed>) = 4 [pid 5136] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5136] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5135] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... ioctl resumed>) = 0 [pid 5135] <... futex resumed>) = 0 [pid 5136] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5136] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5135] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.327493][ T5136] BTRFS info (device loop0): balance: start -d -m [ 75.338090][ T5136] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5135] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5135] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5135] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5155 attached [pid 5155] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5135] <... clone3 resumed> => {parent_tid=[13]}, 88) = 13 [pid 5155] <... rseq resumed>) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] set_robust_list(0x7f17f342a9a0, 24 [pid 5135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] <... set_robust_list resumed>) = 0 [pid 5135] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5135] <... futex resumed>) = 0 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] open(".", O_RDONLY [pid 5135] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... open resumed>) = 5 [pid 5155] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5155] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5155] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5135] <... futex resumed>) = 0 [ 75.368219][ T5136] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5135] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5135] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5155] <... ioctl resumed>) = 0 [pid 5155] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.475364][ T5136] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 75.503687][ T5136] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5155] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5136] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5136] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5136] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] close(3) = 0 [pid 5135] close(4) = 0 [pid 5135] close(5) = 0 [pid 5135] close(6) = -1 EBADF (Bad file descriptor) [pid 5135] close(7) = -1 EBADF (Bad file descriptor) [pid 5135] close(8) = -1 EBADF (Bad file descriptor) [pid 5135] close(9) = -1 EBADF (Bad file descriptor) [ 75.526327][ T5136] BTRFS info (device loop0): balance: ended with status: 0 [pid 5135] close(10) = -1 EBADF (Bad file descriptor) [pid 5135] close(11) = -1 EBADF (Bad file descriptor) [pid 5135] close(12) = -1 EBADF (Bad file descriptor) [pid 5135] close(13) = -1 EBADF (Bad file descriptor) [pid 5135] close(14) = -1 EBADF (Bad file descriptor) [pid 5135] close(15) = -1 EBADF (Bad file descriptor) [pid 5135] close(16) = -1 EBADF (Bad file descriptor) [pid 5135] close(17) = -1 EBADF (Bad file descriptor) [pid 5135] close(18) = -1 EBADF (Bad file descriptor) [pid 5135] close(19) = -1 EBADF (Bad file descriptor) [pid 5135] close(20) = -1 EBADF (Bad file descriptor) [pid 5135] close(21) = -1 EBADF (Bad file descriptor) [pid 5135] close(22) = -1 EBADF (Bad file descriptor) [pid 5135] close(23) = -1 EBADF (Bad file descriptor) [pid 5135] close(24) = -1 EBADF (Bad file descriptor) [pid 5135] close(25) = -1 EBADF (Bad file descriptor) [pid 5135] close(26) = -1 EBADF (Bad file descriptor) [pid 5135] close(27) = -1 EBADF (Bad file descriptor) [pid 5135] close(28) = -1 EBADF (Bad file descriptor) [pid 5135] close(29) = -1 EBADF (Bad file descriptor) [pid 5135] exit_group(0 [pid 5155] <... futex resumed>) = ? [pid 5136] <... futex resumed>) = ? [pid 5135] <... exit_group resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=46 /* 0.46 s */} --- [pid 5068] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./3/binderfs") = 0 [ 75.688505][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./3/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./3") = 0 [pid 5068] mkdir("./4", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x5555563886a0, 24) = 0 [pid 5156] chdir("./4" [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 14 [pid 5156] <... chdir resumed>) = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5156] setpgid(0, 0) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5156] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0} => {parent_tid=[15]}, 88) = 15 ./strace-static-x86_64: Process 5157 attached [pid 5157] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], [pid 5157] <... rseq resumed>) = 0 [pid 5156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5157] set_robust_list(0x7f17f344b9a0, 24 [pid 5156] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... set_robust_list resumed>) = 0 [pid 5156] <... futex resumed>) = 0 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5157] munmap(0x7f17eb000000, 138412032) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] close(4) = 0 [pid 5157] mkdir("./file0", 0777) = 0 [ 76.248036][ T5157] loop0: detected capacity change from 0 to 32768 [ 76.288173][ T5157] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5157) [ 76.311725][ T5157] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 76.322332][ T5157] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 76.331893][ T5157] BTRFS info (device loop0): disk space caching is enabled [ 76.420352][ T5157] BTRFS info (device loop0): rebuilding free space tree [ 76.434896][ T5157] BTRFS info (device loop0): disabling free space tree [ 76.441882][ T5157] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 76.451779][ T5157] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5157] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5157] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./file0") = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_CLR_FD) = 0 [pid 5157] close(4) = 0 [pid 5157] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5157] open("./file0", O_RDONLY [pid 5156] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... open resumed>) = 4 [pid 5157] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5157] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5156] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... ioctl resumed>) = 0 [pid 5157] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5157] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5157] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 76.465315][ T5157] BTRFS info (device loop0): checking UUID tree [pid 5156] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5156] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5156] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5176 attached [pid 5176] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5156] <... clone3 resumed> => {parent_tid=[16]}, 88) = 16 [pid 5176] <... rseq resumed>) = 0 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], [pid 5176] set_robust_list(0x7f17f342a9a0, 24 [pid 5156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5176] <... set_robust_list resumed>) = 0 [pid 5156] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] <... futex resumed>) = 0 [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5156] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] open(".", O_RDONLY) = 5 [ 76.493679][ T5157] BTRFS info (device loop0): balance: start -d -m [ 76.502262][ T5157] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 76.527361][ T5157] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5176] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = 1 [pid 5156] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... ioctl resumed>) = 0 [pid 5176] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... futex resumed>) = 0 [ 76.604930][ T5157] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5157] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5157] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] close(3) = 0 [pid 5157] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] close(4) = 0 [pid 5156] close(5) = 0 [pid 5156] close(6) = -1 EBADF (Bad file descriptor) [pid 5156] close(7) = -1 EBADF (Bad file descriptor) [pid 5156] close(8) = -1 EBADF (Bad file descriptor) [pid 5156] close(9) = -1 EBADF (Bad file descriptor) [pid 5156] close(10) = -1 EBADF (Bad file descriptor) [pid 5156] close(11) = -1 EBADF (Bad file descriptor) [pid 5156] close(12) = -1 EBADF (Bad file descriptor) [pid 5156] close(13) = -1 EBADF (Bad file descriptor) [pid 5156] close(14) = -1 EBADF (Bad file descriptor) [pid 5156] close(15) = -1 EBADF (Bad file descriptor) [pid 5156] close(16) = -1 EBADF (Bad file descriptor) [pid 5156] close(17) = -1 EBADF (Bad file descriptor) [pid 5156] close(18) = -1 EBADF (Bad file descriptor) [pid 5156] close(19) = -1 EBADF (Bad file descriptor) [pid 5156] close(20) = -1 EBADF (Bad file descriptor) [pid 5156] close(21) = -1 EBADF (Bad file descriptor) [pid 5156] close(22) = -1 EBADF (Bad file descriptor) [pid 5156] close(23) = -1 EBADF (Bad file descriptor) [pid 5156] close(24) = -1 EBADF (Bad file descriptor) [pid 5156] close(25) = -1 EBADF (Bad file descriptor) [pid 5156] close(26) = -1 EBADF (Bad file descriptor) [pid 5156] close(27) = -1 EBADF (Bad file descriptor) [pid 5156] close(28) = -1 EBADF (Bad file descriptor) [pid 5156] close(29) = -1 EBADF (Bad file descriptor) [pid 5156] exit_group(0 [pid 5176] <... futex resumed>) = ? [pid 5157] <... futex resumed>) = ? [pid 5176] +++ exited with 0 +++ [pid 5157] +++ exited with 0 +++ [pid 5156] <... exit_group resumed>) = ? [pid 5156] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=46 /* 0.46 s */} --- [pid 5068] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 76.649876][ T5157] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 76.686932][ T5157] BTRFS info (device loop0): balance: ended with status: 0 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./4/binderfs") = 0 [ 76.738777][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./4/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./4") = 0 [pid 5068] mkdir("./5", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556388690) = 17 ./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x5555563886a0, 24) = 0 [pid 5177] chdir("./5") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5177] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5178 attached => {parent_tid=[18]}, 88) = 18 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5178] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5177] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... rseq resumed>) = 0 [pid 5177] <... futex resumed>) = 0 [pid 5178] set_robust_list(0x7f17f344b9a0, 24 [pid 5177] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5178] <... set_robust_list resumed>) = 0 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5178] munmap(0x7f17eb000000, 138412032) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] close(4) = 0 [pid 5178] mkdir("./file0", 0777) = 0 [ 77.376783][ T5178] loop0: detected capacity change from 0 to 32768 [ 77.416548][ T5178] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5178) [ 77.439119][ T5178] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 77.450177][ T5178] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 77.460268][ T5178] BTRFS info (device loop0): disk space caching is enabled [ 77.541745][ T5178] BTRFS info (device loop0): rebuilding free space tree [ 77.559290][ T5178] BTRFS info (device loop0): disabling free space tree [ 77.566462][ T5178] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 77.576304][ T5178] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5178] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./file0") = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_CLR_FD) = 0 [pid 5178] close(4) = 0 [pid 5178] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] open("./file0", O_RDONLY [pid 5177] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... open resumed>) = 4 [pid 5178] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] <... futex resumed>) = 0 [pid 5177] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5178] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5177] <... futex resumed>) = 0 [ 77.591545][ T5178] BTRFS info (device loop0): checking UUID tree [ 77.626860][ T5178] BTRFS info (device loop0): balance: start -d -m [ 77.637427][ T5178] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5177] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5177] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5177] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5197 attached => {parent_tid=[19]}, 88) = 19 [pid 5197] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], [pid 5197] <... rseq resumed>) = 0 [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5197] set_robust_list(0x7f17f342a9a0, 24 [pid 5177] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... set_robust_list resumed>) = 0 [pid 5177] <... futex resumed>) = 0 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5197] open(".", O_RDONLY) = 5 [pid 5197] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5197] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 77.664609][ T5178] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5177] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 5197] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [ 77.713754][ T5178] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5197] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5178] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] close(3) = 0 [pid 5177] close(4) = 0 [pid 5177] close(5) = 0 [pid 5177] close(6) = -1 EBADF (Bad file descriptor) [pid 5177] close(7) = -1 EBADF (Bad file descriptor) [ 77.798247][ T5178] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 77.830661][ T5178] BTRFS info (device loop0): balance: ended with status: 0 [pid 5177] close(8) = -1 EBADF (Bad file descriptor) [pid 5177] close(9) = -1 EBADF (Bad file descriptor) [pid 5177] close(10) = -1 EBADF (Bad file descriptor) [pid 5177] close(11) = -1 EBADF (Bad file descriptor) [pid 5177] close(12) = -1 EBADF (Bad file descriptor) [pid 5177] close(13) = -1 EBADF (Bad file descriptor) [pid 5177] close(14) = -1 EBADF (Bad file descriptor) [pid 5177] close(15) = -1 EBADF (Bad file descriptor) [pid 5177] close(16) = -1 EBADF (Bad file descriptor) [pid 5177] close(17) = -1 EBADF (Bad file descriptor) [pid 5177] close(18) = -1 EBADF (Bad file descriptor) [pid 5177] close(19) = -1 EBADF (Bad file descriptor) [pid 5177] close(20) = -1 EBADF (Bad file descriptor) [pid 5177] close(21) = -1 EBADF (Bad file descriptor) [pid 5177] close(22) = -1 EBADF (Bad file descriptor) [pid 5177] close(23) = -1 EBADF (Bad file descriptor) [pid 5177] close(24) = -1 EBADF (Bad file descriptor) [pid 5177] close(25) = -1 EBADF (Bad file descriptor) [pid 5177] close(26) = -1 EBADF (Bad file descriptor) [pid 5177] close(27) = -1 EBADF (Bad file descriptor) [pid 5177] close(28) = -1 EBADF (Bad file descriptor) [pid 5177] close(29) = -1 EBADF (Bad file descriptor) [pid 5177] exit_group(0 [pid 5197] <... futex resumed>) = ? [pid 5178] <... futex resumed>) = ? [pid 5177] <... exit_group resumed>) = ? [pid 5197] +++ exited with 0 +++ [pid 5178] +++ exited with 0 +++ [pid 5177] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=47 /* 0.47 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./5/binderfs") = 0 [ 78.037859][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./5/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./5") = 0 [pid 5068] mkdir("./6", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556388690) = 20 ./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x5555563886a0, 24) = 0 [pid 5198] chdir("./6") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5198] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0} => {parent_tid=[21]}, 88) = 21 ./strace-static-x86_64: Process 5199 attached [pid 5199] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5199] <... rseq resumed>) = 0 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5199] set_robust_list(0x7f17f344b9a0, 24 [pid 5198] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... set_robust_list resumed>) = 0 [pid 5198] <... futex resumed>) = 0 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5199] memfd_create("syzkaller", 0) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5199] munmap(0x7f17eb000000, 138412032) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] close(4) = 0 [pid 5199] mkdir("./file0", 0777) = 0 [ 78.571278][ T5199] loop0: detected capacity change from 0 to 32768 [ 78.593667][ T5199] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5199) [ 78.614985][ T5199] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 78.625704][ T5199] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 78.635451][ T5199] BTRFS info (device loop0): disk space caching is enabled [ 78.675473][ T5199] BTRFS info (device loop0): rebuilding free space tree [ 78.690523][ T5199] BTRFS info (device loop0): disabling free space tree [ 78.697971][ T5199] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 78.709386][ T5199] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5199] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5199] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./file0") = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5199] close(4) = 0 [pid 5199] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5199] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 5199] open("./file0", O_RDONLY [pid 5198] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... open resumed>) = 4 [pid 5199] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5199] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 78.724647][ T5199] BTRFS info (device loop0): checking UUID tree [pid 5198] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5198] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5198] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [ 78.768211][ T5199] BTRFS info (device loop0): balance: start -d -m [ 78.776878][ T5199] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 78.798011][ T5199] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5217 attached [pid 5217] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5198] <... clone3 resumed> => {parent_tid=[22]}, 88) = 22 [pid 5217] <... rseq resumed>) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5217] set_robust_list(0x7f17f342a9a0, 24 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5217] <... set_robust_list resumed>) = 0 [pid 5198] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] <... futex resumed>) = 0 [pid 5217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] open(".", O_RDONLY) = 5 [pid 5217] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5217] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 78.836936][ T5199] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 78.869288][ T5199] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5198] <... futex resumed>) = 0 [pid 5217] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5198] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5199] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... ioctl resumed>) = 0 [pid 5217] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5198] close(3) = 0 [pid 5198] close(4 [pid 5217] <... futex resumed>) = 1 [pid 5198] <... close resumed>) = 0 [pid 5217] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] close(5) = 0 [pid 5198] close(6) = -1 EBADF (Bad file descriptor) [pid 5198] close(7) = -1 EBADF (Bad file descriptor) [pid 5198] close(8) = -1 EBADF (Bad file descriptor) [pid 5198] close(9) = -1 EBADF (Bad file descriptor) [ 78.893329][ T5199] BTRFS info (device loop0): balance: ended with status: 0 [pid 5198] close(10) = -1 EBADF (Bad file descriptor) [pid 5198] close(11) = -1 EBADF (Bad file descriptor) [pid 5198] close(12) = -1 EBADF (Bad file descriptor) [pid 5198] close(13) = -1 EBADF (Bad file descriptor) [pid 5198] close(14) = -1 EBADF (Bad file descriptor) [pid 5198] close(15) = -1 EBADF (Bad file descriptor) [pid 5198] close(16) = -1 EBADF (Bad file descriptor) [pid 5198] close(17) = -1 EBADF (Bad file descriptor) [pid 5198] close(18) = -1 EBADF (Bad file descriptor) [pid 5198] close(19) = -1 EBADF (Bad file descriptor) [pid 5198] close(20) = -1 EBADF (Bad file descriptor) [pid 5198] close(21) = -1 EBADF (Bad file descriptor) [pid 5198] close(22) = -1 EBADF (Bad file descriptor) [pid 5198] close(23) = -1 EBADF (Bad file descriptor) [pid 5198] close(24) = -1 EBADF (Bad file descriptor) [pid 5198] close(25) = -1 EBADF (Bad file descriptor) [pid 5198] close(26) = -1 EBADF (Bad file descriptor) [pid 5198] close(27) = -1 EBADF (Bad file descriptor) [pid 5198] close(28) = -1 EBADF (Bad file descriptor) [pid 5198] close(29) = -1 EBADF (Bad file descriptor) [pid 5198] exit_group(0 [pid 5217] <... futex resumed>) = ? [pid 5198] <... exit_group resumed>) = ? [pid 5217] +++ exited with 0 +++ [pid 5199] <... futex resumed>) = ? [pid 5199] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=20, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- [pid 5068] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./6/binderfs") = 0 [ 79.079377][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./6/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./6") = 0 [pid 5068] mkdir("./7", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x5555563886a0, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 23 [pid 5218] <... set_robust_list resumed>) = 0 [pid 5218] chdir("./7") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5218] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5218] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5219 attached [pid 5219] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5218] <... clone3 resumed> => {parent_tid=[24]}, 88) = 24 [pid 5219] <... rseq resumed>) = 0 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] set_robust_list(0x7f17f344b9a0, 24) = 0 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5219] memfd_create("syzkaller", 0 [pid 5218] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... memfd_create resumed>) = 3 [pid 5218] <... futex resumed>) = 0 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5218] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5219] munmap(0x7f17eb000000, 138412032) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5219] close(3) = 0 [pid 5219] close(4) = 0 [pid 5219] mkdir("./file0", 0777) = 0 [ 79.583274][ T5219] loop0: detected capacity change from 0 to 32768 [ 79.619966][ T5219] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5219) [ 79.642051][ T5219] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 79.652849][ T5219] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 79.662239][ T5219] BTRFS info (device loop0): disk space caching is enabled [ 79.721949][ T5219] BTRFS info (device loop0): rebuilding free space tree [ 79.737898][ T5219] BTRFS info (device loop0): disabling free space tree [ 79.745240][ T5219] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 79.755419][ T5219] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5219] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5219] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5219] chdir("./file0") = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5219] ioctl(4, LOOP_CLR_FD) = 0 [pid 5219] close(4) = 0 [pid 5219] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] open("./file0", O_RDONLY) = 4 [pid 5219] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... futex resumed>) = 0 [pid 5219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5218] <... futex resumed>) = 0 [pid 5219] <... ioctl resumed>) = 0 [ 79.772354][ T5219] BTRFS info (device loop0): checking UUID tree [pid 5218] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5219] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5218] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5218] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5218] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5218] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5238 attached [pid 5238] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5218] <... clone3 resumed> => {parent_tid=[25]}, 88) = 25 [pid 5238] <... rseq resumed>) = 0 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] set_robust_list(0x7f17f342a9a0, 24 [pid 5218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5218] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] open(".", O_RDONLY) = 5 [pid 5238] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5238] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] <... futex resumed>) = 0 [pid 5238] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 79.838602][ T5219] BTRFS info (device loop0): balance: start -d -m [ 79.848361][ T5219] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 79.873747][ T5219] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5218] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... ioctl resumed>) = 0 [pid 5238] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [ 79.955554][ T5219] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 79.994955][ T5219] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5238] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5219] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] close(3) = 0 [pid 5218] close(4) = 0 [pid 5218] close(5) = 0 [pid 5218] close(6) = -1 EBADF (Bad file descriptor) [pid 5218] close(7) = -1 EBADF (Bad file descriptor) [pid 5218] close(8) = -1 EBADF (Bad file descriptor) [ 80.023698][ T5219] BTRFS info (device loop0): balance: ended with status: 0 [pid 5218] close(9) = -1 EBADF (Bad file descriptor) [pid 5218] close(10) = -1 EBADF (Bad file descriptor) [pid 5218] close(11) = -1 EBADF (Bad file descriptor) [pid 5218] close(12) = -1 EBADF (Bad file descriptor) [pid 5218] close(13) = -1 EBADF (Bad file descriptor) [pid 5218] close(14) = -1 EBADF (Bad file descriptor) [pid 5218] close(15) = -1 EBADF (Bad file descriptor) [pid 5218] close(16) = -1 EBADF (Bad file descriptor) [pid 5218] close(17) = -1 EBADF (Bad file descriptor) [pid 5218] close(18) = -1 EBADF (Bad file descriptor) [pid 5218] close(19) = -1 EBADF (Bad file descriptor) [pid 5218] close(20) = -1 EBADF (Bad file descriptor) [pid 5218] close(21) = -1 EBADF (Bad file descriptor) [pid 5218] close(22) = -1 EBADF (Bad file descriptor) [pid 5218] close(23) = -1 EBADF (Bad file descriptor) [pid 5218] close(24) = -1 EBADF (Bad file descriptor) [pid 5218] close(25) = -1 EBADF (Bad file descriptor) [pid 5218] close(26) = -1 EBADF (Bad file descriptor) [pid 5218] close(27) = -1 EBADF (Bad file descriptor) [pid 5218] close(28) = -1 EBADF (Bad file descriptor) [pid 5218] close(29) = -1 EBADF (Bad file descriptor) [pid 5218] exit_group(0 [pid 5238] <... futex resumed>) = ? [pid 5219] <... futex resumed>) = ? [pid 5218] <... exit_group resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5219] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=47 /* 0.47 s */} --- [pid 5068] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./7/binderfs") = 0 [ 80.223116][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./7/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./7") = 0 [pid 5068] mkdir("./8", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached , child_tidptr=0x555556388690) = 26 [pid 5239] set_robust_list(0x5555563886a0, 24) = 0 [pid 5239] chdir("./8") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5239] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0} => {parent_tid=[27]}, 88) = 27 ./strace-static-x86_64: Process 5240 attached [pid 5240] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] <... rseq resumed>) = 0 [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] set_robust_list(0x7f17f344b9a0, 24 [pid 5239] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... set_robust_list resumed>) = 0 [pid 5239] <... futex resumed>) = 0 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5240] munmap(0x7f17eb000000, 138412032) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] close(4) = 0 [pid 5240] mkdir("./file0", 0777) = 0 [ 80.749027][ T5240] loop0: detected capacity change from 0 to 32768 [ 80.795489][ T5240] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5240) [ 80.822724][ T5240] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 80.833181][ T5240] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 80.842713][ T5240] BTRFS info (device loop0): disk space caching is enabled [ 80.902092][ T5240] BTRFS info (device loop0): rebuilding free space tree [ 80.917787][ T5240] BTRFS info (device loop0): disabling free space tree [ 80.924810][ T5240] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 80.935111][ T5240] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5240] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./file0") = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_CLR_FD) = 0 [pid 5240] close(4) = 0 [pid 5240] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5240] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] open("./file0", O_RDONLY [pid 5239] <... futex resumed>) = 0 [pid 5240] <... open resumed>) = 4 [ 80.951805][ T5240] BTRFS info (device loop0): checking UUID tree [pid 5239] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5240] <... futex resumed>) = 1 [pid 5239] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5239] <... futex resumed>) = 0 [pid 5240] <... ioctl resumed>) = 0 [pid 5240] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5239] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5240] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5239] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5239] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5239] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0} => {parent_tid=[28]}, 88) = 28 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5239] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5259 attached [pid 5259] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5259] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5259] open(".", O_RDONLY) = 5 [pid 5259] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 81.032819][ T5240] BTRFS info (device loop0): balance: start -d -m [ 81.040645][ T5240] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 81.070323][ T5240] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5259] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 5259] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5259] <... futex resumed>) = 1 [ 81.173446][ T5240] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5259] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5240] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] close(3) = 0 [pid 5239] close(4) = 0 [pid 5239] close(5) = 0 [pid 5239] close(6) = -1 EBADF (Bad file descriptor) [pid 5239] close(7) = -1 EBADF (Bad file descriptor) [pid 5239] close(8) = -1 EBADF (Bad file descriptor) [pid 5239] close(9) = -1 EBADF (Bad file descriptor) [pid 5239] close(10) = -1 EBADF (Bad file descriptor) [pid 5239] close(11) = -1 EBADF (Bad file descriptor) [pid 5239] close(12) = -1 EBADF (Bad file descriptor) [pid 5239] close(13) = -1 EBADF (Bad file descriptor) [pid 5239] close(14) = -1 EBADF (Bad file descriptor) [pid 5239] close(15) = -1 EBADF (Bad file descriptor) [pid 5239] close(16) = -1 EBADF (Bad file descriptor) [pid 5239] close(17) = -1 EBADF (Bad file descriptor) [pid 5239] close(18) = -1 EBADF (Bad file descriptor) [pid 5239] close(19) = -1 EBADF (Bad file descriptor) [pid 5239] close(20) = -1 EBADF (Bad file descriptor) [pid 5239] close(21) = -1 EBADF (Bad file descriptor) [pid 5239] close(22) = -1 EBADF (Bad file descriptor) [pid 5239] close(23) = -1 EBADF (Bad file descriptor) [pid 5239] close(24) = -1 EBADF (Bad file descriptor) [pid 5239] close(25) = -1 EBADF (Bad file descriptor) [pid 5239] close(26) = -1 EBADF (Bad file descriptor) [pid 5239] close(27) = -1 EBADF (Bad file descriptor) [pid 5239] close(28) = -1 EBADF (Bad file descriptor) [pid 5239] close(29) = -1 EBADF (Bad file descriptor) [pid 5239] exit_group(0 [pid 5259] <... futex resumed>) = ? [pid 5240] <... futex resumed>) = ? [pid 5239] <... exit_group resumed>) = ? [pid 5259] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=45 /* 0.45 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./8/binderfs") = 0 [ 81.230408][ T5240] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 81.257875][ T5240] BTRFS info (device loop0): balance: ended with status: 0 [ 81.311517][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./8/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./8") = 0 [pid 5068] mkdir("./9", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5261 attached [pid 5261] set_robust_list(0x5555563886a0, 24) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 29 [pid 5261] chdir("./9") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5261] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5261] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5262 attached [pid 5262] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5261] <... clone3 resumed> => {parent_tid=[30]}, 88) = 30 [pid 5262] <... rseq resumed>) = 0 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] set_robust_list(0x7f17f344b9a0, 24 [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] <... set_robust_list resumed>) = 0 [pid 5261] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] memfd_create("syzkaller", 0) = 3 [pid 5262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5262] munmap(0x7f17eb000000, 138412032) = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5262] close(3) = 0 [pid 5262] close(4) = 0 [pid 5262] mkdir("./file0", 0777) = 0 [ 81.900168][ T5262] loop0: detected capacity change from 0 to 32768 [ 81.928913][ T5262] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5262) [ 81.953160][ T5262] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 81.963659][ T5262] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 81.972972][ T5262] BTRFS info (device loop0): disk space caching is enabled [ 82.004909][ T5262] BTRFS info (device loop0): rebuilding free space tree [ 82.021127][ T5262] BTRFS info (device loop0): disabling free space tree [ 82.028091][ T5262] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 82.038332][ T5262] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5262] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5262] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5262] chdir("./file0") = 0 [pid 5262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5262] ioctl(4, LOOP_CLR_FD) = 0 [pid 5262] close(4) = 0 [pid 5262] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5262] <... futex resumed>) = 1 [pid 5262] open("./file0", O_RDONLY) = 4 [pid 5262] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5262] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5261] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 82.056714][ T5262] BTRFS info (device loop0): checking UUID tree [pid 5262] <... ioctl resumed>) = 0 [pid 5262] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5262] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5262] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5261] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5261] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5261] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 82.133076][ T5262] BTRFS info (device loop0): balance: start -d -m [ 82.140968][ T5262] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 82.161171][ T5262] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5280 attached => {parent_tid=[31]}, 88) = 31 [pid 5280] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5280] <... rseq resumed>) = 0 [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5280] set_robust_list(0x7f17f342a9a0, 24 [pid 5261] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... set_robust_list resumed>) = 0 [pid 5261] <... futex resumed>) = 0 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5280] open(".", O_RDONLY) = 5 [pid 5280] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5280] <... futex resumed>) = 1 [pid 5261] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... ioctl resumed>) = 0 [pid 5280] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [ 82.206981][ T5262] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5280] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5262] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] close(3 [pid 5262] <... futex resumed>) = 0 [pid 5261] <... close resumed>) = 0 [pid 5262] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] close(4) = 0 [pid 5261] close(5) = 0 [pid 5261] close(6) = -1 EBADF (Bad file descriptor) [pid 5261] close(7) = -1 EBADF (Bad file descriptor) [pid 5261] close(8) = -1 EBADF (Bad file descriptor) [pid 5261] close(9) = -1 EBADF (Bad file descriptor) [pid 5261] close(10) = -1 EBADF (Bad file descriptor) [pid 5261] close(11) = -1 EBADF (Bad file descriptor) [pid 5261] close(12) = -1 EBADF (Bad file descriptor) [pid 5261] close(13) = -1 EBADF (Bad file descriptor) [pid 5261] close(14) = -1 EBADF (Bad file descriptor) [ 82.289532][ T5262] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 82.312603][ T5262] BTRFS info (device loop0): balance: ended with status: 0 [pid 5261] close(15) = -1 EBADF (Bad file descriptor) [pid 5261] close(16) = -1 EBADF (Bad file descriptor) [pid 5261] close(17) = -1 EBADF (Bad file descriptor) [pid 5261] close(18) = -1 EBADF (Bad file descriptor) [pid 5261] close(19) = -1 EBADF (Bad file descriptor) [pid 5261] close(20) = -1 EBADF (Bad file descriptor) [pid 5261] close(21) = -1 EBADF (Bad file descriptor) [pid 5261] close(22) = -1 EBADF (Bad file descriptor) [pid 5261] close(23) = -1 EBADF (Bad file descriptor) [pid 5261] close(24) = -1 EBADF (Bad file descriptor) [pid 5261] close(25) = -1 EBADF (Bad file descriptor) [pid 5261] close(26) = -1 EBADF (Bad file descriptor) [pid 5261] close(27) = -1 EBADF (Bad file descriptor) [pid 5261] close(28) = -1 EBADF (Bad file descriptor) [pid 5261] close(29) = -1 EBADF (Bad file descriptor) [pid 5261] exit_group(0 [pid 5262] <... futex resumed>) = ? [pid 5261] <... exit_group resumed>) = ? [pid 5280] <... futex resumed>) = ? [pid 5262] +++ exited with 0 +++ [pid 5280] +++ exited with 0 +++ [pid 5261] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=47 /* 0.47 s */} --- [pid 5068] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./9/binderfs") = 0 [ 82.467351][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./9/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./9") = 0 [pid 5068] mkdir("./10", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5281 attached , child_tidptr=0x555556388690) = 32 [pid 5281] set_robust_list(0x5555563886a0, 24) = 0 [pid 5281] chdir("./10") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5281] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0} => {parent_tid=[33]}, 88) = 33 ./strace-static-x86_64: Process 5282 attached [pid 5282] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], [pid 5282] <... rseq resumed>) = 0 [pid 5281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] set_robust_list(0x7f17f344b9a0, 24 [pid 5281] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... set_robust_list resumed>) = 0 [pid 5281] <... futex resumed>) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], [pid 5281] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5282] munmap(0x7f17eb000000, 138412032) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] close(4) = 0 [pid 5282] mkdir("./file0", 0777) = 0 [ 82.979664][ T5282] loop0: detected capacity change from 0 to 32768 [ 83.004457][ T5282] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5282) [ 83.023342][ T5282] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 83.033878][ T5282] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.043551][ T5282] BTRFS info (device loop0): disk space caching is enabled [ 83.100627][ T5282] BTRFS info (device loop0): rebuilding free space tree [ 83.119090][ T5282] BTRFS info (device loop0): disabling free space tree [ 83.126212][ T5282] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 83.136343][ T5282] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5282] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5282] chdir("./file0") = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_CLR_FD) = 0 [pid 5282] close(4) = 0 [pid 5282] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5282] open("./file0", O_RDONLY) = 4 [pid 5281] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5281] <... futex resumed>) = 0 [pid 5282] <... ioctl resumed>) = 0 [pid 5282] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5282] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] <... futex resumed>) = 0 [pid 5282] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 83.153151][ T5282] BTRFS info (device loop0): checking UUID tree [pid 5281] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5281] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [ 83.205702][ T5282] BTRFS info (device loop0): balance: start -d -m [ 83.214310][ T5282] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 83.234842][ T5282] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5281] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5300 attached [pid 5300] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5281] <... clone3 resumed> => {parent_tid=[34]}, 88) = 34 [pid 5300] <... rseq resumed>) = 0 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], [pid 5300] set_robust_list(0x7f17f342a9a0, 24 [pid 5281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5300] <... set_robust_list resumed>) = 0 [pid 5281] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], [pid 5281] <... futex resumed>) = 0 [pid 5300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5281] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] open(".", O_RDONLY) = 5 [pid 5300] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [ 83.275951][ T5282] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5300] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 5300] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5300] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5282] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5282] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] close(3) = 0 [pid 5281] close(4) = 0 [pid 5281] close(5) = 0 [pid 5281] close(6) = -1 EBADF (Bad file descriptor) [pid 5281] close(7) = -1 EBADF (Bad file descriptor) [pid 5281] close(8) = -1 EBADF (Bad file descriptor) [pid 5281] close(9) = -1 EBADF (Bad file descriptor) [pid 5281] close(10) = -1 EBADF (Bad file descriptor) [pid 5281] close(11) = -1 EBADF (Bad file descriptor) [ 83.328810][ T5282] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 83.353308][ T5282] BTRFS info (device loop0): balance: ended with status: 0 [pid 5281] close(12) = -1 EBADF (Bad file descriptor) [pid 5281] close(13) = -1 EBADF (Bad file descriptor) [pid 5281] close(14) = -1 EBADF (Bad file descriptor) [pid 5281] close(15) = -1 EBADF (Bad file descriptor) [pid 5281] close(16) = -1 EBADF (Bad file descriptor) [pid 5281] close(17) = -1 EBADF (Bad file descriptor) [pid 5281] close(18) = -1 EBADF (Bad file descriptor) [pid 5281] close(19) = -1 EBADF (Bad file descriptor) [pid 5281] close(20) = -1 EBADF (Bad file descriptor) [pid 5281] close(21) = -1 EBADF (Bad file descriptor) [pid 5281] close(22) = -1 EBADF (Bad file descriptor) [pid 5281] close(23) = -1 EBADF (Bad file descriptor) [pid 5281] close(24) = -1 EBADF (Bad file descriptor) [pid 5281] close(25) = -1 EBADF (Bad file descriptor) [pid 5281] close(26) = -1 EBADF (Bad file descriptor) [pid 5281] close(27) = -1 EBADF (Bad file descriptor) [pid 5281] close(28) = -1 EBADF (Bad file descriptor) [pid 5281] close(29) = -1 EBADF (Bad file descriptor) [pid 5281] exit_group(0) = ? [pid 5300] <... futex resumed>) = ? [pid 5282] <... futex resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5282] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=32, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=44 /* 0.44 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./10/binderfs") = 0 [ 83.551213][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./10/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./10") = 0 [pid 5068] mkdir("./11", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5301 attached , child_tidptr=0x555556388690) = 35 [pid 5301] set_robust_list(0x5555563886a0, 24) = 0 [pid 5301] chdir("./11") = 0 [pid 5301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5301] setpgid(0, 0) = 0 [pid 5301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5301] write(3, "1000", 4) = 4 [pid 5301] close(3) = 0 [pid 5301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5301] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5301] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5302 attached [pid 5302] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053) = 0 [pid 5302] set_robust_list(0x7f17f344b9a0, 24 [pid 5301] <... clone3 resumed> => {parent_tid=[36]}, 88) = 36 [pid 5302] <... set_robust_list resumed>) = 0 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5301] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5301] <... futex resumed>) = 1 [pid 5302] memfd_create("syzkaller", 0 [pid 5301] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5302] <... memfd_create resumed>) = 3 [pid 5302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5302] munmap(0x7f17eb000000, 138412032) = 0 [pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5302] close(3) = 0 [pid 5302] close(4) = 0 [pid 5302] mkdir("./file0", 0777) = 0 [ 84.053302][ T5302] loop0: detected capacity change from 0 to 32768 [ 84.097757][ T5302] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5302) [ 84.121903][ T5302] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 84.132231][ T5302] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.142194][ T5302] BTRFS info (device loop0): disk space caching is enabled [ 84.181628][ T5302] BTRFS info (device loop0): rebuilding free space tree [ 84.199867][ T5302] BTRFS info (device loop0): disabling free space tree [ 84.209047][ T5302] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 84.219323][ T5302] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5302] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5302] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5302] chdir("./file0") = 0 [pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5302] ioctl(4, LOOP_CLR_FD) = 0 [pid 5302] close(4) = 0 [pid 5302] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5301] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 84.236417][ T5302] BTRFS info (device loop0): checking UUID tree [pid 5302] open("./file0", O_RDONLY) = 4 [pid 5302] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5301] <... futex resumed>) = 0 [pid 5302] <... ioctl resumed>) = 0 [pid 5301] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5302] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5301] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5301] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5301] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0} => {parent_tid=[37]}, 88) = 37 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5301] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5321 attached [pid 5321] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5321] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5321] open(".", O_RDONLY) = 5 [pid 5321] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5301] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5301] <... futex resumed>) = 0 [ 84.339153][ T5302] BTRFS info (device loop0): balance: start -d -m [ 84.350875][ T5302] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 84.376933][ T5302] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5301] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... ioctl resumed>) = 0 [pid 5321] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [ 84.478580][ T5302] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 84.508763][ T5302] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5321] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5302] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] close(3 [pid 5302] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] <... close resumed>) = 0 [pid 5301] close(4) = 0 [pid 5301] close(5) = 0 [pid 5301] close(6) = -1 EBADF (Bad file descriptor) [pid 5301] close(7) = -1 EBADF (Bad file descriptor) [pid 5301] close(8) = -1 EBADF (Bad file descriptor) [pid 5301] close(9) = -1 EBADF (Bad file descriptor) [pid 5301] close(10) = -1 EBADF (Bad file descriptor) [pid 5301] close(11) = -1 EBADF (Bad file descriptor) [pid 5301] close(12) = -1 EBADF (Bad file descriptor) [pid 5301] close(13) = -1 EBADF (Bad file descriptor) [pid 5301] close(14) = -1 EBADF (Bad file descriptor) [pid 5301] close(15) = -1 EBADF (Bad file descriptor) [ 84.531375][ T5302] BTRFS info (device loop0): balance: ended with status: 0 [pid 5301] close(16) = -1 EBADF (Bad file descriptor) [pid 5301] close(17) = -1 EBADF (Bad file descriptor) [pid 5301] close(18) = -1 EBADF (Bad file descriptor) [pid 5301] close(19) = -1 EBADF (Bad file descriptor) [pid 5301] close(20) = -1 EBADF (Bad file descriptor) [pid 5301] close(21) = -1 EBADF (Bad file descriptor) [pid 5301] close(22) = -1 EBADF (Bad file descriptor) [pid 5301] close(23) = -1 EBADF (Bad file descriptor) [pid 5301] close(24) = -1 EBADF (Bad file descriptor) [pid 5301] close(25) = -1 EBADF (Bad file descriptor) [pid 5301] close(26) = -1 EBADF (Bad file descriptor) [pid 5301] close(27) = -1 EBADF (Bad file descriptor) [pid 5301] close(28) = -1 EBADF (Bad file descriptor) [pid 5301] close(29) = -1 EBADF (Bad file descriptor) [pid 5301] exit_group(0 [pid 5321] <... futex resumed>) = ? [pid 5302] <... futex resumed>) = ? [pid 5321] +++ exited with 0 +++ [pid 5302] +++ exited with 0 +++ [pid 5301] <... exit_group resumed>) = ? [pid 5301] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- [pid 5068] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./11/binderfs") = 0 [ 84.689287][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./11/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./11") = 0 [pid 5068] mkdir("./12", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5322 attached [pid 5322] set_robust_list(0x5555563886a0, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 38 [pid 5322] <... set_robust_list resumed>) = 0 [pid 5322] chdir("./12") = 0 [pid 5322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5322] setpgid(0, 0) = 0 [pid 5322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5322] write(3, "1000", 4) = 4 [pid 5322] close(3) = 0 [pid 5322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5322] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5322] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5323 attached [pid 5323] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053) = 0 [pid 5322] <... clone3 resumed> => {parent_tid=[39]}, 88) = 39 [pid 5323] set_robust_list(0x7f17f344b9a0, 24 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], [pid 5323] <... set_robust_list resumed>) = 0 [pid 5322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5322] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5322] <... futex resumed>) = 0 [pid 5323] memfd_create("syzkaller", 0 [pid 5322] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5323] <... memfd_create resumed>) = 3 [pid 5323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5323] munmap(0x7f17eb000000, 138412032) = 0 [pid 5323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5323] close(3) = 0 [pid 5323] close(4) = 0 [pid 5323] mkdir("./file0", 0777) = 0 [ 85.185358][ T5323] loop0: detected capacity change from 0 to 32768 [ 85.214008][ T5323] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5323) [ 85.235658][ T5323] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 85.246141][ T5323] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 85.255930][ T5323] BTRFS info (device loop0): disk space caching is enabled [ 85.288539][ T5323] BTRFS info (device loop0): rebuilding free space tree [ 85.306310][ T5323] BTRFS info (device loop0): disabling free space tree [ 85.313660][ T5323] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 85.323867][ T5323] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5323] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5323] chdir("./file0") = 0 [pid 5323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5323] ioctl(4, LOOP_CLR_FD) = 0 [pid 5323] close(4) = 0 [ 85.339896][ T5323] BTRFS info (device loop0): checking UUID tree [pid 5323] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5323] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] <... futex resumed>) = 0 [pid 5323] open("./file0", O_RDONLY [pid 5322] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] <... open resumed>) = 4 [pid 5323] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5322] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5322] <... futex resumed>) = 0 [pid 5323] <... ioctl resumed>) = 0 [pid 5322] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5323] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5322] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5322] <... futex resumed>) = 0 [pid 5322] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5322] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5322] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5342 attached => {parent_tid=[40]}, 88) = 40 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5322] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5322] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5342] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5342] open(".", O_RDONLY) = 5 [pid 5342] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] <... futex resumed>) = 0 [pid 5342] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5322] <... futex resumed>) = 1 [pid 5342] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 85.446968][ T5323] BTRFS info (device loop0): balance: start -d -m [ 85.458291][ T5323] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 85.486855][ T5323] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5322] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... ioctl resumed>) = 0 [pid 5342] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] <... futex resumed>) = 0 [ 85.573790][ T5323] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5323] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5323] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5322] close(3) = 0 [pid 5322] close(4) = 0 [pid 5322] close(5) = 0 [pid 5322] close(6) = -1 EBADF (Bad file descriptor) [pid 5322] close(7) = -1 EBADF (Bad file descriptor) [pid 5322] close(8) = -1 EBADF (Bad file descriptor) [pid 5322] close(9) = -1 EBADF (Bad file descriptor) [pid 5322] close(10) = -1 EBADF (Bad file descriptor) [ 85.614311][ T5323] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 85.637856][ T5323] BTRFS info (device loop0): balance: ended with status: 0 [pid 5322] close(11) = -1 EBADF (Bad file descriptor) [pid 5322] close(12) = -1 EBADF (Bad file descriptor) [pid 5322] close(13) = -1 EBADF (Bad file descriptor) [pid 5322] close(14) = -1 EBADF (Bad file descriptor) [pid 5322] close(15) = -1 EBADF (Bad file descriptor) [pid 5322] close(16) = -1 EBADF (Bad file descriptor) [pid 5322] close(17) = -1 EBADF (Bad file descriptor) [pid 5322] close(18) = -1 EBADF (Bad file descriptor) [pid 5322] close(19) = -1 EBADF (Bad file descriptor) [pid 5322] close(20) = -1 EBADF (Bad file descriptor) [pid 5322] close(21) = -1 EBADF (Bad file descriptor) [pid 5322] close(22) = -1 EBADF (Bad file descriptor) [pid 5322] close(23) = -1 EBADF (Bad file descriptor) [pid 5322] close(24) = -1 EBADF (Bad file descriptor) [pid 5322] close(25) = -1 EBADF (Bad file descriptor) [pid 5322] close(26) = -1 EBADF (Bad file descriptor) [pid 5322] close(27) = -1 EBADF (Bad file descriptor) [pid 5322] close(28) = -1 EBADF (Bad file descriptor) [pid 5322] close(29) = -1 EBADF (Bad file descriptor) [pid 5322] exit_group(0 [pid 5342] <... futex resumed>) = ? [pid 5323] <... futex resumed>) = ? [pid 5322] <... exit_group resumed>) = ? [pid 5342] +++ exited with 0 +++ [pid 5323] +++ exited with 0 +++ [pid 5322] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=38, si_uid=0, si_status=0, si_utime=0, si_stime=49 /* 0.49 s */} --- [pid 5068] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./12/binderfs") = 0 [ 85.807403][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./12/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./12") = 0 [pid 5068] mkdir("./13", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5343 attached , child_tidptr=0x555556388690) = 41 [pid 5343] set_robust_list(0x5555563886a0, 24) = 0 [pid 5343] chdir("./13") = 0 [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5343] setpgid(0, 0) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5343] write(3, "1000", 4) = 4 [pid 5343] close(3) = 0 [pid 5343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5343] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5343] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5344 attached => {parent_tid=[42]}, 88) = 42 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5344] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5343] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... rseq resumed>) = 0 [pid 5344] set_robust_list(0x7f17f344b9a0, 24) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5344] memfd_create("syzkaller", 0) = 3 [pid 5344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5344] munmap(0x7f17eb000000, 138412032) = 0 [pid 5344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5344] close(3) = 0 [pid 5344] close(4) = 0 [pid 5344] mkdir("./file0", 0777) = 0 [ 86.273727][ T923] cfg80211: failed to load regulatory.db [ 86.308161][ T5344] loop0: detected capacity change from 0 to 32768 [ 86.341253][ T5344] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5344) [ 86.362469][ T5344] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 86.373119][ T5344] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 86.382877][ T5344] BTRFS info (device loop0): disk space caching is enabled [ 86.432946][ T5344] BTRFS info (device loop0): rebuilding free space tree [ 86.447974][ T5344] BTRFS info (device loop0): disabling free space tree [ 86.455297][ T5344] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 86.465859][ T5344] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5344] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5344] chdir("./file0") = 0 [ 86.481897][ T5344] BTRFS info (device loop0): checking UUID tree [pid 5344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5344] ioctl(4, LOOP_CLR_FD) = 0 [pid 5344] close(4) = 0 [pid 5344] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5344] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] <... futex resumed>) = 0 [pid 5344] open("./file0", O_RDONLY [pid 5343] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... open resumed>) = 4 [pid 5344] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5343] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5343] <... futex resumed>) = 0 [pid 5344] <... ioctl resumed>) = 0 [pid 5344] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... futex resumed>) = 0 [pid 5344] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5343] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5343] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5343] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5363 attached [pid 5363] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5363] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], [pid 5343] <... clone3 resumed> => {parent_tid=[43]}, 88) = 43 [pid 5363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5363] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5343] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5363] open(".", O_RDONLY [pid 5343] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... open resumed>) = 5 [pid 5363] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 86.590666][ T5344] BTRFS info (device loop0): balance: start -d -m [ 86.602736][ T5344] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 86.629661][ T5344] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5363] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 5363] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [ 86.708540][ T5344] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 86.743153][ T5344] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5363] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5344] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] close(3 [pid 5344] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] <... close resumed>) = 0 [pid 5343] close(4) = 0 [pid 5343] close(5) = 0 [pid 5343] close(6) = -1 EBADF (Bad file descriptor) [pid 5343] close(7) = -1 EBADF (Bad file descriptor) [pid 5343] close(8) = -1 EBADF (Bad file descriptor) [ 86.765577][ T5344] BTRFS info (device loop0): balance: ended with status: 0 [pid 5343] close(9) = -1 EBADF (Bad file descriptor) [pid 5343] close(10) = -1 EBADF (Bad file descriptor) [pid 5343] close(11) = -1 EBADF (Bad file descriptor) [pid 5343] close(12) = -1 EBADF (Bad file descriptor) [pid 5343] close(13) = -1 EBADF (Bad file descriptor) [pid 5343] close(14) = -1 EBADF (Bad file descriptor) [pid 5343] close(15) = -1 EBADF (Bad file descriptor) [pid 5343] close(16) = -1 EBADF (Bad file descriptor) [pid 5343] close(17) = -1 EBADF (Bad file descriptor) [pid 5343] close(18) = -1 EBADF (Bad file descriptor) [pid 5343] close(19) = -1 EBADF (Bad file descriptor) [pid 5343] close(20) = -1 EBADF (Bad file descriptor) [pid 5343] close(21) = -1 EBADF (Bad file descriptor) [pid 5343] close(22) = -1 EBADF (Bad file descriptor) [pid 5343] close(23) = -1 EBADF (Bad file descriptor) [pid 5343] close(24) = -1 EBADF (Bad file descriptor) [pid 5343] close(25) = -1 EBADF (Bad file descriptor) [pid 5343] close(26) = -1 EBADF (Bad file descriptor) [pid 5343] close(27) = -1 EBADF (Bad file descriptor) [pid 5343] close(28) = -1 EBADF (Bad file descriptor) [pid 5343] close(29) = -1 EBADF (Bad file descriptor) [pid 5343] exit_group(0 [pid 5363] <... futex resumed>) = ? [pid 5344] <... futex resumed>) = ? [pid 5363] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ [pid 5343] <... exit_group resumed>) = ? [pid 5343] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=41, si_uid=0, si_status=0, si_utime=0, si_stime=45 /* 0.45 s */} --- [pid 5068] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./13/binderfs") = 0 [ 86.967415][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./13/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./13") = 0 [pid 5068] mkdir("./14", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5364 attached , child_tidptr=0x555556388690) = 44 [pid 5364] set_robust_list(0x5555563886a0, 24) = 0 [pid 5364] chdir("./14") = 0 [pid 5364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5364] setpgid(0, 0) = 0 [pid 5364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5364] write(3, "1000", 4) = 4 [pid 5364] close(3) = 0 [pid 5364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5364] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5364] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5364] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5365 attached [pid 5365] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5364] <... clone3 resumed> => {parent_tid=[45]}, 88) = 45 [pid 5365] <... rseq resumed>) = 0 [pid 5365] set_robust_list(0x7f17f344b9a0, 24 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] <... set_robust_list resumed>) = 0 [pid 5364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5364] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5365] memfd_create("syzkaller", 0) = 3 [pid 5365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5365] munmap(0x7f17eb000000, 138412032) = 0 [pid 5365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5365] close(3) = 0 [pid 5365] close(4) = 0 [pid 5365] mkdir("./file0", 0777) = 0 [ 87.441119][ T5365] loop0: detected capacity change from 0 to 32768 [ 87.472978][ T5365] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5365) [ 87.494517][ T5365] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 87.505585][ T5365] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 87.515450][ T5365] BTRFS info (device loop0): disk space caching is enabled [ 87.550216][ T5365] BTRFS info (device loop0): rebuilding free space tree [ 87.568339][ T5365] BTRFS info (device loop0): disabling free space tree [ 87.575526][ T5365] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 87.585794][ T5365] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5365] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5365] chdir("./file0") = 0 [pid 5365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5365] ioctl(4, LOOP_CLR_FD) = 0 [pid 5365] close(4) = 0 [pid 5365] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] open("./file0", O_RDONLY) = 4 [ 87.603257][ T5365] BTRFS info (device loop0): checking UUID tree [pid 5365] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5364] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] <... ioctl resumed>) = 0 [pid 5365] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] <... futex resumed>) = 0 [pid 5364] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5364] <... futex resumed>) = 1 [pid 5365] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5364] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5364] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5364] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0} => {parent_tid=[46]}, 88) = 46 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5364] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5364] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5384 attached [pid 5384] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5384] set_robust_list(0x7f17f342a9a0, 24) = 0 [ 87.699039][ T5365] BTRFS info (device loop0): balance: start -d -m [ 87.708945][ T5365] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 87.738228][ T5365] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5384] open(".", O_RDONLY) = 5 [pid 5384] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5384] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5364] <... futex resumed>) = 0 [pid 5384] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5364] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... ioctl resumed>) = 0 [pid 5384] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [ 87.827319][ T5365] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5384] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5365] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5364] close(3) = 0 [pid 5364] close(4) = 0 [pid 5364] close(5) = 0 [pid 5364] close(6) = -1 EBADF (Bad file descriptor) [pid 5364] close(7) = -1 EBADF (Bad file descriptor) [pid 5364] close(8) = -1 EBADF (Bad file descriptor) [pid 5364] close(9) = -1 EBADF (Bad file descriptor) [pid 5364] close(10) = -1 EBADF (Bad file descriptor) [pid 5364] close(11) = -1 EBADF (Bad file descriptor) [pid 5364] close(12) = -1 EBADF (Bad file descriptor) [pid 5364] close(13) = -1 EBADF (Bad file descriptor) [pid 5364] close(14) = -1 EBADF (Bad file descriptor) [pid 5364] close(15) = -1 EBADF (Bad file descriptor) [pid 5364] close(16) = -1 EBADF (Bad file descriptor) [pid 5364] close(17) = -1 EBADF (Bad file descriptor) [ 87.867641][ T5365] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 87.889444][ T5365] BTRFS info (device loop0): balance: ended with status: 0 [pid 5364] close(18) = -1 EBADF (Bad file descriptor) [pid 5364] close(19) = -1 EBADF (Bad file descriptor) [pid 5364] close(20) = -1 EBADF (Bad file descriptor) [pid 5364] close(21) = -1 EBADF (Bad file descriptor) [pid 5364] close(22) = -1 EBADF (Bad file descriptor) [pid 5364] close(23) = -1 EBADF (Bad file descriptor) [pid 5364] close(24) = -1 EBADF (Bad file descriptor) [pid 5364] close(25) = -1 EBADF (Bad file descriptor) [pid 5364] close(26) = -1 EBADF (Bad file descriptor) [pid 5364] close(27) = -1 EBADF (Bad file descriptor) [pid 5364] close(28) = -1 EBADF (Bad file descriptor) [pid 5364] close(29) = -1 EBADF (Bad file descriptor) [pid 5364] exit_group(0 [pid 5384] <... futex resumed>) = ? [pid 5365] <... futex resumed>) = ? [pid 5364] <... exit_group resumed>) = ? [pid 5384] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ [pid 5364] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=44, si_uid=0, si_status=0, si_utime=0, si_stime=48 /* 0.48 s */} --- [pid 5068] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./14/binderfs") = 0 [ 88.031656][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./14/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./14") = 0 [pid 5068] mkdir("./15", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5385 attached [pid 5385] set_robust_list(0x5555563886a0, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 47 [pid 5385] <... set_robust_list resumed>) = 0 [pid 5385] chdir("./15") = 0 [pid 5385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5385] setpgid(0, 0) = 0 [pid 5385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5385] write(3, "1000", 4) = 4 [pid 5385] close(3) = 0 [pid 5385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5385] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5385] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5386 attached [pid 5386] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5385] <... clone3 resumed> => {parent_tid=[48]}, 88) = 48 [pid 5386] <... rseq resumed>) = 0 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5386] set_robust_list(0x7f17f344b9a0, 24 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] <... set_robust_list resumed>) = 0 [pid 5385] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5385] <... futex resumed>) = 0 [pid 5386] memfd_create("syzkaller", 0 [pid 5385] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5386] <... memfd_create resumed>) = 3 [pid 5386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5386] munmap(0x7f17eb000000, 138412032) = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5386] close(3) = 0 [pid 5386] close(4) = 0 [pid 5386] mkdir("./file0", 0777) = 0 [ 88.580207][ T5386] loop0: detected capacity change from 0 to 32768 [ 88.613029][ T5386] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5386) [ 88.635172][ T5386] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 88.645846][ T5386] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.655430][ T5386] BTRFS info (device loop0): disk space caching is enabled [ 88.713004][ T5386] BTRFS info (device loop0): rebuilding free space tree [ 88.729952][ T5386] BTRFS info (device loop0): disabling free space tree [ 88.737471][ T5386] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 88.747217][ T5386] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5386] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5386] chdir("./file0") = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5386] ioctl(4, LOOP_CLR_FD) = 0 [pid 5386] close(4) = 0 [pid 5386] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5385] <... futex resumed>) = 1 [pid 5386] open("./file0", O_RDONLY) = 4 [ 88.764169][ T5386] BTRFS info (device loop0): checking UUID tree [pid 5386] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5385] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5385] <... futex resumed>) = 1 [pid 5386] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5385] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5385] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5385] <... futex resumed>) = 0 [ 88.837440][ T5386] BTRFS info (device loop0): balance: start -d -m [ 88.847407][ T5386] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5385] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5385] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5385] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5405 attached [pid 5405] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5385] <... clone3 resumed> => {parent_tid=[49]}, 88) = 49 [pid 5405] <... rseq resumed>) = 0 [pid 5405] set_robust_list(0x7f17f342a9a0, 24 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5405] <... set_robust_list resumed>) = 0 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5405] open(".", O_RDONLY) = 5 [pid 5405] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5405] <... futex resumed>) = 1 [pid 5405] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5385] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.888478][ T5386] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5385] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... ioctl resumed>) = 0 [pid 5405] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [ 88.975665][ T5386] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 89.009253][ T5386] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5405] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5386] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] close(3) = 0 [pid 5385] close(4) = 0 [pid 5385] close(5) = 0 [pid 5385] close(6) = -1 EBADF (Bad file descriptor) [pid 5385] close(7) = -1 EBADF (Bad file descriptor) [pid 5385] close(8) = -1 EBADF (Bad file descriptor) [pid 5385] close(9) = -1 EBADF (Bad file descriptor) [pid 5385] close(10) = -1 EBADF (Bad file descriptor) [pid 5385] close(11) = -1 EBADF (Bad file descriptor) [pid 5385] close(12) = -1 EBADF (Bad file descriptor) [pid 5385] close(13) = -1 EBADF (Bad file descriptor) [ 89.031433][ T5386] BTRFS info (device loop0): balance: ended with status: 0 [pid 5385] close(14) = -1 EBADF (Bad file descriptor) [pid 5385] close(15) = -1 EBADF (Bad file descriptor) [pid 5385] close(16) = -1 EBADF (Bad file descriptor) [pid 5385] close(17) = -1 EBADF (Bad file descriptor) [pid 5385] close(18) = -1 EBADF (Bad file descriptor) [pid 5385] close(19) = -1 EBADF (Bad file descriptor) [pid 5385] close(20) = -1 EBADF (Bad file descriptor) [pid 5385] close(21) = -1 EBADF (Bad file descriptor) [pid 5385] close(22) = -1 EBADF (Bad file descriptor) [pid 5385] close(23) = -1 EBADF (Bad file descriptor) [pid 5385] close(24) = -1 EBADF (Bad file descriptor) [pid 5385] close(25) = -1 EBADF (Bad file descriptor) [pid 5385] close(26) = -1 EBADF (Bad file descriptor) [pid 5385] close(27) = -1 EBADF (Bad file descriptor) [pid 5385] close(28) = -1 EBADF (Bad file descriptor) [pid 5385] close(29) = -1 EBADF (Bad file descriptor) [pid 5385] exit_group(0 [pid 5405] <... futex resumed>) = ? [pid 5386] <... futex resumed>) = ? [pid 5385] <... exit_group resumed>) = ? [pid 5405] +++ exited with 0 +++ [pid 5386] +++ exited with 0 +++ [pid 5385] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=47, si_uid=0, si_status=0, si_utime=0, si_stime=45 /* 0.45 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./15/binderfs") = 0 [ 89.194037][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./15/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./15") = 0 [pid 5068] mkdir("./16", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5406 attached , child_tidptr=0x555556388690) = 50 [pid 5406] set_robust_list(0x5555563886a0, 24) = 0 [pid 5406] chdir("./16") = 0 [pid 5406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5406] setpgid(0, 0) = 0 [pid 5406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5406] write(3, "1000", 4) = 4 [pid 5406] close(3) = 0 [pid 5406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5406] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5406] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5406] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5407 attached => {parent_tid=[51]}, 88) = 51 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5407] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053) = 0 [pid 5407] set_robust_list(0x7f17f344b9a0, 24 [pid 5406] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... set_robust_list resumed>) = 0 [pid 5406] <... futex resumed>) = 0 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], [pid 5406] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5407] memfd_create("syzkaller", 0) = 3 [pid 5407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5407] munmap(0x7f17eb000000, 138412032) = 0 [pid 5407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5407] close(3) = 0 [pid 5407] close(4) = 0 [pid 5407] mkdir("./file0", 0777) = 0 [ 89.727721][ T5407] loop0: detected capacity change from 0 to 32768 [ 89.756606][ T5407] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5407) [ 89.777372][ T5407] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 89.788063][ T5407] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.797444][ T5407] BTRFS info (device loop0): disk space caching is enabled [ 89.827709][ T5407] BTRFS info (device loop0): rebuilding free space tree [ 89.844678][ T5407] BTRFS info (device loop0): disabling free space tree [ 89.851716][ T5407] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 89.861511][ T5407] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5407] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5407] chdir("./file0") = 0 [pid 5407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5407] ioctl(4, LOOP_CLR_FD) = 0 [pid 5407] close(4) = 0 [pid 5407] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] <... futex resumed>) = 0 [pid 5406] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5406] <... futex resumed>) = 1 [pid 5407] open("./file0", O_RDONLY [pid 5406] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] <... open resumed>) = 4 [pid 5407] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] <... futex resumed>) = 0 [pid 5407] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5406] <... futex resumed>) = 0 [pid 5407] <... ioctl resumed>) = 0 [pid 5407] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5407] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5406] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5406] <... futex resumed>) = 1 [pid 5406] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 89.876580][ T5407] BTRFS info (device loop0): checking UUID tree [pid 5407] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5406] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5406] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5406] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5425 attached => {parent_tid=[52]}, 88) = 52 [pid 5425] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5425] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], [pid 5425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 89.922996][ T5407] BTRFS info (device loop0): balance: start -d -m [ 89.932493][ T5407] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 89.955285][ T5407] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5425] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5406] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5406] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] <... futex resumed>) = 0 [pid 5425] open(".", O_RDONLY) = 5 [pid 5425] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = 1 [pid 5406] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5406] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 5425] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = 1 [ 89.997428][ T5407] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5425] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5407] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5406] close(3) = 0 [pid 5406] close(4) = 0 [pid 5406] close(5) = 0 [pid 5406] close(6) = -1 EBADF (Bad file descriptor) [ 90.051608][ T5407] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 90.073971][ T5407] BTRFS info (device loop0): balance: ended with status: 0 [pid 5406] close(7) = -1 EBADF (Bad file descriptor) [pid 5406] close(8) = -1 EBADF (Bad file descriptor) [pid 5406] close(9) = -1 EBADF (Bad file descriptor) [pid 5406] close(10) = -1 EBADF (Bad file descriptor) [pid 5406] close(11) = -1 EBADF (Bad file descriptor) [pid 5406] close(12) = -1 