./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor30875810 <...> Warning: Permanently added '10.128.0.146' (ED25519) to the list of known hosts. execve("./syz-executor30875810", ["./syz-executor30875810"], 0x7ffc5c0a5f60 /* 10 vars */) = 0 brk(NULL) = 0x5555555e8000 brk(0x5555555e8d40) = 0x5555555e8d40 arch_prctl(ARCH_SET_FS, 0x5555555e83c0) = 0 set_tid_address(0x5555555e8690) = 5056 set_robust_list(0x5555555e86a0, 24) = 0 rseq(0x5555555e8ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor30875810", 4096) = 26 getrandom("\xf9\x53\xe2\x61\x76\x74\x67\x88", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555555e8d40 brk(0x555555609d40) = 0x555555609d40 brk(0x55555560a000) = 0x55555560a000 mprotect(0x7f66550e7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.pnyVYz", 0700) = 0 chmod("./syzkaller.pnyVYz", 0777) = 0 chdir("./syzkaller.pnyVYz") = 0 mkdir("./0", 0777) = 0 [ 92.544298][ T28] audit: type=1400 audit(1705351654.360:86): avc: denied { execmem } for pid=5056 comm="syz-executor308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 5057 ./strace-static-x86_64: Process 5057 attached [pid 5057] set_robust_list(0x5555555e86a0, 24) = 0 [ 92.583315][ T28] audit: type=1400 audit(1705351654.400:87): avc: denied { read write } for pid=5056 comm="syz-executor308" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 92.609550][ T28] audit: type=1400 audit(1705351654.430:88): avc: denied { open } for pid=5056 comm="syz-executor308" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5057] chdir("./0") = 0 [pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5057] setpgid(0, 0) = 0 [pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5057] write(3, "1000", 4) = 4 [pid 5057] close(3) = 0 [pid 5057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5057] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5057] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5057] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5059 attached [pid 5059] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5057] <... clone3 resumed> => {parent_tid=[5059]}, 88) = 5059 [pid 5059] <... rseq resumed>) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] set_robust_list(0x7f665501d9a0, 24 [pid 5057] <... futex resumed>) = 0 [pid 5059] <... set_robust_list resumed>) = 0 [pid 5057] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] memfd_create("syzkaller", 0) = 3 [pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [ 92.636465][ T28] audit: type=1400 audit(1705351654.430:89): avc: denied { ioctl } for pid=5056 comm="syz-executor308" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5059] munmap(0x7f664ca00000, 138412032) = 0 [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5059] close(3) = 0 [pid 5059] close(4) = 0 [pid 5059] mkdir("./file0", 0777) = 0 [ 92.899870][ T5059] loop0: detected capacity change from 0 to 32768 [ 92.929000][ T28] audit: type=1400 audit(1705351654.740:90): avc: denied { mounton } for pid=5057 comm="syz-executor308" path="/root/syzkaller.pnyVYz/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 92.953765][ T5059] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5059) [ 92.980491][ T5059] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 92.993698][ T5059] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 93.003115][ T5059] BTRFS info (device loop0): using free-space-tree [pid 5059] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5059] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5059] chdir("./file0") = 0 [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5059] ioctl(4, LOOP_CLR_FD) = 0 [pid 5059] close(4) = 0 [pid 5059] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5059] open("./file0", O_RDONLY [pid 5057] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... open resumed>) = 4 [pid 5057] <... futex resumed>) = 0 [pid 5059] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... futex resumed>) = 0 [pid 5057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5057] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.066051][ T28] audit: type=1400 audit(1705351654.880:91): avc: denied { mount } for pid=5057 comm="syz-executor308" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 93.106539][ T5059] BTRFS info (device loop0): balance: start -f -s [ 93.113719][ T5059] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 93.122061][ T5059] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 93.130583][ T5059] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 93.144263][ T5059] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5057] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5057] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5057] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[5077]}, 88) = 5077 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5077 attached [pid 5077] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5077] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] open(".", O_RDONLY) = 5 [pid 5077] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5057] <... futex resumed>) = 0 [ 93.153114][ T5059] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 93.160850][ T5059] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 93.168533][ T5059] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 93.176435][ T5059] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 93.243296][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 155648 free, is full [ 93.252734][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1622016, may_use=1437696, readonly=0 zone_unusable=0 [ 93.266976][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 93.275772][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 93.283458][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5057] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 93.291115][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 93.298935][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 93.307598][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 93.317049][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 93.331158][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 93.340041][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 93.347718][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 93.355410][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 93.363288][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5077] <... ioctl resumed>) = 0 [pid 5077] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.408554][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 93.417923][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 93.431870][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 93.440678][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 93.448321][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 93.456007][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 93.463869][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 93.472557][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 93.481687][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 93.495668][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 93.504498][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 93.512194][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 93.519852][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 93.527735][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 93.541131][ T2422] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 93.549518][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 93.558707][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 93.572536][ T2422] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 93.580159][ T5059] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 93.589256][ T5059] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 93.602975][ T5059] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 93.611793][ T5059] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 93.619443][ T5059] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 93.627261][ T5059] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 93.635142][ T5059] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 93.643500][ T5059] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5077] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] exit_group(0 [pid 5077] <... futex resumed>) = ? [pid 5057] <... exit_group resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5059] <... ioctl resumed> ) = ? [pid 5059] +++ exited with 0 +++ [pid 5057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5057, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=49 /* 0.49 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 93.675374][ T5059] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 93.765227][ T28] audit: type=1400 audit(1705351655.580:92): avc: denied { unmount } for pid=5056 comm="syz-executor308" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 93.766021][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5078] chdir("./1" [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 5078 [pid 5078] <... chdir resumed>) = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5078] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5079 attached [pid 5079] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5078] <... clone3 resumed> => {parent_tid=[5079]}, 88) = 5079 [pid 5079] <... rseq resumed>) = 0 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5079] set_robust_list(0x7f665501d9a0, 24 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5078] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5079] memfd_create("syzkaller", 0 [pid 5078] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] <... memfd_create resumed>) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5079] munmap(0x7f664ca00000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] close(4) = 0 [pid 5079] mkdir("./file0", 0777) = 0 [ 94.285194][ T5079] loop0: detected capacity change from 0 to 32768 [ 94.301667][ T5079] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5079) [ 94.319679][ T5079] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [pid 5079] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file0") = 0 [ 94.331490][ T5079] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 94.340173][ T5079] BTRFS info (device loop0): using free-space-tree [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5079] open("./file0", O_RDONLY [pid 5078] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 4 [pid 5079] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5079] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5078] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5078] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [ 94.432448][ T5079] BTRFS info (device loop0): balance: start -f -s [ 94.439344][ T5079] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 94.446542][ T5079] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 94.455321][ T5079] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 94.469118][ T5079] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5078] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5095 attached [pid 5095] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5095] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] <... clone3 resumed> => {parent_tid=[5095]}, 88) = 5095 [pid 5095] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... futex resumed>) = 0 [pid 5095] open(".", O_RDONLY) = 5 [pid 5095] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5095] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5095] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 94.478489][ T5079] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 