EBADF (Bad file descriptor) [pid 5406] close(13) = -1 EBADF (Bad file descriptor) [pid 5406] close(14) = -1 EBADF (Bad file descriptor) [pid 5406] close(15) = -1 EBADF (Bad file descriptor) [pid 5406] close(16) = -1 EBADF (Bad file descriptor) [pid 5406] close(17) = -1 EBADF (Bad file descriptor) [pid 5406] close(18) = -1 EBADF (Bad file descriptor) [pid 5406] close(19) = -1 EBADF (Bad file descriptor) [pid 5406] close(20) = -1 EBADF (Bad file descriptor) [pid 5406] close(21) = -1 EBADF (Bad file descriptor) [pid 5406] close(22) = -1 EBADF (Bad file descriptor) [pid 5406] close(23) = -1 EBADF (Bad file descriptor) [pid 5406] close(24) = -1 EBADF (Bad file descriptor) [pid 5406] close(25) = -1 EBADF (Bad file descriptor) [pid 5406] close(26) = -1 EBADF (Bad file descriptor) [pid 5406] close(27) = -1 EBADF (Bad file descriptor) [pid 5406] close(28) = -1 EBADF (Bad file descriptor) [pid 5406] close(29) = -1 EBADF (Bad file descriptor) [pid 5406] exit_group(0 [pid 5425] <... futex resumed>) = ? [pid 5407] <... futex resumed>) = ? [pid 5406] <... exit_group resumed>) = ? [pid 5425] +++ exited with 0 +++ [pid 5407] +++ exited with 0 +++ [pid 5406] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=50, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=47 /* 0.47 s */} --- [pid 5068] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./16/binderfs") = 0 [ 90.290406][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./16/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./16") = 0 [pid 5068] mkdir("./17", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5426 attached , child_tidptr=0x555556388690) = 53 [pid 5426] set_robust_list(0x5555563886a0, 24) = 0 [pid 5426] chdir("./17") = 0 [pid 5426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5426] setpgid(0, 0) = 0 [pid 5426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5426] write(3, "1000", 4) = 4 [pid 5426] close(3) = 0 [pid 5426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5426] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5426] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5427 attached [pid 5427] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5426] <... clone3 resumed> => {parent_tid=[54]}, 88) = 54 [pid 5427] <... rseq resumed>) = 0 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], [pid 5427] set_robust_list(0x7f17f344b9a0, 24 [pid 5426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5427] <... set_robust_list resumed>) = 0 [pid 5426] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5427] memfd_create("syzkaller", 0) = 3 [pid 5427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5427] munmap(0x7f17eb000000, 138412032) = 0 [pid 5427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5427] close(3) = 0 [pid 5427] close(4) = 0 [pid 5427] mkdir("./file0", 0777) = 0 [ 90.791923][ T5427] loop0: detected capacity change from 0 to 32768 [ 90.815310][ T5427] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5427) [ 90.834219][ T5427] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 90.845152][ T5427] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 90.855244][ T5427] BTRFS info (device loop0): disk space caching is enabled [ 90.887724][ T5427] BTRFS info (device loop0): rebuilding free space tree [ 90.902878][ T5427] BTRFS info (device loop0): disabling free space tree [ 90.909804][ T5427] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 90.919935][ T5427] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5427] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5427] chdir("./file0") = 0 [pid 5427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5427] ioctl(4, LOOP_CLR_FD) = 0 [ 90.935309][ T5427] BTRFS info (device loop0): checking UUID tree [pid 5427] close(4) = 0 [pid 5427] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] open("./file0", O_RDONLY [pid 5426] <... futex resumed>) = 0 [pid 5427] <... open resumed>) = 4 [pid 5426] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5427] <... futex resumed>) = 1 [pid 5426] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5426] <... futex resumed>) = 0 [pid 5427] <... ioctl resumed>) = 0 [pid 5426] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5427] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5426] <... futex resumed>) = 0 [pid 5427] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5426] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5426] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5426] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [ 91.018983][ T5427] BTRFS info (device loop0): balance: start -d -m [ 91.026923][ T5427] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 91.047411][ T5427] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5445 attached [pid 5445] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5426] <... clone3 resumed> => {parent_tid=[55]}, 88) = 55 [pid 5445] <... rseq resumed>) = 0 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], [pid 5445] set_robust_list(0x7f17f342a9a0, 24 [pid 5426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5445] <... set_robust_list resumed>) = 0 [pid 5426] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], [pid 5426] <... futex resumed>) = 0 [pid 5445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5445] open(".", O_RDONLY) = 5 [pid 5445] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... futex resumed>) = 0 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5445] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5426] <... futex resumed>) = 0 [pid 5445] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5426] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... ioctl resumed>) = 0 [pid 5445] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5445] <... futex resumed>) = 1 [ 91.086034][ T5427] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 91.124569][ T5427] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5445] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5427] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5427] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] close(3 [pid 5427] <... futex resumed>) = 0 [pid 5426] <... close resumed>) = 0 [pid 5427] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] close(4) = 0 [pid 5426] close(5) = 0 [pid 5426] close(6) = -1 EBADF (Bad file descriptor) [pid 5426] close(7) = -1 EBADF (Bad file descriptor) [pid 5426] close(8) = -1 EBADF (Bad file descriptor) [ 91.161561][ T5427] BTRFS info (device loop0): balance: ended with status: 0 [pid 5426] close(9) = -1 EBADF (Bad file descriptor) [pid 5426] close(10) = -1 EBADF (Bad file descriptor) [pid 5426] close(11) = -1 EBADF (Bad file descriptor) [pid 5426] close(12) = -1 EBADF (Bad file descriptor) [pid 5426] close(13) = -1 EBADF (Bad file descriptor) [pid 5426] close(14) = -1 EBADF (Bad file descriptor) [pid 5426] close(15) = -1 EBADF (Bad file descriptor) [pid 5426] close(16) = -1 EBADF (Bad file descriptor) [pid 5426] close(17) = -1 EBADF (Bad file descriptor) [pid 5426] close(18) = -1 EBADF (Bad file descriptor) [pid 5426] close(19) = -1 EBADF (Bad file descriptor) [pid 5426] close(20) = -1 EBADF (Bad file descriptor) [pid 5426] close(21) = -1 EBADF (Bad file descriptor) [pid 5426] close(22) = -1 EBADF (Bad file descriptor) [pid 5426] close(23) = -1 EBADF (Bad file descriptor) [pid 5426] close(24) = -1 EBADF (Bad file descriptor) [pid 5426] close(25) = -1 EBADF (Bad file descriptor) [pid 5426] close(26) = -1 EBADF (Bad file descriptor) [pid 5426] close(27) = -1 EBADF (Bad file descriptor) [pid 5426] close(28) = -1 EBADF (Bad file descriptor) [pid 5426] close(29) = -1 EBADF (Bad file descriptor) [pid 5426] exit_group(0 [pid 5445] <... futex resumed>) = ? [pid 5445] +++ exited with 0 +++ [pid 5427] <... futex resumed>) = ? [pid 5426] <... exit_group resumed>) = ? [pid 5427] +++ exited with 0 +++ [pid 5426] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=53, si_uid=0, si_status=0, si_utime=0, si_stime=47 /* 0.47 s */} --- [pid 5068] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./17/binderfs") = 0 [ 91.331638][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./17/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./17") = 0 [pid 5068] mkdir("./18", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5446 attached [pid 5446] set_robust_list(0x5555563886a0, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 56 [pid 5446] <... set_robust_list resumed>) = 0 [pid 5446] chdir("./18") = 0 [pid 5446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5446] setpgid(0, 0) = 0 [pid 5446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5446] write(3, "1000", 4) = 4 [pid 5446] close(3) = 0 [pid 5446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5446] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5446] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5447 attached [pid 5447] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5446] <... clone3 resumed> => {parent_tid=[57]}, 88) = 57 [pid 5447] <... rseq resumed>) = 0 [pid 5446] rt_sigprocmask(SIG_SETMASK, [], [pid 5447] set_robust_list(0x7f17f344b9a0, 24 [pid 5446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5447] <... set_robust_list resumed>) = 0 [pid 5446] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] rt_sigprocmask(SIG_SETMASK, [], [pid 5446] <... futex resumed>) = 0 [pid 5447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5446] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5447] memfd_create("syzkaller", 0) = 3 [pid 5447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5447] munmap(0x7f17eb000000, 138412032) = 0 [pid 5447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5447] close(3) = 0 [pid 5447] close(4) = 0 [pid 5447] mkdir("./file0", 0777) = 0 [ 91.747487][ T5447] loop0: detected capacity change from 0 to 32768 [ 91.774321][ T5447] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5447) [ 91.792874][ T5447] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 91.803148][ T5447] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 91.812824][ T5447] BTRFS info (device loop0): disk space caching is enabled [ 91.845007][ T5447] BTRFS info (device loop0): rebuilding free space tree [ 91.863774][ T5447] BTRFS info (device loop0): disabling free space tree [ 91.871196][ T5447] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 91.881359][ T5447] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5447] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5447] chdir("./file0") = 0 [pid 5447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5447] ioctl(4, LOOP_CLR_FD) = 0 [pid 5447] close(4) = 0 [pid 5447] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] open("./file0", O_RDONLY) = 4 [pid 5447] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5447] <... futex resumed>) = 1 [pid 5446] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [ 91.898147][ T5447] BTRFS info (device loop0): checking UUID tree [pid 5447] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5447] <... futex resumed>) = 1 [pid 5446] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5446] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5446] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [ 91.973051][ T5447] BTRFS info (device loop0): balance: start -d -m [ 91.980907][ T5447] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 92.000911][ T5447] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5465 attached [pid 5465] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5446] <... clone3 resumed> => {parent_tid=[58]}, 88) = 58 [pid 5465] <... rseq resumed>) = 0 [pid 5446] rt_sigprocmask(SIG_SETMASK, [], [pid 5465] set_robust_list(0x7f17f342a9a0, 24 [pid 5446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5465] <... set_robust_list resumed>) = 0 [pid 5446] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] rt_sigprocmask(SIG_SETMASK, [], [pid 5446] <... futex resumed>) = 0 [pid 5465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5446] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] open(".", O_RDONLY) = 5 [pid 5465] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5446] <... futex resumed>) = 0 [pid 5465] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5465] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... ioctl resumed>) = 0 [pid 5465] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5465] <... futex resumed>) = 1 [ 92.040597][ T5447] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 92.071548][ T5447] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5465] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5447] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] close(3 [pid 5447] <... futex resumed>) = 0 [pid 5447] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] <... close resumed>) = 0 [pid 5446] close(4) = 0 [pid 5446] close(5) = 0 [pid 5446] close(6) = -1 EBADF (Bad file descriptor) [pid 5446] close(7) = -1 EBADF (Bad file descriptor) [pid 5446] close(8) = -1 EBADF (Bad file descriptor) [pid 5446] close(9) = -1 EBADF (Bad file descriptor) [pid 5446] close(10) = -1 EBADF (Bad file descriptor) [pid 5446] close(11) = -1 EBADF (Bad file descriptor) [pid 5446] close(12) = -1 EBADF (Bad file descriptor) [pid 5446] close(13) = -1 EBADF (Bad file descriptor) [pid 5446] close(14) = -1 EBADF (Bad file descriptor) [pid 5446] close(15) = -1 EBADF (Bad file descriptor) [ 92.117991][ T5447] BTRFS info (device loop0): balance: ended with status: 0 [pid 5446] close(16) = -1 EBADF (Bad file descriptor) [pid 5446] close(17) = -1 EBADF (Bad file descriptor) [pid 5446] close(18) = -1 EBADF (Bad file descriptor) [pid 5446] close(19) = -1 EBADF (Bad file descriptor) [pid 5446] close(20) = -1 EBADF (Bad file descriptor) [pid 5446] close(21) = -1 EBADF (Bad file descriptor) [pid 5446] close(22) = -1 EBADF (Bad file descriptor) [pid 5446] close(23) = -1 EBADF (Bad file descriptor) [pid 5446] close(24) = -1 EBADF (Bad file descriptor) [pid 5446] close(25) = -1 EBADF (Bad file descriptor) [pid 5446] close(26) = -1 EBADF (Bad file descriptor) [pid 5446] close(27) = -1 EBADF (Bad file descriptor) [pid 5446] close(28) = -1 EBADF (Bad file descriptor) [pid 5446] close(29) = -1 EBADF (Bad file descriptor) [pid 5446] exit_group(0 [pid 5465] <... futex resumed>) = ? [pid 5447] <... futex resumed>) = ? [pid 5446] <... exit_group resumed>) = ? [pid 5465] +++ exited with 0 +++ [pid 5447] +++ exited with 0 +++ [pid 5446] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=56, si_uid=0, si_status=0, si_utime=0, si_stime=49 /* 0.49 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./18/binderfs") = 0 [ 92.249311][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./18/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./18") = 0 [pid 5068] mkdir("./19", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5466 attached [pid 5466] set_robust_list(0x5555563886a0, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 59 [pid 5466] <... set_robust_list resumed>) = 0 [pid 5466] chdir("./19") = 0 [pid 5466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5466] setpgid(0, 0) = 0 [pid 5466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5466] write(3, "1000", 4) = 4 [pid 5466] close(3) = 0 [pid 5466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5466] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5466] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5466] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5467 attached [pid 5467] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053) = 0 [pid 5466] <... clone3 resumed> => {parent_tid=[60]}, 88) = 60 [pid 5467] set_robust_list(0x7f17f344b9a0, 24 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], [pid 5467] <... set_robust_list resumed>) = 0 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], [pid 5466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5466] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] memfd_create("syzkaller", 0 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5467] <... memfd_create resumed>) = 3 [pid 5467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5467] munmap(0x7f17eb000000, 138412032) = 0 [pid 5467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5467] close(3) = 0 [pid 5467] close(4) = 0 [pid 5467] mkdir("./file0", 0777) = 0 [ 92.762459][ T5467] loop0: detected capacity change from 0 to 32768 [ 92.789929][ T5467] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5467) [ 92.821691][ T5467] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 92.832047][ T5467] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.842110][ T5467] BTRFS info (device loop0): disk space caching is enabled [ 92.890638][ T5467] BTRFS info (device loop0): rebuilding free space tree [ 92.913509][ T5467] BTRFS info (device loop0): disabling free space tree [ 92.920606][ T5467] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 92.930980][ T5467] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5467] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5467] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5467] chdir("./file0") = 0 [pid 5467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5467] ioctl(4, LOOP_CLR_FD) = 0 [pid 5467] close(4) = 0 [pid 5467] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] open("./file0", O_RDONLY [ 92.948284][ T5467] BTRFS info (device loop0): checking UUID tree [pid 5466] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... open resumed>) = 4 [pid 5467] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5466] <... futex resumed>) = 0 [pid 5467] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5466] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... ioctl resumed>) = 0 [pid 5467] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... futex resumed>) = 0 [pid 5467] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5466] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5466] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5466] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0} => {parent_tid=[61]}, 88) = 61 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5466] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5486 attached ) = 0 [pid 5486] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5466] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] <... rseq resumed>) = 0 [pid 5486] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5486] open(".", O_RDONLY) = 5 [pid 5486] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5486] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5466] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.056122][ T5467] BTRFS info (device loop0): balance: start -d -m [ 93.066374][ T5467] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 93.089743][ T5467] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5466] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5486] <... ioctl resumed>) = 0 [pid 5486] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.159084][ T5467] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5486] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5467] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] close(3) = 0 [pid 5466] close(4) = 0 [pid 5466] close(5) = 0 [pid 5466] close(6) = -1 EBADF (Bad file descriptor) [pid 5466] close(7) = -1 EBADF (Bad file descriptor) [pid 5466] close(8) = -1 EBADF (Bad file descriptor) [pid 5466] close(9) = -1 EBADF (Bad file descriptor) [pid 5466] close(10) = -1 EBADF (Bad file descriptor) [pid 5466] close(11) = -1 EBADF (Bad file descriptor) [pid 5466] close(12) = -1 EBADF (Bad file descriptor) [ 93.209661][ T5467] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 93.232024][ T5467] BTRFS info (device loop0): balance: ended with status: 0 [pid 5466] close(13) = -1 EBADF (Bad file descriptor) [pid 5466] close(14) = -1 EBADF (Bad file descriptor) [pid 5466] close(15) = -1 EBADF (Bad file descriptor) [pid 5466] close(16) = -1 EBADF (Bad file descriptor) [pid 5466] close(17) = -1 EBADF (Bad file descriptor) [pid 5466] close(18) = -1 EBADF (Bad file descriptor) [pid 5466] close(19) = -1 EBADF (Bad file descriptor) [pid 5466] close(20) = -1 