94.486306][ T5079] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 94.494078][ T5079] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 94.502548][ T5079] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 94.556531][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 151552 free, is full [ 94.565644][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1626112, may_use=1437696, readonly=0 zone_unusable=0 [ 94.579891][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 94.588702][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 94.596361][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5078] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 94.604038][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 94.611877][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 94.621386][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 94.630552][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 94.645071][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 94.653930][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 94.661654][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 94.669334][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 94.677222][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5095] <... ioctl resumed>) = 0 [pid 5095] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 94.728899][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 94.738201][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 94.752498][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 94.761325][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 94.768986][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 94.776694][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 94.784568][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 94.793218][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 94.802366][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 94.816567][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 94.825411][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 94.833128][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 94.840862][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 94.848714][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 94.862439][ T2435] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 94.870853][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 94.879904][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 94.893832][ T2435] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 94.901560][ T5079] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 94.910670][ T5079] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 5095] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5079] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] exit_group(0 [pid 5079] <... futex resumed>) = ? [pid 5078] <... exit_group resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5095] <... futex resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached , child_tidptr=0x5555555e8690) = 5096 [pid 5096] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5096] chdir("./2") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5096] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5097 attached [pid 5097] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5097] set_robust_list(0x7f665501d9a0, 24 [pid 5096] <... clone3 resumed> => {parent_tid=[5097]}, 88) = 5097 [pid 5097] <... set_robust_list resumed>) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5097] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = 0 [pid 5097] memfd_create("syzkaller", 0 [pid 5096] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5097] <... memfd_create resumed>) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5097] munmap(0x7f664ca00000, 138412032) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] close(4) = 0 [pid 5097] mkdir("./file0", 0777) = 0 [ 95.491112][ T5097] loop0: detected capacity change from 0 to 32768 [ 95.519403][ T5097] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5097) [pid 5097] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file0") = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] open("./file0", O_RDONLY) = 4 [pid 5097] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5096] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5096] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5097] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... mmap resumed>) = 0x7f6654fdc000 [pid 5097] <... futex resumed>) = 0 [pid 5097] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5114 attached => {parent_tid=[5114]}, 88) = 5114 [pid 5114] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5114] <... rseq resumed>) = 0 [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5114] open(".", O_RDONLY) = 5 [pid 5114] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5114] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 0 [pid 5097] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5096] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5097] <... ioctl resumed>) = 0 [pid 5097] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] exit_group(0) = ? [pid 5114] <... futex resumed>) = ? [pid 5097] <... futex resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached , child_tidptr=0x5555555e8690) = 5115 [pid 5115] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5115] chdir("./3") = 0 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5115] setpgid(0, 0) = 0 [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5115] write(3, "1000", 4) = 4 [pid 5115] close(3) = 0 [pid 5115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5115] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5115] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5116 attached [pid 5116] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5115] <... clone3 resumed> => {parent_tid=[5116]}, 88) = 5116 [pid 5116] set_robust_list(0x7f665501d9a0, 24 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] <... set_robust_list resumed>) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5115] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] memfd_create("syzkaller", 0) = 3 [pid 5115] <... futex resumed>) = 0 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5115] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5116] <... mmap resumed>) = 0x7f664ca00000 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5116] munmap(0x7f664ca00000, 138412032) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] close(4) = 0 [pid 5116] mkdir("./file0", 0777) = 0 [ 96.392860][ T5116] loop0: detected capacity change from 0 to 32768 [ 96.433478][ T5116] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5116) [pid 5116] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./file0") = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_CLR_FD) = 0 [pid 5116] close(4) = 0 [pid 5116] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5115] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] open("./file0", O_RDONLY) = 4 [pid 5116] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5116] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5115] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5115] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5115] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5133 attached [pid 5133] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5115] <... clone3 resumed> => {parent_tid=[5133]}, 88) = 5133 [pid 5133] <... rseq resumed>) = 0 [pid 5133] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5133] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5133] open(".", O_RDONLY [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5133] <... open resumed>) = 5 [pid 5116] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5133] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = 0 [pid 5133] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5115] <... futex resumed>) = 0 [pid 5115] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5116] <... ioctl resumed>) = 0 [pid 5116] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] exit_group(0 [pid 5133] <... futex resumed>) = ? [pid 5116] <... futex resumed>) = ? [pid 5115] <... exit_group resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5134 attached , child_tidptr=0x5555555e8690) = 5134 [pid 5134] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5134] chdir("./4") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5134] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5135 attached [pid 5135] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5134] <... clone3 resumed> => {parent_tid=[5135]}, 88) = 5135 [pid 5135] <... rseq resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5135] set_robust_list(0x7f665501d9a0, 24 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5135] <... set_robust_list resumed>) = 0 [pid 5134] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5134] <... futex resumed>) = 0 [pid 5135] memfd_create("syzkaller", 0 [pid 5134] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] <... memfd_create resumed>) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5135] munmap(0x7f664ca00000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] close(4) = 0 [pid 5135] mkdir("./file0", 0777) = 0 [ 97.229887][ T5135] loop0: detected capacity change from 0 to 32768 [ 97.265814][ T5135] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5135) [pid 5135] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file0") = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] open("./file0", O_RDONLY [pid 5134] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... open resumed>) = 4 [pid 5135] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5134] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5134] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5134] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5152 attached [pid 5152] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5152] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5152] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... clone3 resumed> => {parent_tid=[5152]}, 88) = 5152 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5134] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5152] open(".", O_RDONLY) = 5 [pid 5134] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5134] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5134] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5152] <... ioctl resumed>) = 0 [pid 5152] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] exit_group(0 [pid 5152] <... futex resumed>) = ? [pid 5135] <... futex resumed>) = ? [pid 5134] <... exit_group resumed>) = ? [pid 5152] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 97.601968][ T27] cfg80211: failed to load regulatory.db umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5154 attached , child_tidptr=0x5555555e8690) = 5154 [pid 5154] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5154] chdir("./5") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5154] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5155 attached [pid 5155] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5154] <... clone3 resumed> => {parent_tid=[5155]}, 88) = 5155 [pid 5155] set_robust_list(0x7f665501d9a0, 24 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] <... set_robust_list resumed>) = 0 [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5155] memfd_create("syzkaller", 0 [pid 5154] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5155] <... memfd_create resumed>) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5155] munmap(0x7f664ca00000, 138412032) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] close(4) = 