EBADF (Bad file descriptor) [pid 5466] close(21) = -1 EBADF (Bad file descriptor) [pid 5466] close(22) = -1 EBADF (Bad file descriptor) [pid 5466] close(23) = -1 EBADF (Bad file descriptor) [pid 5466] close(24) = -1 EBADF (Bad file descriptor) [pid 5466] close(25) = -1 EBADF (Bad file descriptor) [pid 5466] close(26) = -1 EBADF (Bad file descriptor) [pid 5466] close(27) = -1 EBADF (Bad file descriptor) [pid 5466] close(28) = -1 EBADF (Bad file descriptor) [pid 5466] close(29) = -1 EBADF (Bad file descriptor) [pid 5466] exit_group(0) = ? [pid 5486] <... futex resumed>) = ? [pid 5467] <... futex resumed>) = ? [pid 5486] +++ exited with 0 +++ [pid 5467] +++ exited with 0 +++ [pid 5466] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=59, si_uid=0, si_status=0, si_utime=0, si_stime=48 /* 0.48 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./19/binderfs") = 0 [ 93.440315][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./19/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./19") = 0 [pid 5068] mkdir("./20", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5487 attached [pid 5487] set_robust_list(0x5555563886a0, 24) = 0 [pid 5487] chdir("./20" [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 62 [pid 5487] <... chdir resumed>) = 0 [pid 5487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5487] setpgid(0, 0) = 0 [pid 5487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5487] write(3, "1000", 4) = 4 [pid 5487] close(3) = 0 [pid 5487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5487] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5487] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5488 attached => {parent_tid=[63]}, 88) = 63 [pid 5488] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053) = 0 [pid 5488] set_robust_list(0x7f17f344b9a0, 24) = 0 [pid 5488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5488] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5487] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = 0 [pid 5487] <... futex resumed>) = 1 [pid 5488] memfd_create("syzkaller", 0 [pid 5487] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5488] <... memfd_create resumed>) = 3 [pid 5488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5488] munmap(0x7f17eb000000, 138412032) = 0 [pid 5488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5488] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5488] close(3) = 0 [pid 5488] close(4) = 0 [pid 5488] mkdir("./file0", 0777) = 0 [ 93.916751][ T5488] loop0: detected capacity change from 0 to 32768 [ 93.953580][ T5488] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5488) [ 93.978028][ T5488] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 93.988565][ T5488] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.998698][ T5488] BTRFS info (device loop0): disk space caching is enabled [ 94.045113][ T5488] BTRFS info (device loop0): rebuilding free space tree [ 94.064107][ T5488] BTRFS info (device loop0): disabling free space tree [ 94.071253][ T5488] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 94.081029][ T5488] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5488] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5488] chdir("./file0") = 0 [pid 5488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5488] ioctl(4, LOOP_CLR_FD) = 0 [pid 5488] close(4) = 0 [pid 5488] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] <... futex resumed>) = 0 [pid 5488] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5487] <... futex resumed>) = 0 [pid 5488] open("./file0", O_RDONLY [pid 5487] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] <... open resumed>) = 4 [pid 5488] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] <... futex resumed>) = 0 [pid 5488] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 94.096380][ T5488] BTRFS info (device loop0): checking UUID tree [pid 5487] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5487] <... futex resumed>) = 0 [pid 5488] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5487] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] <... ioctl resumed>) = 0 [pid 5488] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5487] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = 0 [pid 5487] <... futex resumed>) = 1 [pid 5488] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5487] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5487] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [ 94.153160][ T5488] BTRFS info (device loop0): balance: start -d -m [ 94.161189][ T5488] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 94.181616][ T5488] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5487] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5506 attached [pid 5506] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5487] <... clone3 resumed> => {parent_tid=[64]}, 88) = 64 [pid 5506] <... rseq resumed>) = 0 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], [pid 5506] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5506] rt_sigprocmask(SIG_SETMASK, [], [pid 5487] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5506] open(".", O_RDONLY) = 5 [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5506] <... futex resumed>) = 0 [pid 5487] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... ioctl resumed>) = 0 [ 94.219055][ T5488] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 94.251580][ T5488] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5506] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5506] <... futex resumed>) = 1 [pid 5506] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5488] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] close(3 [pid 5488] <... futex resumed>) = 0 [pid 5487] <... close resumed>) = 0 [pid 5488] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] close(4) = 0 [pid 5487] close(5) = 0 [pid 5487] close(6) = -1 EBADF (Bad file descriptor) [pid 5487] close(7) = -1 EBADF (Bad file descriptor) [pid 5487] close(8) = -1 EBADF (Bad file descriptor) [pid 5487] close(9) = -1 EBADF (Bad file descriptor) [pid 5487] close(10) = -1 EBADF (Bad file descriptor) [pid 5487] close(11) = -1 EBADF (Bad file descriptor) [pid 5487] close(12) = -1 EBADF (Bad file descriptor) [ 94.285244][ T5488] BTRFS info (device loop0): balance: ended with status: 0 [pid 5487] close(13) = -1 EBADF (Bad file descriptor) [pid 5487] close(14) = -1 EBADF (Bad file descriptor) [pid 5487] close(15) = -1 EBADF (Bad file descriptor) [pid 5487] close(16) = -1 EBADF (Bad file descriptor) [pid 5487] close(17) = -1 EBADF (Bad file descriptor) [pid 5487] close(18) = -1 EBADF (Bad file descriptor) [pid 5487] close(19) = -1 EBADF (Bad file descriptor) [pid 5487] close(20) = -1 EBADF (Bad file descriptor) [pid 5487] close(21) = -1 EBADF (Bad file descriptor) [pid 5487] close(22) = -1 EBADF (Bad file descriptor) [pid 5487] close(23) = -1 EBADF (Bad file descriptor) [pid 5487] close(24) = -1 EBADF (Bad file descriptor) [pid 5487] close(25) = -1 EBADF (Bad file descriptor) [pid 5487] close(26) = -1 EBADF (Bad file descriptor) [pid 5487] close(27) = -1 EBADF (Bad file descriptor) [pid 5487] close(28) = -1 EBADF (Bad file descriptor) [pid 5487] close(29) = -1 EBADF (Bad file descriptor) [pid 5487] exit_group(0) = ? [pid 5506] <... futex resumed>) = ? [pid 5488] <... futex resumed>) = ? [pid 5506] +++ exited with 0 +++ [pid 5488] +++ exited with 0 +++ [pid 5487] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=62, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=46 /* 0.46 s */} --- [pid 5068] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./20/binderfs") = 0 [ 94.452072][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./20/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./20") = 0 [pid 5068] mkdir("./21", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5507 attached [pid 5507] set_robust_list(0x5555563886a0, 24 [pid 5068] <... clone resumed>, child_tidptr=0x555556388690) = 65 [pid 5507] <... set_robust_list resumed>) = 0 [pid 5507] chdir("./21") = 0 [pid 5507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5507] setpgid(0, 0) = 0 [pid 5507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5507] write(3, "1000", 4) = 4 [pid 5507] close(3) = 0 [pid 5507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5507] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5507] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5508 attached => {parent_tid=[66]}, 88) = 66 [pid 5508] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053) = 0 [pid 5508] set_robust_list(0x7f17f344b9a0, 24) = 0 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], [pid 5507] rt_sigprocmask(SIG_SETMASK, [], [pid 5508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5508] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5507] <... futex resumed>) = 0 [pid 5508] memfd_create("syzkaller", 0 [pid 5507] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5508] <... memfd_create resumed>) = 3 [pid 5508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5508] munmap(0x7f17eb000000, 138412032) = 0 [pid 5508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5508] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5508] close(3) = 0 [pid 5508] close(4) = 0 [pid 5508] mkdir("./file0", 0777) = 0 [ 94.942175][ T5508] loop0: detected capacity change from 0 to 32768 [ 94.970213][ T5508] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5508) [ 94.989367][ T5508] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 94.999933][ T5508] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 95.009203][ T5508] BTRFS info (device loop0): disk space caching is enabled [ 95.067469][ T5508] BTRFS info (device loop0): rebuilding free space tree [ 95.084278][ T5508] BTRFS info (device loop0): disabling free space tree [ 95.091573][ T5508] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 95.101390][ T5508] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5508] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5508] chdir("./file0") = 0 [pid 5508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5508] ioctl(4, LOOP_CLR_FD) = 0 [ 95.117434][ T5508] BTRFS info (device loop0): checking UUID tree [pid 5508] close(4) = 0 [pid 5508] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5508] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] <... futex resumed>) = 0 [pid 5507] <... futex resumed>) = 1 [pid 5508] open("./file0", O_RDONLY [pid 5507] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... open resumed>) = 4 [pid 5508] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5507] <... futex resumed>) = 0 [pid 5508] <... ioctl resumed>) = 0 [pid 5507] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5508] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... futex resumed>) = 0 [ 95.235155][ T5508] BTRFS info (device loop0): balance: start -d -m [ 95.243929][ T5508] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5508] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5507] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5507] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5507] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0} => {parent_tid=[67]}, 88) = 67 [pid 5507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5507] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5527 attached [pid 5527] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5527] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5527] open(".", O_RDONLY) = 5 [pid 5527] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 95.277217][ T5508] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5507] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5527] <... ioctl resumed>) = 0 [pid 5527] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.379449][ T5508] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 95.407476][ T5508] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5527] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5508] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] close(3) = 0 [pid 5507] close(4) = 0 [pid 5507] close(5) = 0 [pid 5507] close(6) = -1 EBADF (Bad file descriptor) [pid 5507] close(7) = -1 EBADF (Bad file descriptor) [pid 5507] close(8) = -1 EBADF (Bad file descriptor) [pid 5507] close(9) = -1 EBADF (Bad file descriptor) [pid 5507] close(10) = -1 EBADF (Bad file descriptor) [pid 5507] close(11) = -1 EBADF (Bad file descriptor) [pid 5507] close(12) = -1 EBADF (Bad file descriptor) [pid 5507] close(13) = -1 EBADF (Bad file descriptor) [pid 5507] close(14) = -1 EBADF (Bad file descriptor) [pid 5507] close(15) = -1 EBADF (Bad file descriptor) [ 95.429936][ T5508] BTRFS info (device loop0): balance: ended with status: 0 [pid 5507] close(16) = -1 EBADF (Bad file descriptor) [pid 5507] close(17) = -1 EBADF (Bad file descriptor) [pid 5507] close(18) = -1 EBADF (Bad file descriptor) [pid 5507] close(19) = -1 EBADF (Bad file descriptor) [pid 5507] close(20) = -1 EBADF (Bad file descriptor) [pid 5507] close(21) = -1 EBADF (Bad file descriptor) [pid 5507] close(22) = -1 EBADF (Bad file descriptor) [pid 5507] close(23) = -1 EBADF (Bad file descriptor) [pid 5507] close(24) = -1 EBADF (Bad file descriptor) [pid 5507] close(25) = -1 EBADF (Bad file descriptor) [pid 5507] close(26) = -1 EBADF (Bad file descriptor) [pid 5507] close(27) = -1 EBADF (Bad file descriptor) [pid 5507] close(28) = -1 EBADF (Bad file descriptor) [pid 5507] close(29) = -1 EBADF (Bad file descriptor) [pid 5507] exit_group(0 [pid 5527] <... futex resumed>) = ? [pid 5508] <... futex resumed>) = ? [pid 5507] <... exit_group resumed>) = ? [pid 5527] +++ exited with 0 +++ [pid 5508] +++ exited with 0 +++ [pid 5507] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=65, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=46 /* 0.46 s */} --- [pid 5068] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./21/binderfs") = 0 [ 95.593205][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./21/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./21") = 0 [pid 5068] mkdir("./22", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5528 attached , child_tidptr=0x555556388690) = 68 [pid 5528] set_robust_list(0x5555563886a0, 24) = 0 [pid 5528] chdir("./22") = 0 [pid 5528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5528] setpgid(0, 0) = 0 [pid 5528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5528] write(3, "1000", 4) = 4 [pid 5528] close(3) = 0 [pid 5528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5528] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5528] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5528] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5529 attached [pid 5529] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5528] <... clone3 resumed> => {parent_tid=[69]}, 88) = 69 [pid 5529] <... rseq resumed>) = 0 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], [pid 5529] set_robust_list(0x7f17f344b9a0, 24 [pid 5528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] <... set_robust_list resumed>) = 0 [pid 5528] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5528] <... futex resumed>) = 0 [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5528] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5529] memfd_create("syzkaller", 0) = 3 [pid 5529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5529] munmap(0x7f17eb000000, 138412032) = 0 [pid 5529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5529] close(3) = 0 [pid 5529] close(4) = 0 [pid 5529] mkdir("./file0", 0777) = 0 [ 96.105484][ T5529] loop0: detected capacity change from 0 to 32768 [ 96.122898][ T5529] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5529) [ 96.142830][ T5529] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 96.154556][ T5529] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 96.165047][ T5529] BTRFS info (device loop0): disk space caching is enabled [ 96.233380][ T5529] BTRFS info (device loop0): rebuilding free space tree [ 96.251964][ T5529] BTRFS info (device loop0): disabling free space tree [ 96.258919][ T5529] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 96.268660][ T5529] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5529] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5529] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5529] chdir("./file0") = 0 [pid 5529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5529] ioctl(4, LOOP_CLR_FD) = 0 [pid 5529] close(4) = 0 [pid 5529] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5529] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] <... futex resumed>) = 0 [pid 5529] open("./file0", O_RDONLY [pid 5528] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... open resumed>) = 4 [pid 5529] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5529] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] <... futex resumed>) = 0 [pid 5529] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5528] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... ioctl resumed>) = 0 [pid 5529] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5529] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] <... futex resumed>) = 0 [pid 5529] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 96.284298][ T5529] BTRFS info (device loop0): checking UUID tree [ 96.324331][ T5529] BTRFS info (device loop0): balance: start -d -m [pid 5528] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5528] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5528] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5548 attached => {parent_tid=[70]}, 88) = 70 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5528] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5548] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5548] open(".", O_RDONLY) = 5 [pid 5548] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5548] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] <... futex resumed>) = 0 [pid 5548] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [ 96.333466][ T5529] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 96.362262][ T5529] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5528] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5548] <... ioctl resumed>) = 0 [pid 5548] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 96.452392][ T5529] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5548] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5529] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] close(3 [pid 5529] <... futex resumed>) = 0 [pid 5528] <... close resumed>) = 0 [pid 5529] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] close(4) = 0 [pid 5528] close(5) = 0 [pid 5528] close(6) = -1 EBADF (Bad file descriptor) [pid 5528] close(7) = -1 EBADF (Bad file descriptor) [pid 5528] close(8) = -1 EBADF (Bad file descriptor) [pid 5528] close(9) = -1 EBADF (Bad file descriptor) [pid 5528] close(10) = -1 EBADF (Bad file descriptor) [pid 5528] close(11) = -1 EBADF (Bad file descriptor) [pid 5528] close(12) = -1 EBADF (Bad file descriptor) [ 96.496449][ T5529] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 96.523154][ T5529] BTRFS info (device loop0): balance: ended with status: 0 [pid 5528] close(13) = -1 EBADF (Bad file descriptor) [pid 5528] close(14) = -1 EBADF (Bad file descriptor) [pid 5528] close(15) = -1 EBADF (Bad file descriptor) [pid 5528] close(16) = -1 EBADF (Bad file descriptor) [pid 5528] close(17) = -1 EBADF (Bad file descriptor) [pid 5528] close(18) = -1 EBADF (Bad file descriptor) [pid 5528] close(19) = -1 EBADF (Bad file descriptor) [pid 5528] close(20) = -1 EBADF (Bad file descriptor) [pid 5528] close(21) = -1 EBADF (Bad file descriptor) [pid 5528] close(22) = -1 EBADF (Bad file descriptor) [pid 5528] close(23) = -1 EBADF (Bad file descriptor) [pid 5528] close(24) = -1 EBADF (Bad file descriptor) [pid 5528] close(25) = -1 EBADF (Bad file descriptor) [pid 5528] close(26) = -1 EBADF (Bad file descriptor) [pid 5528] close(27) = -1 EBADF (Bad file descriptor) [pid 5528] close(28) = -1 EBADF (Bad file descriptor) [pid 5528] close(29) = -1 EBADF (Bad file descriptor) [pid 5528] exit_group(0) = ? [pid 