0 [pid 5155] mkdir("./file0", 0777) = 0 [ 98.096059][ T5155] loop0: detected capacity change from 0 to 32768 [ 98.132409][ T5155] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5155) [ 98.155446][ T5155] _btrfs_printk: 170 callbacks suppressed [ 98.155468][ T5155] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 98.172631][ T5155] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 98.182188][ T5155] BTRFS info (device loop0): using free-space-tree [pid 5155] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] chdir("./file0") = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_CLR_FD) = 0 [pid 5155] close(4) = 0 [pid 5155] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5155] open("./file0", O_RDONLY [pid 5154] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... open resumed>) = 4 [pid 5155] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = 1 [pid 5154] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 98.334461][ T5155] BTRFS info (device loop0): balance: start -f -s [ 98.341246][ T5155] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 98.348287][ T5155] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 98.356615][ T5155] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 98.370237][ T5155] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5154] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5154] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5154] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 98.379039][ T5155] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 98.386756][ T5155] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 98.394491][ T5155] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 98.403097][ T5155] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 98.421112][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5172 attached => {parent_tid=[5172]}, 88) = 5172 [pid 5172] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] <... rseq resumed>) = 0 [pid 5172] set_robust_list(0x7f6654ffc9a0, 24 [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] <... set_robust_list resumed>) = 0 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5172] open(".", O_RDONLY) = 5 [pid 5154] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5172] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 98.430826][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 98.445334][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 98.454272][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 98.461991][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 98.469678][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 98.477594][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 98.487245][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 98.496399][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 98.510392][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 98.519189][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 98.526864][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5154] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 98.534547][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 98.542451][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5172] <... ioctl resumed>) = 0 [pid 5172] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.627679][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 98.636823][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 98.650794][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 98.659625][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 98.667308][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 98.674994][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 98.682857][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 98.691505][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 98.700602][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 98.715405][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 98.724265][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 98.731984][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 98.739633][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 98.747491][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 98.761270][ T2435] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 98.769644][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 98.778921][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 98.792767][ T2435] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 98.800598][ T5155] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 98.809674][ T5155] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 98.823392][ T5155] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 98.832243][ T5155] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 98.839918][ T5155] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 98.847724][ T5155] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 98.855580][ T5155] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 98.864045][ T5155] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5172] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5155] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] exit_group(0 [pid 5155] <... futex resumed>) = ? [pid 5154] <... exit_group resumed>) = ? [pid 5155] +++ exited with 0 +++ [pid 5172] <... futex resumed>) = ? [pid 5172] +++ exited with 0 +++ [pid 5154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=46 /* 0.46 s */} --- [ 98.893643][ T5155] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 99.012030][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5173 attached , child_tidptr=0x5555555e8690) = 5173 [pid 5173] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5173] chdir("./6") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5173] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5173] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5174 attached [pid 5174] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5173] <... clone3 resumed> => {parent_tid=[5174]}, 88) = 5174 [pid 5174] set_robust_list(0x7f665501d9a0, 24 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] <... set_robust_list resumed>) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] memfd_create("syzkaller", 0 [pid 5173] <... futex resumed>) = 0 [pid 5174] <... memfd_create resumed>) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5173] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5174] munmap(0x7f664ca00000, 138412032) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] close(4) = 0 [pid 5174] mkdir("./file0", 0777) = 0 [ 99.432132][ T5174] loop0: detected capacity change from 0 to 32768 [ 99.476922][ T5174] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5174) [ 99.497962][ T5174] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 99.511544][ T5174] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 99.520955][ T5174] BTRFS info (device loop0): using free-space-tree [pid 5174] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] chdir("./file0") = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_CLR_FD) = 0 [pid 5174] close(4) = 0 [pid 5174] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5173] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] open("./file0", O_RDONLY) = 4 [pid 5174] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5173] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5173] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.662365][ T5174] BTRFS info (device loop0): balance: start -f -s [ 99.668978][ T5174] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 99.676296][ T5174] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 99.684868][ T5174] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 99.698478][ T5174] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5173] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5191 attached => {parent_tid=[5191]}, 88) = 5191 [ 99.707320][ T5174] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 99.715556][ T5174] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 99.723283][ T5174] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 99.731563][ T5174] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 99.750643][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5191] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5191] <... rseq resumed>) = 0 [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5191] open(".", O_RDONLY) = 5 [pid 5191] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 99.759757][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 99.773754][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 99.782757][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 99.790463][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 99.798157][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 99.806075][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 99.814809][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 99.823959][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 99.838034][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 99.846884][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 99.854551][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5191] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5173] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 99.862226][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 99.870188][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5191] <... ioctl resumed>) = 0 [pid 5191] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.954956][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 99.964286][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 99.978690][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 99.987567][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 99.995655][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 100.003400][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 100.011449][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 100.020359][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 100.029429][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 100.043429][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 100.052253][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 100.059901][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 100.067625][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 100.075489][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 100.088781][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [pid 5191] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5174] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.097314][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 100.106442][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 100.120184][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 100.127800][ T5174] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 100.136911][ T5174] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 5174] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] exit_group(0 [pid 5191] <... futex resumed>) = ? [pid 5174] <... futex resumed>) = ? [pid 5173] <... exit_group resumed>) = ? [pid 5191] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5192 attached , child_tidptr=0x5555555e8690) = 5192 [pid 5192] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5192] chdir("./7") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5192] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5193 attached [pid 5193] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5192] <... clone3 resumed> => {parent_tid=[5193]}, 88) = 5193 [pid 5193] set_robust_list(0x7f665501d9a0, 24 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], [pid 5193] <... set_robust_list resumed>) = 0 [pid 5192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], [pid 5192] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5192] <... futex resumed>) = 0 [pid 5193] memfd_create("syzkaller", 0 [pid 5192] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5193] <... memfd_create resumed>) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5193] munmap(0x7f664ca00000, 138412032) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] close(4) = 0 [pid 5193] mkdir("./file0", 0777) = 0 [ 100.694380][ T5193] loop0: detected capacity change from 0 to 32768 [ 100.730640][ T5193] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5193) [pid 5193] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5193] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./file0") = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5192] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] open("./file0", O_RDONLY) = 4 [pid 5193] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5193] <... futex resumed>) = 1 [pid 5192] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5192] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5192] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5210 attached => {parent_tid=[5210]}, 88) = 5210 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], [pid 5210] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] <... rseq resumed>) = 0 [pid 5192] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] set_robust_list(0x7f6654ffc9a0, 24 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... set_robust_list resumed>) = 0 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5210] open(".", O_RDONLY) = 5 [pid 5210] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5193] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5210] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... futex resumed>) = 0 [pid 5192] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5193] <... ioctl resumed>) = 0 [pid 5193] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] exit_group(0 [pid 5210] <... futex resumed>) = ? [pid 5193] <... futex resumed>) = ? [pid 5192] <... exit_group resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5193] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5211 attached , child_tidptr=0x5555555e8690) = 5211 [pid 5211] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5211] chdir("./8") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5211] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5211] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5212 attached [pid 5212] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5211] <... clone3 resumed> => {parent_tid=[5212]}, 88) = 5212 [pid 5212] set_robust_list(0x7f665501d9a0, 24 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] <... set_robust_list resumed>) = 0 [pid 5211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], [pid 5211] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5211] <... futex resumed>) = 0 [pid 5212] memfd_create("syzkaller", 0 [pid 5211] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5212] <... memfd_create resumed>) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5212] munmap(0x7f664ca00000, 138412032) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] close(4) = 0 [pid 5212] mkdir("./file0", 0777) = 0 [ 101.540959][ T5212] loop0: detected capacity change from 0 to 32768 [ 101.568704][ T5212] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5212) [pid 5212] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./file0") = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_CLR_FD) = 0 [pid 5212] close(4) = 0 [pid 5212] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] open("./file0", O_RDONLY [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... open resumed>) = 4 [pid 5212] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5211] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5211] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5211] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5211] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5229 attached => {parent_tid=[5229]}, 88) = 5229 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] <... rseq resumed>) = 0 [pid 5211] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] set_robust_list(0x7f6654ffc9a0, 24 [pid 5211] <... futex resumed>) = 0 [pid 5229] <... set_robust_list resumed>) = 0 [pid 5211] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5229] open(".", O_RDONLY) = 5 [pid 5229] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5229] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5211] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5211] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5229] <... ioctl resumed>) = 0 [pid 5212] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5229] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 0 [pid 5211] exit_group(0 [pid 5229] ???( [pid 5212] ???( [pid 5211] <... exit_group resumed>) = ? [pid 5229] <... ??? resumed>) = ? [pid 5212] <... ??? resumed>) = ? [pid 5229] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5230 attached , child_tidptr=0x5555555e8690) = 5230 [pid 5230] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5230] chdir("./9") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5230] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5231 attached [pid 5231] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5230] <... clone3 resumed> => {parent_tid=[5231]}, 88) = 5231 [pid 5231] set_robust_list(0x7f665501d9a0, 24 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5231] <... set_robust_list resumed>) = 0 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] memfd_create("syzkaller", 0 [pid 5230] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5231] <... memfd_create resumed>) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5231] munmap(0x7f664ca00000, 138412032) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] close(4) = 0 [pid 5231] mkdir("./file0", 0777) = 0 [ 102.415255][ T5231] loop0: detected capacity change from 0 to 32768 [ 102.428547][ T5231] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5231) [pid 5231] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file0") = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5231] ioctl(4, LOOP_CLR_FD) = 0 [pid 5231] close(4) = 0 [pid 5231] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] open("./file0", O_RDONLY [pid 5230] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... open resumed>) = 4 [pid 5231] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5230] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5230] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5231] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5230] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 5231] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... mprotect resumed>) = 0 [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5248 attached [pid 5248] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5248] set_robust_list(0x7f6654ffc9a0, 24 [pid 5230] <... clone3 resumed> => {parent_tid=[5248]}, 88) = 5248 [pid 5248] <... set_robust_list resumed>) = 0 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5248] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] <... futex resumed>) = 0 [pid 5248] open(".", O_RDONLY [pid 5230] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... open resumed>) = 5 [pid 5248] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5248] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5231] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5230] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5231] <... ioctl resumed>) = 0 [pid 5231] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] exit_group(0 [pid 5248] <... futex resumed>) = ? [pid 5231] <... futex resumed>) = ? [pid 5230] <... exit_group resumed>) = ? [pid 5248] +++ exited with 0 +++ [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5249 attached , child_tidptr=0x5555555e8690) = 5249 [pid 5249] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5249] chdir("./10") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5249] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5249] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5250 attached [pid 5250] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5249] <... clone3 resumed> => {parent_tid=[5250]}, 88) = 5250 [pid 5250] set_robust_list(0x7f665501d9a0, 24 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5250] <... set_robust_list resumed>) = 0 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5250] munmap(0x7f664ca00000, 138412032) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] close(4) = 0 [pid 5250] mkdir("./file0", 0777) = 0 [ 103.290077][ T5250] loop0: detected capacity change from 0 to 32768 [ 103.316917][ T5250] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5250) [ 103.341945][ T5250] _btrfs_printk: 170 callbacks suppressed [ 103.341965][ T5250] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 103.361094][ T5250] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 103.369876][ T5250] BTRFS info (device loop0): using free-space-tree [pid 5250] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file0") = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_CLR_FD) = 0 [pid 5250] close(4) = 0 [pid 5250] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5250] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] open("./file0", O_RDONLY [pid 5249] <... futex resumed>) = 1 [pid 5249] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... open resumed>) = 4 [pid 5250] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5249] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5249] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [ 103.498934][ T5250] BTRFS info (device loop0): balance: start -f -s [ 103.505926][ T5250] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 103.513664][ T5250] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 103.522005][ T5250] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 103.535624][ T5250] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5249] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5267 attached => {parent_tid=[5267]}, 88) = 5267 [pid 5267] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5267] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] open(".", O_RDONLY [pid 5249] <... futex resumed>) = 0 [pid 5267] <... open resumed>) = 5 [pid 5267] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... futex resumed>) = 0 [pid 5249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5267] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 103.544519][ T5250] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 103.552293][ T5250] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 103.560801][ T5250] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 103.568659][ T5250] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 103.624966][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 155648 free, is full [ 103.634437][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1622016, may_use=1437696, readonly=0 zone_unusable=0 [ 103.648691][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 103.657487][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 103.665175][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5249] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 103.672853][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 103.680719][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 103.689700][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 