5548] <... futex resumed>) = ? [pid 5529] <... futex resumed>) = ? [pid 5548] +++ exited with 0 +++ [pid 5529] +++ exited with 0 +++ [pid 5528] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=68, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=44 /* 0.44 s */} --- [pid 5068] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./22/binderfs") = 0 [ 96.701185][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./22/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./22") = 0 [pid 5068] mkdir("./23", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5549 attached , child_tidptr=0x555556388690) = 71 [pid 5549] set_robust_list(0x5555563886a0, 24) = 0 [pid 5549] chdir("./23") = 0 [pid 5549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5549] setpgid(0, 0) = 0 [pid 5549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5549] write(3, "1000", 4) = 4 [pid 5549] close(3) = 0 [pid 5549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5549] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5549] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5549] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5549] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5550 attached [pid 5550] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053) = 0 [pid 5549] <... clone3 resumed> => {parent_tid=[72]}, 88) = 72 [pid 5550] set_robust_list(0x7f17f344b9a0, 24 [pid 5549] rt_sigprocmask(SIG_SETMASK, [], [pid 5550] <... set_robust_list resumed>) = 0 [pid 5550] rt_sigprocmask(SIG_SETMASK, [], [pid 5549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5549] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] memfd_create("syzkaller", 0 [pid 5549] <... futex resumed>) = 0 [pid 5550] <... memfd_create resumed>) = 3 [pid 5549] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5550] munmap(0x7f17eb000000, 138412032) = 0 [pid 5550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5550] close(3) = 0 [pid 5550] close(4) = 0 [pid 5550] mkdir("./file0", 0777) = 0 [ 97.206738][ T5550] loop0: detected capacity change from 0 to 32768 [ 97.245640][ T5550] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5550) [ 97.270086][ T5550] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 97.280713][ T5550] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 97.290363][ T5550] BTRFS info (device loop0): disk space caching is enabled [ 97.350184][ T5550] BTRFS info (device loop0): rebuilding free space tree [ 97.369155][ T5550] BTRFS info (device loop0): disabling free space tree [ 97.376462][ T5550] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 97.386757][ T5550] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5550] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5550] chdir("./file0") = 0 [pid 5550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5550] ioctl(4, LOOP_CLR_FD) = 0 [pid 5550] close(4) = 0 [pid 5550] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [ 97.404191][ T5550] BTRFS info (device loop0): checking UUID tree [pid 5549] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] open("./file0", O_RDONLY [pid 5549] <... futex resumed>) = 0 [pid 5549] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] <... open resumed>) = 4 [pid 5550] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = 0 [pid 5549] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] <... futex resumed>) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5550] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5549] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] <... ioctl resumed>) = 0 [pid 5550] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5549] <... futex resumed>) = 0 [pid 5549] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] <... futex resumed>) = 0 [pid 5550] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5549] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5549] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5549] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5569 attached => {parent_tid=[73]}, 88) = 73 [pid 5569] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5569] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5569] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 97.493345][ T5550] BTRFS info (device loop0): balance: start -d -m [ 97.501529][ T5550] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 97.529639][ T5550] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5549] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = 0 [pid 5549] <... futex resumed>) = 1 [pid 5569] open(".", O_RDONLY [pid 5549] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... open resumed>) = 5 [pid 5569] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5569] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5549] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5549] <... futex resumed>) = 0 [pid 5569] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5549] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... ioctl resumed>) = 0 [pid 5569] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [ 97.597509][ T5550] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5569] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5550] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] close(3 [pid 5550] <... futex resumed>) = 0 [pid 5549] <... close resumed>) = 0 [pid 5550] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5549] close(4) = 0 [pid 5549] close(5) = 0 [pid 5549] close(6) = -1 EBADF (Bad file descriptor) [pid 5549] close(7) = -1 EBADF (Bad file descriptor) [pid 5549] close(8) = -1 EBADF (Bad file descriptor) [ 97.658435][ T5550] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 97.682033][ T5550] BTRFS info (device loop0): balance: ended with status: 0 [pid 5549] close(9) = -1 EBADF (Bad file descriptor) [pid 5549] close(10) = -1 EBADF (Bad file descriptor) [pid 5549] close(11) = -1 EBADF (Bad file descriptor) [pid 5549] close(12) = -1 EBADF (Bad file descriptor) [pid 5549] close(13) = -1 EBADF (Bad file descriptor) [pid 5549] close(14) = -1 EBADF (Bad file descriptor) [pid 5549] close(15) = -1 EBADF (Bad file descriptor) [pid 5549] close(16) = -1 EBADF (Bad file descriptor) [pid 5549] close(17) = -1 EBADF (Bad file descriptor) [pid 5549] close(18) = -1 EBADF (Bad file descriptor) [pid 5549] close(19) = -1 EBADF (Bad file descriptor) [pid 5549] close(20) = -1 EBADF (Bad file descriptor) [pid 5549] close(21) = -1 EBADF (Bad file descriptor) [pid 5549] close(22) = -1 EBADF (Bad file descriptor) [pid 5549] close(23) = -1 EBADF (Bad file descriptor) [pid 5549] close(24) = -1 EBADF (Bad file descriptor) [pid 5549] close(25) = -1 EBADF (Bad file descriptor) [pid 5549] close(26) = -1 EBADF (Bad file descriptor) [pid 5549] close(27) = -1 EBADF (Bad file descriptor) [pid 5549] close(28) = -1 EBADF (Bad file descriptor) [pid 5549] close(29) = -1 EBADF (Bad file descriptor) [pid 5549] exit_group(0 [pid 5569] <... futex resumed>) = ? [pid 5550] <... futex resumed>) = ? [pid 5569] +++ exited with 0 +++ [pid 5549] <... exit_group resumed>) = ? [pid 5550] +++ exited with 0 +++ [pid 5549] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=71, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=48 /* 0.48 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./23/binderfs") = 0 [ 97.869209][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./23/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./23") = 0 [pid 5068] mkdir("./24", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5570 attached , child_tidptr=0x555556388690) = 74 [pid 5570] set_robust_list(0x5555563886a0, 24) = 0 [pid 5570] chdir("./24") = 0 [pid 5570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5570] setpgid(0, 0) = 0 [pid 5570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5570] write(3, "1000", 4) = 4 [pid 5570] close(3) = 0 [pid 5570] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5570] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5570] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5571 attached [pid 5571] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053) = 0 [pid 5570] <... clone3 resumed> => {parent_tid=[75]}, 88) = 75 [pid 5571] set_robust_list(0x7f17f344b9a0, 24) = 0 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], [pid 5571] rt_sigprocmask(SIG_SETMASK, [], [pid 5570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5570] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5571] memfd_create("syzkaller", 0) = 3 [pid 5571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5571] munmap(0x7f17eb000000, 138412032) = 0 [pid 5571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5571] close(3) = 0 [pid 5571] close(4) = 0 [pid 5571] mkdir("./file0", 0777) = 0 [ 98.353215][ T5571] loop0: detected capacity change from 0 to 32768 [ 98.383851][ T5571] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5571) [ 98.405493][ T5571] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 98.416200][ T5571] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 98.426092][ T5571] BTRFS info (device loop0): disk space caching is enabled [ 98.459757][ T5571] BTRFS info (device loop0): rebuilding free space tree [ 98.475263][ T5571] BTRFS info (device loop0): disabling free space tree [ 98.482855][ T5571] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 98.492980][ T5571] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5571] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5571] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5571] chdir("./file0") = 0 [pid 5571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 98.507670][ T5571] BTRFS info (device loop0): checking UUID tree [pid 5571] ioctl(4, LOOP_CLR_FD) = 0 [pid 5571] close(4) = 0 [pid 5571] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... futex resumed>) = 0 [pid 5571] open("./file0", O_RDONLY) = 4 [pid 5571] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5571] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = 0 [pid 5570] <... futex resumed>) = 1 [pid 5571] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5570] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5571] <... ioctl resumed>) = 0 [pid 5571] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5570] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5570] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5570] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0}./strace-static-x86_64: Process 5590 attached => {parent_tid=[76]}, 88) = 76 [pid 5590] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], [ 98.624938][ T5571] BTRFS info (device loop0): balance: start -d -m [ 98.634724][ T5571] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 98.658389][ T5571] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5590] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5570] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5590] open(".", O_RDONLY) = 5 [pid 5590] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5570] <... futex resumed>) = 0 [pid 5570] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5570] <... futex resumed>) = 0 [ 98.706455][ T5571] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5570] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... ioctl resumed>) = 0 [pid 5570] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5590] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5571] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5570] close(3) = 0 [pid 5570] close(4) = 0 [pid 5570] close(5) = 0 [pid 5570] close(6) = -1 EBADF (Bad file descriptor) [pid 5570] close(7) = -1 EBADF (Bad file descriptor) [pid 5570] close(8) = -1 EBADF (Bad file descriptor) [pid 5570] close(9) = -1 EBADF (Bad file descriptor) [pid 5570] close(10) = -1 EBADF (Bad file descriptor) [pid 5570] close(11) = -1 EBADF (Bad file descriptor) [pid 5570] close(12) = -1 EBADF (Bad file descriptor) [pid 5570] close(13) = -1 EBADF (Bad file descriptor) [ 98.758129][ T5571] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 98.782645][ T5571] BTRFS info (device loop0): balance: ended with status: 0 [pid 5570] close(14) = -1 EBADF (Bad file descriptor) [pid 5570] close(15) = -1 EBADF (Bad file descriptor) [pid 5570] close(16) = -1 EBADF (Bad file descriptor) [pid 5570] close(17) = -1 EBADF (Bad file descriptor) [pid 5570] close(18) = -1 EBADF (Bad file descriptor) [pid 5570] close(19) = -1 EBADF (Bad file descriptor) [pid 5570] close(20) = -1 EBADF (Bad file descriptor) [pid 5570] close(21) = -1 EBADF (Bad file descriptor) [pid 5570] close(22) = -1 EBADF (Bad file descriptor) [pid 5570] close(23) = -1 EBADF (Bad file descriptor) [pid 5570] close(24) = -1 EBADF (Bad file descriptor) [pid 5570] close(25) = -1 EBADF (Bad file descriptor) [pid 5570] close(26) = -1 EBADF (Bad file descriptor) [pid 5570] close(27) = -1 EBADF (Bad file descriptor) [pid 5570] close(28) = -1 EBADF (Bad file descriptor) [pid 5570] close(29) = -1 EBADF (Bad file descriptor) [pid 5570] exit_group(0 [pid 5590] <... futex resumed>) = ? [pid 5571] <... futex resumed>) = ? [pid 5570] <... exit_group resumed>) = ? [pid 5590] +++ exited with 0 +++ [pid 5571] +++ exited with 0 +++ [pid 5570] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=74, si_uid=0, si_status=0, si_utime=0, si_stime=47 /* 0.47 s */} --- [pid 5068] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5068] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./24/binderfs") = 0 [ 98.971029][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./24/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./24") = 0 [pid 5068] mkdir("./25", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5591 attached , child_tidptr=0x555556388690) = 77 [pid 5591] set_robust_list(0x5555563886a0, 24) = 0 [pid 5591] chdir("./25") = 0 [pid 5591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5591] setpgid(0, 0) = 0 [pid 5591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5591] write(3, "1000", 4) = 4 [pid 5591] close(3) = 0 [pid 5591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5591] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5591] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5591] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5592 attached [pid 5592] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053) = 0 [pid 5591] <... clone3 resumed> => {parent_tid=[78]}, 88) = 78 [pid 5592] set_robust_list(0x7f17f344b9a0, 24 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], [pid 5592] <... set_robust_list resumed>) = 0 [pid 5592] rt_sigprocmask(SIG_SETMASK, [], [pid 5591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5591] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] memfd_create("syzkaller", 0 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5592] <... memfd_create resumed>) = 3 [pid 5592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5592] munmap(0x7f17eb000000, 138412032) = 0 [pid 5592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5592] close(3) = 0 [pid 5592] close(4) = 0 [pid 5592] mkdir("./file0", 0777) = 0 [ 99.488797][ T5592] loop0: detected capacity change from 0 to 32768 [ 99.519842][ T5592] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5592) [ 99.539351][ T5592] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 99.550186][ T5592] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 99.560210][ T5592] BTRFS info (device loop0): disk space caching is enabled [ 99.613918][ T5592] BTRFS info (device loop0): rebuilding free space tree [ 99.629604][ T5592] BTRFS info (device loop0): disabling free space tree [ 99.638325][ T5592] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 99.648827][ T5592] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5592] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5592] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5592] chdir("./file0") = 0 [pid 5592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5592] ioctl(4, LOOP_CLR_FD) = 0 [pid 5592] close(4) = 0 [pid 5592] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = 0 [pid 5592] <... futex resumed>) = 1 [pid 5591] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] open("./file0", O_RDONLY) = 4 [pid 5591] <... futex resumed>) = 0 [ 99.666285][ T5592] BTRFS info (device loop0): checking UUID tree [pid 5591] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5592] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5592] <... futex resumed>) = 0 [pid 5592] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5591] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... ioctl resumed>) = 0 [pid 5592] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5591] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5591] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5591] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5591] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0} => {parent_tid=[79]}, 88) = 79 ./strace-static-x86_64: Process 5611 attached [pid 5591] rt_sigprocmask(SIG_SETMASK, [], [pid 5611] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5611] <... rseq resumed>) = 0 [pid 5591] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] set_robust_list(0x7f17f342a9a0, 24 [pid 5591] <... futex resumed>) = 0 [pid 5611] <... set_robust_list resumed>) = 0 [pid 5611] rt_sigprocmask(SIG_SETMASK, [], [pid 5591] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5611] open(".", O_RDONLY) = 5 [pid 5611] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5611] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5611] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5591] <... futex resumed>) = 0 [ 99.748107][ T5592] BTRFS info (device loop0): balance: start -d -m [ 99.757609][ T5592] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 99.782631][ T5592] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5591] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] <... ioctl resumed>) = 0 [pid 5611] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [ 99.866747][ T5592] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 99.904816][ T5592] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5611] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5592] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5592] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] close(3) = 0 [pid 5591] close(4) = 0 [pid 5591] close(5) = 0 [pid 5591] close(6) = -1 EBADF (Bad file descriptor) [pid 5591] close(7) = -1 EBADF (Bad file descriptor) [ 99.931369][ T5592] BTRFS info (device loop0): balance: ended with status: 0 [pid 5591] close(8) = -1 EBADF (Bad file descriptor) [pid 5591] close(9) = -1 EBADF (Bad file descriptor) [pid 5591] close(10) = -1 EBADF (Bad file descriptor) [pid 5591] close(11) = -1 EBADF (Bad file descriptor) [pid 5591] close(12) = -1 EBADF (Bad file descriptor) [pid 5591] close(13) = -1 EBADF (Bad file descriptor) [pid 5591] close(14) = -1 EBADF (Bad file descriptor) [pid 5591] close(15) = -1 EBADF (Bad file descriptor) [pid 5591] close(16) = -1 EBADF (Bad file descriptor) [pid 5591] close(17) = -1 EBADF (Bad file descriptor) [pid 5591] close(18) = -1 EBADF (Bad file descriptor) [pid 5591] close(19) = -1 EBADF (Bad file descriptor) [pid 5591] close(20) = -1 EBADF (Bad file descriptor) [pid 5591] close(21) = -1 EBADF (Bad file descriptor) [pid 5591] close(22) = -1 EBADF (Bad file descriptor) [pid 5591] close(23) = -1 EBADF (Bad file descriptor) [pid 5591] close(24) = -1 EBADF (Bad file descriptor) [pid 5591] close(25) = -1 EBADF (Bad file descriptor) [pid 5591] close(26) = -1 EBADF (Bad file descriptor) [pid 5591] close(27) = -1 EBADF (Bad file descriptor) [pid 5591] close(28) = -1 EBADF (Bad file descriptor) [pid 5591] close(29) = -1 EBADF (Bad file descriptor) [pid 5591] exit_group(0 [pid 5611] <... futex resumed>) = ? [pid 5611] +++ exited with 0 +++ [pid 5591] <... exit_group resumed>) = ? [pid 5592] <... futex resumed>) = ? [pid 5592] +++ exited with 0 +++ [pid 5591] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=77, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- [pid 5068] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./25/binderfs") = 0 [ 