103.699035][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 103.713615][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [pid 5267] <... ioctl resumed>) = 0 [pid 5267] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 103.722822][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 103.730627][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 103.738319][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 103.746206][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 103.774334][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 103.783782][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 103.798005][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 103.806901][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 103.814677][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 103.822381][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 103.830260][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 103.838846][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 103.847948][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 103.862257][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 103.871066][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 103.878733][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 103.886428][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 103.894299][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 103.907685][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 103.916121][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 103.925236][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 103.938936][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 103.946917][ T5250] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 103.956035][ T5250] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 103.969763][ T5250] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 103.978607][ T5250] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 103.986310][ T5250] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 103.994027][ T5250] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 104.002225][ T5250] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 104.010673][ T5250] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5267] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5250] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] exit_group(0 [pid 5267] <... futex resumed>) = ? [pid 5250] <... futex resumed>) = ? [pid 5249] <... exit_group resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5267] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- [ 104.039744][ T5250] BTRFS info (device loop0): balance: ended with status: 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 104.135755][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5268 attached , child_tidptr=0x5555555e8690) = 5268 [pid 5268] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5268] chdir("./11") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5268] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5269 attached [pid 5269] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5268] <... clone3 resumed> => {parent_tid=[5269]}, 88) = 5269 [pid 5269] <... rseq resumed>) = 0 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], [pid 5269] set_robust_list(0x7f665501d9a0, 24 [pid 5268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5269] <... set_robust_list resumed>) = 0 [pid 5268] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] <... futex resumed>) = 0 [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5269] memfd_create("syzkaller", 0 [pid 5268] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5269] <... memfd_create resumed>) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5269] munmap(0x7f664ca00000, 138412032) = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5269] close(3) = 0 [pid 5269] close(4) = 0 [pid 5269] mkdir("./file0", 0777) = 0 [ 104.610788][ T5269] loop0: detected capacity change from 0 to 32768 [ 104.650241][ T5269] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5269) [ 104.671684][ T5269] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 104.693314][ T5269] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 104.710598][ T5269] BTRFS info (device loop0): using free-space-tree [pid 5269] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5269] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./file0") = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_CLR_FD) = 0 [pid 5269] close(4) = 0 [pid 5269] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = 0 [pid 5269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] open("./file0", O_RDONLY [pid 5268] <... futex resumed>) = 0 [pid 5269] <... open resumed>) = 4 [pid 5268] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 0 [ 104.941100][ T5269] BTRFS info (device loop0): balance: start -f -s [ 104.948103][ T5269] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 104.956110][ T5269] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 104.964514][ T5269] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 104.978164][ T5269] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5269] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5268] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5268] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5268] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[5287]}, 88) = 5287 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5268] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5287 attached [pid 5287] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5287] set_robust_list(0x7f6654ffc9a0, 24) = 0 [ 104.987032][ T5269] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 104.994754][ T5269] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 105.002463][ T5269] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 105.010409][ T5269] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 105.039760][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 105.048915][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 105.063028][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 105.071874][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 105.079554][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5268] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5268] futex(0x7f66550ed6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fbb000 [pid 5268] mprotect(0x7f6654fbc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654fdb990, parent_tid=0x7f6654fdb990, exit_signal=0, stack=0x7f6654fbb000, stack_size=0x20300, tls=0x7f6654fdb6c0} => {parent_tid=[5288]}, 88) = 5288 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5268] futex(0x7f66550ed6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f66550ed6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5288 attached [pid 5287] open(".", O_RDONLY [pid 5288] rseq(0x7f6654fdbfe0, 0x20, 0, 0x53053053 [pid 5287] <... open resumed>) = 5 [pid 5288] <... rseq resumed>) = 0 [pid 5287] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] set_robust_list(0x7f6654fdb9a0, 24 [pid 5287] <... futex resumed>) = 0 [pid 5288] <... set_robust_list resumed>) = 0 [ 105.087390][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 105.095293][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 105.106245][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 105.115400][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 105.129797][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [pid 5287] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 105.138768][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 105.146564][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 105.154356][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 105.162245][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 105.203271][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 299008 free, is full [ 105.212369][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1478656, may_use=1437696, readonly=0 zone_unusable=0 [ 105.226636][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 105.235438][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 105.243151][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 105.250820][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 105.258640][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 105.268045][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 135168 free, is full [ 105.277502][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1646592, may_use=1433600, readonly=0 zone_unusable=0 [ 105.291763][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 105.300659][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 105.308316][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 105.315972][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 105.323806][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5288] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0}) = 0 [pid 5288] futex(0x7f66550ed6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 105.386846][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 105.395298][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 105.404386][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 105.418191][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 105.425832][ T5269] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5288] futex(0x7f66550ed6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5269] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 105.434952][ T5269] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 5269] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] exit_group(0 [pid 5288] <... futex resumed>) = ? [pid 5287] <... futex resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ [pid 5269] <... futex resumed>) = ? [pid 5268] <... exit_group resumed>) = ? [pid 5269] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=0, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 5289 [pid 5289] <... set_robust_list resumed>) = 0 [pid 5289] chdir("./12") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5289] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5290 attached [pid 5290] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5289] <... clone3 resumed> => {parent_tid=[5290]}, 88) = 5290 [pid 5290] set_robust_list(0x7f665501d9a0, 24 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], [pid 5290] <... set_robust_list resumed>) = 0 [pid 5289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5290] rt_sigprocmask(SIG_SETMASK, [], [pid 5289] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5289] <... futex resumed>) = 0 [pid 5290] memfd_create("syzkaller", 0 [pid 5289] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5290] <... memfd_create resumed>) = 3 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5290] munmap(0x7f664ca00000, 138412032) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] close(4) = 0 [pid 5290] mkdir("./file0", 0777) = 0 [ 106.024229][ T5290] loop0: detected capacity change from 0 to 32768 [ 106.042736][ T5290] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5290) [pid 5290] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./file0") = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_CLR_FD) = 0 [pid 5290] close(4) = 0 [pid 5290] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... futex resumed>) = 1 [pid 5290] open("./file0", O_RDONLY) = 4 [pid 5290] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5290] <... futex resumed>) = 1 [pid 5289] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5289] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5289] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5307 attached => {parent_tid=[5307]}, 88) = 5307 [pid 5307] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5289] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] <... rseq resumed>) = 0 [pid 5289] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5307] open(".", O_RDONLY) = 5 [pid 5307] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5307] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5290] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5290] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5307] <... ioctl resumed>) = 0 [pid 5307] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] exit_group(0 [pid 5290] <... futex resumed>) = ? [pid 5290] +++ exited with 0 +++ [pid 5289] <... exit_group resumed>) = ? [pid 5307] <... futex resumed>) = ? [pid 5307] +++ exited with 0 +++ [pid 5289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5289, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5308 attached , child_tidptr=0x5555555e8690) = 5308 [pid 5308] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5308] chdir("./13") = 0 [pid 5308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5308] setpgid(0, 0) = 0 [pid 5308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5308] write(3, "1000", 4) = 4 [pid 5308] close(3) = 0 [pid 5308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5308] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5308] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5309 attached [pid 5309] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5308] <... clone3 resumed> => {parent_tid=[5309]}, 88) = 5309 [pid 5309] set_robust_list(0x7f665501d9a0, 24 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], [pid 5309] <... set_robust_list resumed>) = 0 [pid 5308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], [pid 5308] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5309] memfd_create("syzkaller", 0 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5309] <... memfd_create resumed>) = 3 [pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5309] munmap(0x7f664ca00000, 138412032) = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5309] close(3) = 0 [pid 5309] close(4) = 0 [pid 5309] mkdir("./file0", 0777) = 0 [ 106.837133][ T5309] loop0: detected capacity change from 0 to 32768 [ 106.878643][ T5309] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5309) [pid 5309] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5309] chdir("./file0") = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5309] ioctl(4, LOOP_CLR_FD) = 0 [pid 5309] close(4) = 0 [pid 5309] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5309] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5308] <... futex resumed>) = 0 [pid 5309] open("./file0", O_RDONLY [pid 5308] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... open resumed>) = 4 [pid 5309] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5309] <... futex resumed>) = 1 [pid 5308] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5308] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5308] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5326 attached => {parent_tid=[5326]}, 88) = 5326 [pid 5326] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], [pid 5326] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5308] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] open(".", O_RDONLY [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... open resumed>) = 5 [pid 5326] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5308] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5326] <... ioctl resumed>) = 0 [pid 5309] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5309] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] exit_group(0 [pid 5326] <... futex resumed>) = ? [pid 5309] <... futex resumed>) = ? [pid 5308] <... exit_group resumed>) = ? [pid 5326] +++ exited with 0 +++ [pid 5309] +++ exited with 0 +++ [pid 5308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5308, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5327 attached , child_tidptr=0x5555555e8690) = 5327 [pid 5327] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5327] chdir("./14") = 0 [pid 5327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5327] setpgid(0, 0) = 0 [pid 5327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5327] write(3, "1000", 4) = 4 [pid 5327] close(3) = 0 [pid 5327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5327] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5327] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5328 attached [pid 5328] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5327] <... clone3 resumed> => {parent_tid=[5328]}, 88) = 5328 [pid 5328] set_robust_list(0x7f665501d9a0, 24 [pid 5327] rt_sigprocmask(SIG_SETMASK, [], [pid 5328] <... set_robust_list resumed>) = 0 [pid 5327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], [pid 5327] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5328] memfd_create("syzkaller", 0) = 3 [pid 5328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5328] munmap(0x7f664ca00000, 138412032) = 0 [pid 5328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5328] close(3) = 0 [pid 5328] close(4) = 0 [pid 5328] mkdir("./file0", 0777) = 0 [ 107.676074][ T5328] loop0: detected capacity change from 0 to 32768 [ 107.712655][ T5328] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5328) [pid 5328] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5328] chdir("./file0") = 0 [pid 5328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5328] ioctl(4, LOOP_CLR_FD) = 0 [pid 5328] close(4) = 0 [pid 5328] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] open("./file0", O_RDONLY [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] <... open resumed>) = 4 [pid 5328] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5328] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5327] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5327] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5327] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5346 attached => {parent_tid=[5346]}, 88) = 5346 [pid 5327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5327] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5346] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5346] open(".", O_RDONLY) = 5 [pid 5346] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5346] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5346] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5327] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5346] <... ioctl resumed>) = 0 [pid 5346] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5328] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5328] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5328] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] exit_group(0 [pid 5346] <... futex resumed>) = ? [pid 5327] <... exit_group resumed>) = ? [pid 5346] +++ exited with 0 +++ [pid 5328] <... futex resumed>) = ? [pid 5328] +++ exited with 0 +++ [pid 5327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5327, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5347 attached , child_tidptr=0x5555555e8690) = 5347 [pid 5347] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5347] chdir("./15") = 0 [pid 5347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5347] setpgid(0, 0) = 0 [pid 5347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5347] write(3, "1000", 4) = 4 [pid 5347] close(3) = 0 [pid 5347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5347] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5347] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5348 attached => {parent_tid=[5348]}, 88) = 5348 [pid 5348] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5348] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5348] rt_sigprocmask(SIG_SETMASK, [], [pid 5347] rt_sigprocmask(SIG_SETMASK, [], [pid 5348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5348] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5348] memfd_create("syzkaller", 0) = 3 [pid 5348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5348] munmap(0x7f664ca00000, 138412032) = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5348] close(3) = 0 [pid 5348] close(4) = 0 [pid 5348] mkdir("./file0", 0777) = 0 [ 108.670678][ T5348] loop0: detected capacity change from 0 to 32768 [ 108.706956][ T5348] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5348) [ 108.729651][ T5348] _btrfs_printk: 170 callbacks suppressed [ 108.729672][ T5348] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 108.745821][ T5348] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 108.755038][ T5348] BTRFS info (device loop0): using free-space-tree [pid 5348] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5348] chdir("./file0") = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5348] ioctl(4, LOOP_CLR_FD) = 0 [pid 5348] close(4) = 0 [pid 5348] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] <... futex resumed>) = 0 [pid 5348] open("./file0", O_RDONLY [pid 5347] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... open resumed>) = 4 [pid 5348] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5347] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 108.863876][ T5348] BTRFS info (device loop0): balance: start -f -s [ 108.870675][ T5348] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 108.877981][ T5348] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 108.886599][ T5348] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 108.900360][ T5348] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5347] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5347] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5347] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 108.909221][ T5348] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 108.916938][ T5348] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 108.924868][ T5348] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 108.933332][ T5348] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 108.951848][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5365 attached => {parent_tid=[5365]}, 88) = 5365 [pid 5365] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] <... rseq resumed>) = 0 [pid 5365] set_robust_list(0x7f6654ffc9a0, 24 [pid 5347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] <... set_robust_list resumed>) = 0 [pid 5347] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5347] <... futex resumed>) = 0 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5347] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5365] open(".", O_RDONLY) = 5 [pid 5365] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5347] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 108.961003][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 108.976355][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 108.985237][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 108.994526][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 109.002277][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 109.010162][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 109.020176][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 109.029354][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 109.043727][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 109.052544][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 5365] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5347] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 109.060228][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 109.067924][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 109.075918][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5365] <... ioctl resumed>) = 0 [pid 5365] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.160077][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 109.169907][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 109.184799][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 109.193663][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 109.201562][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 109.209203][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 109.217075][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 109.225751][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 109.234849][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 109.248846][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 109.257689][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 109.265397][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 109.273101][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 109.280989][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 109.294878][ T42] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 109.303472][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 109.312555][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 109.326282][ T42] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 109.333933][ T5348] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 109.343083][ T5348] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 109.357029][ T5348] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 109.365871][ T5348] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 109.373559][ T5348] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 109.381259][ T5348] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 109.389081][ T5348] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 109.397472][ T5348] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5365] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5348] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5348] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] exit_group(0 [pid 5348] <... futex resumed>) = ? [pid 5347] <... exit_group resumed>) = ? [pid 5348] +++ exited with 0 +++ [pid 5365] <... futex resumed>) = ? [pid 5365] +++ exited with 0 +++ [pid 5347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5347, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 [ 109.432168][ T5348] BTRFS info (device loop0): balance: ended with status: 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 109.513475][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5366 attached [pid 5366] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 5366 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5366] chdir("./16") = 0 [pid 5366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5366] setpgid(0, 0) = 0 [pid 5366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5366] write(3, "1000", 4) = 4 [pid 5366] close(3) = 0 [pid 5366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5366] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5366] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5366] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5367 attached => {parent_tid=[5367]}, 88) = 5367 [pid 5366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5367] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5366] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... rseq resumed>) = 0 [pid 5367] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], [pid 5366] <... futex resumed>) = 0 [pid 5367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5367] memfd_create("syzkaller", 0) = 3 [pid 5367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5367] munmap(0x7f664ca00000, 138412032) = 0 [pid 5367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5367] close(3) = 0 [pid 5367] close(4) = 0 [pid 5367] mkdir("./file0", 0777) = 0 [ 109.987682][ T5367] loop0: detected capacity change from 0 to 32768 [ 110.015526][ T5367] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5367) [ 110.037951][ T5367] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 110.048881][ T5367] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 110.058164][ T5367] BTRFS info (device loop0): using free-space-tree [pid 5367] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5367] chdir("./file0") = 0 [pid 5367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5367] ioctl(4, LOOP_CLR_FD) = 0 [pid 5367] close(4) = 0 [pid 5367] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5367] open("./file0", O_RDONLY [pid 5366] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] <... open resumed>) = 4 [pid 5366] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5367] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5366] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 110.203661][ T5367] BTRFS info (device loop0): balance: start -f -s [ 110.213612][ T5367] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 110.221465][ T5367] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 110.229739][ T5367] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 110.243472][ T5367] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5366] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5366] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5366] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 110.252270][ T5367] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 110.260044][ T5367] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 110.267735][ T5367] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 110.275612][ T5367] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 110.293394][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5384 attached => {parent_tid=[5384]}, 88) = 5384 [pid 5366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5366] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5384] set_robust_list(0x7f6654ffc9a0, 24) = 0 [ 110.302655][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 110.316639][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 110.325475][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 110.333170][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 110.340900][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5384] open(".", O_RDONLY) = 5 [pid 5384] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 110.348798][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 110.357997][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 110.367540][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 110.381647][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 110.390470][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 5384] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5366] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 110.398138][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 110.405816][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 110.413731][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 110.431665][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 286720 free, is full [ 110.440829][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1490944, may_use=1437696, readonly=0 zone_unusable=0 [ 110.455093][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 110.463893][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 110.471549][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 110.479191][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 110.487106][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 110.497369][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 135168 free, is full [ 110.506813][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1646592, may_use=1433600, readonly=0 zone_unusable=0 [ 110.521090][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 110.529990][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 110.537634][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 110.545564][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 110.553409][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5384] <... ioctl resumed>) = 0 [pid 5384] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 110.616000][ T2435] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 110.624727][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 110.633884][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 110.647586][ T2435] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 110.655225][ T5367] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5384] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5367] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5367] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5367] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5366] exit_group(0 [pid 5384] <... futex resumed>) = ? [pid 5384] +++ exited with 0 +++ [pid 5367] <... futex resumed>) = ? [pid 5366] <... exit_group resumed>) = ? [pid 5367] +++ exited with 0 +++ [pid 5366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5366, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=55 /* 0.55 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 110.664414][ T5367] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5385 attached , child_tidptr=0x5555555e8690) = 5385 [pid 5385] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5385] chdir("./17") = 0 [pid 5385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5385] setpgid(0, 0) = 0 [pid 5385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5385] write(3, "1000", 4) = 4 [pid 5385] close(3) = 0 [pid 5385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5385] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5385] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5386 attached [pid 5386] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5385] <... clone3 resumed> => {parent_tid=[5386]}, 88) = 5386 [pid 5386] <... rseq resumed>) = 0 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5386] set_robust_list(0x7f665501d9a0, 24 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] <... set_robust_list resumed>) = 0 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] memfd_create("syzkaller", 0) = 3 [pid 5386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5386] munmap(0x7f664ca00000, 138412032) = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5386] close(3) = 0 [pid 5386] close(4) = 0 [pid 5386] mkdir("./file0", 0777) = 0 [ 111.244059][ T5386] loop0: detected capacity change from 0 to 32768 [ 111.276650][ T5386] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5386) [pid 5386] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5386] chdir("./file0") = 0 [pid 5386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5386] ioctl(4, LOOP_CLR_FD) = 0 [pid 5386] close(4) = 0 [pid 5386] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] open("./file0", O_RDONLY [pid 5385] <... futex resumed>) = 0 [pid 5385] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5386] <... open resumed>) = 4 [pid 5386] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] <... futex resumed>) = 0 [pid 5386] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5386] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5385] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5385] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5386] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5386] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 5386] <... futex resumed>) = 0 [pid 5385] <... mprotect resumed>) = 0 [pid 5386] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5403 attached => {parent_tid=[5403]}, 88) = 5403 [pid 5403] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5403] <... rseq resumed>) = 0 