100.142575][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./25/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./25") = 0 [pid 5068] mkdir("./26", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5612 attached , child_tidptr=0x555556388690) = 80 [pid 5612] set_robust_list(0x5555563886a0, 24) = 0 [pid 5612] chdir("./26") = 0 [pid 5612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5612] setpgid(0, 0) = 0 [pid 5612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5612] write(3, "1000", 4) = 4 [pid 5612] close(3) = 0 [pid 5612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5612] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5612] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5612] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5613 attached [pid 5613] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5612] <... clone3 resumed> => {parent_tid=[81]}, 88) = 81 [pid 5613] <... rseq resumed>) = 0 [pid 5612] rt_sigprocmask(SIG_SETMASK, [], [pid 5613] set_robust_list(0x7f17f344b9a0, 24 [pid 5612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5613] <... set_robust_list resumed>) = 0 [pid 5612] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] rt_sigprocmask(SIG_SETMASK, [], [pid 5612] <... futex resumed>) = 0 [pid 5613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5612] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5613] memfd_create("syzkaller", 0) = 3 [pid 5613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5613] munmap(0x7f17eb000000, 138412032) = 0 [pid 5613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5613] close(3) = 0 [pid 5613] close(4) = 0 [pid 5613] mkdir("./file0", 0777) = 0 [ 100.646558][ T5613] loop0: detected capacity change from 0 to 32768 [ 100.682615][ T5613] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5613) [ 100.701761][ T5613] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 100.715968][ T5613] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 100.725691][ T5613] BTRFS info (device loop0): disk space caching is enabled [ 100.766931][ T5613] BTRFS info (device loop0): rebuilding free space tree [ 100.784494][ T5613] BTRFS info (device loop0): disabling free space tree [ 100.791515][ T5613] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 100.801242][ T5613] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5613] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5613] chdir("./file0") = 0 [pid 5613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5613] ioctl(4, LOOP_CLR_FD) = 0 [ 100.815962][ T5613] BTRFS info (device loop0): checking UUID tree [pid 5613] close(4) = 0 [pid 5613] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5613] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5612] <... futex resumed>) = 0 [pid 5613] open("./file0", O_RDONLY [pid 5612] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] <... open resumed>) = 4 [pid 5613] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] <... futex resumed>) = 1 [pid 5612] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5613] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5613] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5612] <... futex resumed>) = 0 [pid 5613] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5612] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5612] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5612] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0} => {parent_tid=[82]}, 88) = 82 [pid 5612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5612] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5612] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5632 attached [pid 5632] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053) = 0 [pid 5632] set_robust_list(0x7f17f342a9a0, 24) = 0 [pid 5632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5632] open(".", O_RDONLY) = 5 [pid 5632] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5632] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5612] <... futex resumed>) = 0 [pid 5612] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 100.909790][ T5613] BTRFS info (device loop0): balance: start -d -m [ 100.920145][ T5613] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 100.945970][ T5613] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5632] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0}) = 0 [pid 5612] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5632] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 101.039050][ T5613] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 101.076185][ T5613] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5632] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5613] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] futex(0x7f17f351b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5612] close(3) = 0 [pid 5612] close(4) = 0 [pid 5612] close(5) = 0 [pid 5612] close(6) = -1 EBADF (Bad file descriptor) [pid 5612] close(7) = -1 EBADF (Bad file descriptor) [pid 5612] close(8) = -1 EBADF (Bad file descriptor) [pid 5612] close(9) = -1 EBADF (Bad file descriptor) [ 101.098203][ T5613] BTRFS info (device loop0): balance: ended with status: 0 [pid 5612] close(10) = -1 EBADF (Bad file descriptor) [pid 5612] close(11) = -1 EBADF (Bad file descriptor) [pid 5612] close(12) = -1 EBADF (Bad file descriptor) [pid 5612] close(13) = -1 EBADF (Bad file descriptor) [pid 5612] close(14) = -1 EBADF (Bad file descriptor) [pid 5612] close(15) = -1 EBADF (Bad file descriptor) [pid 5612] close(16) = -1 EBADF (Bad file descriptor) [pid 5612] close(17) = -1 EBADF (Bad file descriptor) [pid 5612] close(18) = -1 EBADF (Bad file descriptor) [pid 5612] close(19) = -1 EBADF (Bad file descriptor) [pid 5612] close(20) = -1 EBADF (Bad file descriptor) [pid 5612] close(21) = -1 EBADF (Bad file descriptor) [pid 5612] close(22) = -1 EBADF (Bad file descriptor) [pid 5612] close(23) = -1 EBADF (Bad file descriptor) [pid 5612] close(24) = -1 EBADF (Bad file descriptor) [pid 5612] close(25) = -1 EBADF (Bad file descriptor) [pid 5612] close(26) = -1 EBADF (Bad file descriptor) [pid 5612] close(27) = -1 EBADF (Bad file descriptor) [pid 5612] close(28) = -1 EBADF (Bad file descriptor) [pid 5612] close(29) = -1 EBADF (Bad file descriptor) [pid 5612] exit_group(0 [pid 5632] <... futex resumed>) = ? [pid 5632] +++ exited with 0 +++ [pid 5612] <... exit_group resumed>) = ? [pid 5613] <... futex resumed>) = ? [pid 5613] +++ exited with 0 +++ [pid 5612] +++ exited with 0 +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=80, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=45 /* 0.45 s */} --- [pid 5068] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556389730 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] unlink("./26/binderfs") = 0 [ 101.269002][ T5068] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [pid 5068] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5068] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5068] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(4, 0x555556391770 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556391770 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5068] rmdir("./26/file0") = 0 [pid 5068] getdents64(3, 0x555556389730 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./26") = 0 [pid 5068] mkdir("./27", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556388690) = 83 ./strace-static-x86_64: Process 5633 attached [pid 5633] set_robust_list(0x5555563886a0, 24) = 0 [pid 5633] chdir("./27") = 0 [pid 5633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5633] setpgid(0, 0) = 0 [pid 5633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5633] write(3, "1000", 4) = 4 [pid 5633] close(3) = 0 [pid 5633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5633] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] rt_sigaction(SIGRT_1, {sa_handler=0x7f17f34b5390, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17f34a6540}, NULL, 8) = 0 [pid 5633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f342b000 [pid 5633] mprotect(0x7f17f342c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f344b990, parent_tid=0x7f17f344b990, exit_signal=0, stack=0x7f17f342b000, stack_size=0x20300, tls=0x7f17f344b6c0}./strace-static-x86_64: Process 5634 attached [pid 5634] rseq(0x7f17f344bfe0, 0x20, 0, 0x53053053 [pid 5633] <... clone3 resumed> => {parent_tid=[84]}, 88) = 84 [pid 5634] <... rseq resumed>) = 0 [pid 5634] set_robust_list(0x7f17f344b9a0, 24 [pid 5633] rt_sigprocmask(SIG_SETMASK, [], [pid 5634] <... set_robust_list resumed>) = 0 [pid 5633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5634] rt_sigprocmask(SIG_SETMASK, [], [pid 5633] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] <... futex resumed>) = 0 [pid 5634] memfd_create("syzkaller", 0 [pid 5633] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5634] <... memfd_create resumed>) = 3 [pid 5634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17eb000000 [pid 5634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5634] munmap(0x7f17eb000000, 138412032) = 0 [pid 5634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5634] close(3) = 0 [pid 5634] close(4) = 0 [pid 5634] mkdir("./file0", 0777) = 0 [ 101.733225][ T5634] loop0: detected capacity change from 0 to 32768 [ 101.760608][ T5634] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor268 (5634) [ 101.780251][ T5634] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 101.790686][ T5634] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 101.799981][ T5634] BTRFS info (device loop0): disk space caching is enabled [ 101.832834][ T5634] BTRFS info (device loop0): rebuilding free space tree [ 101.852160][ T5634] BTRFS info (device loop0): disabling free space tree [ 101.859520][ T5634] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 101.870458][ T5634] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5634] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5634] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5634] chdir("./file0") = 0 [pid 5634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5634] ioctl(4, LOOP_CLR_FD) = 0 [pid 5634] close(4) = 0 [pid 5634] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] open("./file0", O_RDONLY [pid 5633] <... futex resumed>) = 0 [pid 5634] <... open resumed>) = 4 [ 101.887743][ T5634] BTRFS info (device loop0): checking UUID tree [pid 5633] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5633] <... futex resumed>) = 0 [pid 5634] <... ioctl resumed>) = 0 [pid 5633] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] futex(0x7f17f351b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5634] <... futex resumed>) = 0 [pid 5633] futex(0x7f17f351b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5633] <... futex resumed>) = 0 [pid 5633] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5633] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5633] futex(0x7f17f351b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5633] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17f340a000 [pid 5633] mprotect(0x7f17f340b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17f342a990, parent_tid=0x7f17f342a990, exit_signal=0, stack=0x7f17f340a000, stack_size=0x20300, tls=0x7f17f342a6c0} => {parent_tid=[85]}, 88) = 85 ./strace-static-x86_64: Process 5653 attached [pid 5633] rt_sigprocmask(SIG_SETMASK, [], [pid 5653] rseq(0x7f17f342afe0, 0x20, 0, 0x53053053 [pid 5633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5653] <... rseq resumed>) = 0 [pid 5633] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] set_robust_list(0x7f17f342a9a0, 24 [pid 5633] <... futex resumed>) = 0 [pid 5653] <... set_robust_list resumed>) = 0 [pid 5633] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5653] open(".", O_RDONLY) = 5 [pid 5653] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] futex(0x7f17f351b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5633] <... futex resumed>) = 0 [pid 5653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5633] futex(0x7f17f351b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] ioctl(5, FITRIM, {start=0x200000, len=6881280, minlen=0} [pid 5633] <... futex resumed>) = 0 [ 101.982034][ T5634] BTRFS info (device loop0): balance: start -d -m [ 101.992969][ T5634] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 102.036589][ T5634] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 102.062597][ T12] BTRFS warning (device loop0): Skipping commit of aborted transaction. [ 102.080857][ T12] ------------[ cut here ]------------ [pid 5633] futex(0x7f17f351b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] <... ioctl resumed>) = 0 [pid 5653] futex(0x7f17f351b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] <... futex resumed>) = 0 [ 102.086367][ T12] BTRFS: Transaction aborted (error -28) [ 102.094067][ T12] WARNING: CPU: 1 PID: 12 at fs/btrfs/transaction.c:2021 btrfs_commit_transaction+0x2e9b/0x3740 [ 102.104833][ T12] Modules linked in: [ 102.108756][ T12] CPU: 1 PID: 12 Comm: kworker/u4:1 Not tainted 6.8.0-rc6-syzkaller-00120-g87adedeba51a #0 [ 102.118876][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 102.129015][ T12] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 102.136639][ T12] RIP: 0010:btrfs_commit_transaction+0x2e9b/0x3740 [ 102.143235][ T12] Code: 01 00 00 00 4c 89 ff e8 03 42 fc 00 e9 a9 d7 ff ff e8 99 c7 ef fd 90 48 c7 c7 00 d3 ea 8b 8b 5c 24 10 89 de e8 56 d2 b3 fd 90 <0f> 0b 90 90 4c 8b 64 24 20 e9 77 f9 ff ff 44 89 f1 80 e1 07 80 c1 [ 102.162933][ T12] RSP: 0018:ffffc900001176e0 EFLAGS: 00010246 [ 102.169047][ T12] RAX: a8d441896bb22d00 RBX: 00000000ffffffe4 RCX: ffff888016ea5940 [ 102.177144][ T12] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 102.185187][ T12] RBP: ffffc90000117a10 R08: ffffffff81577ab2 R09: 1ffff92000022e30 [ 102.193281][ T12] R10: dffffc0000000000 R11: fffff52000022e31 R12: ffff88807c978000 [ 102.201347][ T12] R13: ffff888016ea6b88 R14: 0000000000000000 R15: dffffc0000000000 [ 102.209360][ T12] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 102.218413][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.225078][ T12] CR2: 00007f17f34cae90 CR3: 0000000022870000 CR4: 0000000000350ef0 [ 102.233145][ T12] Call Trace: [ 102.236445][ T12] [ 102.239381][ T12] ? __warn+0x162/0x4b0 [ 102.243631][ T12] ? btrfs_commit_transaction+0x2e9b/0x3740 [ 102.249566][ T12] ? report_bug+0x2b3/0x500 [ 102.254140][ T12] ? btrfs_commit_transaction+0x2e9b/0x3740 [ 102.260076][ T12] ? handle_bug+0x3e/0x70 [ 102.264470][ T12] ? exc_invalid_op+0x1a/0x50 [ 102.269180][ T12] ? asm_exc_invalid_op+0x1a/0x20 [ 102.274295][ T12] ? __warn_printk+0x292/0x360 [ 102.279097][ T12] ? btrfs_commit_transaction+0x2e9b/0x3740 [ 102.285077][ T12] ? btrfs_commit_transaction+0x17b/0x3740 [ 102.290968][ T12] ? __pfx_btrfs_commit_transaction+0x10/0x10 [ 102.297151][ T12] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 102.303074][ T12] ? do_raw_spin_unlock+0x13b/0x8b0 [ 102.308331][ T12] ? srso_return_thunk+0x5/0x5f [ 102.313251][ T12] ? srso_return_thunk+0x5/0x5f [ 102.318123][ T12] ? btrfs_record_root_in_trans+0x92/0x190 [ 102.324006][ T12] ? srso_return_thunk+0x5/0x5f [ 102.328878][ T12] ? start_transaction+0x3e0/0x15d0 [ 102.334152][ T12] flush_space+0x9ae/0xcf0 [ 102.338612][ T12] ? btrfs_async_reclaim_metadata_space+0x288/0x350 [ 102.345271][ T12] ? do_raw_spin_lock+0x14e/0x370 [ 102.350323][ T12] ? __pfx_flush_space+0x10/0x10 [ 102.355377][ T12] ? srso_return_thunk+0x5/0x5f [ 102.360257][ T12] ? do_raw_spin_unlock+0x13b/0x8b0 [ 102.365532][ T12] ? srso_return_thunk+0x5/0x5f [ 102.370410][ T12] ? btrfs_calc_reclaim_metadata_size+0x2ad/0x450 [ 102.376892][ T12] btrfs_async_reclaim_metadata_space+0x29f/0x350 [ 102.383369][ T12] ? process_scheduled_works+0x825/0x1420 [ 102.389101][ T12] process_scheduled_works+0x915/0x1420 [ 102.394744][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 102.400804][ T12] ? srso_return_thunk+0x5/0x5f [ 102.405663][ T12] ? assign_work+0x364/0x3d0 [ 102.410268][ T12] worker_thread+0xa5f/0x1000 [ 102.415053][ T12] ? __pfx_worker_thread+0x10/0x10 [ 102.420203][ T12] kthread+0x2f1/0x390 [ 102.424347][ T12] ? __pfx_worker_thread+0x10/0x10 [ 102.429503][ T12] ? __pfx_kthread+0x10/0x10 [ 102.434178][ T12] ret_from_fork+0x4d/0x80 [ 102.438640][ T12] ? __pfx_kthread+0x10/0x10 [ 102.443311][ T12] ret_from_fork_asm+0x1b/0x30 [ 102.448120][ T12] [ 102.451190][ T12] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 102.458479][ T12] CPU: 1 PID: 12 Comm: kworker/u4:1 Not tainted 6.8.0-rc6-syzkaller-00120-g87adedeba51a #0 [ 102.468463][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 102.478535][ T12] Workqueue: events_unbound btrfs_async_reclaim_metadata_space [ 102.486103][ T12] Call Trace: [ 102.489379][ T12] [ 102.492319][ T12] dump_stack_lvl+0x1e7/0x2e0 [ 102.497038][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.502247][ T12] ? __pfx__printk+0x10/0x10 [ 102.506853][ T12] ? srso_return_thunk+0x5/0x5f [ 102.511711][ T12] ? vscnprintf+0x5d/0x90 [ 102.516054][ T12] panic+0x349/0x860 [ 102.519958][ T12] ? srso_return_thunk+0x5/0x5f [ 102.524815][ T12] ? __warn+0x171/0x4b0 [ 102.528980][ T12] ? __pfx_panic+0x10/0x10 [ 102.533420][ T12] ? ret_from_fork_asm+0x1b/0x30 [ 102.538384][ T12] __warn+0x31c/0x4b0 [ 102.542412][ T12] ? btrfs_commit_transaction+0x2e9b/0x3740 [ 102.548320][ T12] report_bug+0x2b3/0x500 [ 102.552679][ T12] ? btrfs_commit_transaction+0x2e9b/0x3740 [ 102.558603][ T12] handle_bug+0x3e/0x70 [ 102.562769][ T12] exc_invalid_op+0x1a/0x50 [ 102.567280][ T12] asm_exc_invalid_op+0x1a/0x20 [ 102.572142][ T12] RIP: 0010:btrfs_commit_transaction+0x2e9b/0x3740 [ 102.578660][ T12] Code: 01 00 00 00 4c 89 ff e8 03 42 fc 00 e9 a9 d7 ff ff e8 99 c7 ef fd 90 48 c7 c7 00 d3 ea 8b 8b 5c 24 10 89 de e8 56 d2 b3 fd 90 <0f> 0b 90 90 4c 8b 64 24 20 e9 77 f9 ff ff 44 89 f1 80 e1 07 80 c1 [ 102.598276][ T12] RSP: 0018:ffffc900001176e0 EFLAGS: 00010246 [ 102.604355][ T12] RAX: a8d441896bb22d00 RBX: 00000000ffffffe4 RCX: ffff888016ea5940 [ 102.612331][ T12] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 102.620303][ T12] RBP: ffffc90000117a10 R08: ffffffff81577ab2 R09: 1ffff92000022e30 [ 102.628279][ T12] R10: dffffc0000000000 R11: fffff52000022e31 R12: ffff88807c978000 [ 102.636259][ T12] R13: ffff888016ea6b88 R14: 0000000000000000 R15: dffffc0000000000 [ 102.644247][ T12] ? __warn_printk+0x292/0x360 [ 102.649045][ T12] ? btrfs_commit_transaction+0x17b/0x3740 [ 102.654890][ T12] ? __pfx_btrfs_commit_transaction+0x10/0x10 [ 102.660977][ T12] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 102.666808][ T12] ? do_raw_spin_unlock+0x13b/0x8b0 [ 102.672053][ T12] ? srso_return_thunk+0x5/0x5f [ 102.676934][ T12] ? srso_return_thunk+0x5/0x5f [ 102.681792][ T12] ? btrfs_record_root_in_trans+0x92/0x190 [ 102.687617][ T12] ? srso_return_thunk+0x5/0x5f [ 102.692476][ T12] ? start_transaction+0x3e0/0x15d0 [ 102.697707][ T12] flush_space+0x9ae/0xcf0 [ 102.702144][ T12] ? btrfs_async_reclaim_metadata_space+0x288/0x350 [ 102.708739][ T12] ? do_raw_spin_lock+0x14e/0x370 [ 102.713777][ T12] ? __pfx_flush_space+0x10/0x10 [ 102.718730][ T12] ? srso_return_thunk+0x5/0x5f [ 102.723587][ T12] ? do_raw_spin_unlock+0x13b/0x8b0 [ 102.728799][ T12] ? srso_return_thunk+0x5/0x5f [ 102.733657][ T12] ? btrfs_calc_reclaim_metadata_size+0x2ad/0x450 [ 102.740083][ T12] btrfs_async_reclaim_metadata_space+0x29f/0x350 [ 102.746513][ T12] ? process_scheduled_works+0x825/0x1420 [ 102.752252][ T12] process_scheduled_works+0x915/0x1420 [ 102.757844][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 102.763849][ T12] ? srso_return_thunk+0x5/0x5f [ 102.768704][ T12] ? assign_work+0x364/0x3d0 [ 102.773321][ T12] worker_thread+0xa5f/0x1000 [ 102.778040][ T12] ? __pfx_worker_thread+0x10/0x10 [ 102.783170][ T12] kthread+0x2f1/0x390 [ 102.787245][ T12] ? __pfx_worker_thread+0x10/0x10 [ 102.792372][ T12] ? __pfx_kthread+0x10/0x10 [ 102.796968][ T12] ret_from_fork+0x4d/0x80 [ 102.801401][ T12] ? __pfx_kthread+0x10/0x10 [ 102.805999][ T12] ret_from_fork_asm+0x1b/0x30 [ 102.810799][ T12] [ 102.814048][ T12] Kernel Offset: disabled [ 102.818469][ T12] Rebooting in 86400 seconds..