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] set_robust_list(0x7f6654ffc9a0, 24 [pid 5385] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] <... set_robust_list resumed>) = 0 [pid 5385] <... futex resumed>) = 0 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] open(".", O_RDONLY) = 5 [pid 5403] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] <... futex resumed>) = 0 [pid 5403] <... futex resumed>) = 1 [pid 5385] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5403] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5385] <... futex resumed>) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5385] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5386] <... ioctl resumed>) = 0 [pid 5386] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] exit_group(0 [pid 5403] <... futex resumed>) = ? [pid 5386] <... futex resumed>) = ? [pid 5385] <... exit_group resumed>) = ? [pid 5386] +++ exited with 0 +++ [pid 5403] +++ exited with 0 +++ [pid 5385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5385, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5404 attached , child_tidptr=0x5555555e8690) = 5404 [pid 5404] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5404] chdir("./18") = 0 [pid 5404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5404] setpgid(0, 0) = 0 [pid 5404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5404] write(3, "1000", 4) = 4 [pid 5404] close(3) = 0 [pid 5404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5404] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5404] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5405 attached [pid 5405] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5404] <... clone3 resumed> => {parent_tid=[5405]}, 88) = 5405 [pid 5405] set_robust_list(0x7f665501d9a0, 24 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], [pid 5405] <... set_robust_list resumed>) = 0 [pid 5404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], [pid 5404] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5404] <... futex resumed>) = 0 [pid 5405] memfd_create("syzkaller", 0 [pid 5404] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5405] <... memfd_create resumed>) = 3 [pid 5405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5405] munmap(0x7f664ca00000, 138412032) = 0 [pid 5405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5405] close(3) = 0 [pid 5405] close(4) = 0 [pid 5405] mkdir("./file0", 0777) = 0 [ 112.262429][ T5405] loop0: detected capacity change from 0 to 32768 [ 112.287736][ T5405] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5405) [pid 5405] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5405] chdir("./file0") = 0 [pid 5405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5405] ioctl(4, LOOP_CLR_FD) = 0 [pid 5405] close(4) = 0 [pid 5405] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5405] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5404] <... futex resumed>) = 0 [pid 5405] open("./file0", O_RDONLY [pid 5404] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... open resumed>) = 4 [pid 5405] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5404] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5404] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5422 attached [pid 5422] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5422] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5422] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] <... clone3 resumed> => {parent_tid=[5422]}, 88) = 5422 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5404] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5404] <... futex resumed>) = 1 [pid 5422] open(".", O_RDONLY) = 5 [pid 5422] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5404] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5422] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5404] <... futex resumed>) = 1 [pid 5404] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5422] <... ioctl resumed>) = 0 [pid 5405] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5422] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5405] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] exit_group(0 [pid 5405] <... futex resumed>) = 0 [pid 5405] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] <... futex resumed>) = ? [pid 5405] <... futex resumed>) = ? [pid 5404] <... exit_group resumed>) = ? [pid 5422] +++ exited with 0 +++ [pid 5405] +++ exited with 0 +++ [pid 5404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5404, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5423 attached , child_tidptr=0x5555555e8690) = 5423 [pid 5423] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5423] chdir("./19") = 0 [pid 5423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5423] setpgid(0, 0) = 0 [pid 5423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5423] write(3, "1000", 4) = 4 [pid 5423] close(3) = 0 [pid 5423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5423] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5423] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5424 attached [pid 5424] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5424] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5423] <... clone3 resumed> => {parent_tid=[5424]}, 88) = 5424 [pid 5424] rt_sigprocmask(SIG_SETMASK, [], [pid 5423] rt_sigprocmask(SIG_SETMASK, [], [pid 5424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5424] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5423] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5423] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5424] memfd_create("syzkaller", 0) = 3 [pid 5424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5424] munmap(0x7f664ca00000, 138412032) = 0 [pid 5424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5424] close(3) = 0 [pid 5424] close(4) = 0 [pid 5424] mkdir("./file0", 0777) = 0 [ 113.096968][ T5424] loop0: detected capacity change from 0 to 32768 [ 113.123857][ T5424] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5424) [pid 5424] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5424] chdir("./file0") = 0 [pid 5424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5424] ioctl(4, LOOP_CLR_FD) = 0 [pid 5424] close(4) = 0 [pid 5424] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5424] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5423] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] open("./file0", O_RDONLY) = 4 [pid 5424] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5423] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5423] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5423] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5424] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5423] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} [pid 5424] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5441 attached ) = 0 [pid 5424] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5423] <... clone3 resumed> => {parent_tid=[5441]}, 88) = 5441 [pid 5441] <... rseq resumed>) = 0 [pid 5441] set_robust_list(0x7f6654ffc9a0, 24 [pid 5423] rt_sigprocmask(SIG_SETMASK, [], [pid 5441] <... set_robust_list resumed>) = 0 [pid 5423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5441] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... futex resumed>) = 0 [pid 5441] open(".", O_RDONLY [pid 5423] <... futex resumed>) = 1 [pid 5441] <... open resumed>) = 5 [pid 5423] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5441] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] <... futex resumed>) = 0 [pid 5423] <... futex resumed>) = 1 [pid 5424] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5423] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5424] <... ioctl resumed>) = 0 [pid 5424] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] exit_group(0 [pid 5441] <... futex resumed>) = ? [pid 5424] <... futex resumed>) = ? [pid 5423] <... exit_group resumed>) = ? [pid 5441] +++ exited with 0 +++ [pid 5424] +++ exited with 0 +++ [pid 5423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5423, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5442 attached [pid 5442] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 5442 [pid 5442] <... set_robust_list resumed>) = 0 [pid 5442] chdir("./20") = 0 [pid 5442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5442] setpgid(0, 0) = 0 [pid 5442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5442] write(3, "1000", 4) = 4 [pid 5442] close(3) = 0 [pid 5442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5442] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5442] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5442] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5443 attached [pid 5443] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5442] <... clone3 resumed> => {parent_tid=[5443]}, 88) = 5443 [pid 5443] set_robust_list(0x7f665501d9a0, 24 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], [pid 5443] <... set_robust_list resumed>) = 0 [pid 5442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5442] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] memfd_create("syzkaller", 0 [pid 5442] <... futex resumed>) = 0 [pid 5442] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5443] <... memfd_create resumed>) = 3 [pid 5443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5443] munmap(0x7f664ca00000, 138412032) = 0 [pid 5443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5443] close(3) = 0 [pid 5443] close(4) = 0 [pid 5443] mkdir("./file0", 0777) = 0 [ 113.991381][ T5443] loop0: detected capacity change from 0 to 32768 [ 114.024936][ T5443] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5443) [ 114.046389][ T5443] _btrfs_printk: 170 callbacks suppressed [ 114.046409][ T5443] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 114.066617][ T5443] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 114.075733][ T5443] BTRFS info (device loop0): using free-space-tree [pid 5443] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5443] chdir("./file0") = 0 [pid 5443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5443] ioctl(4, LOOP_CLR_FD) = 0 [pid 5443] close(4) = 0 [pid 5443] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5443] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5442] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] open("./file0", O_RDONLY) = 4 [pid 5442] <... futex resumed>) = 0 [pid 5443] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5442] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5442] <... futex resumed>) = 1 [pid 5443] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 114.227851][ T5443] BTRFS info (device loop0): balance: start -f -s [ 114.234903][ T5443] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 114.243524][ T5443] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 114.251892][ T5443] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 114.265836][ T5443] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5442] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5442] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5442] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[5461]}, 88) = 5461 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5442] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5461 attached [pid 5461] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5461] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5461] open(".", O_RDONLY) = 5 [pid 5461] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5461] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5442] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5442] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 114.274707][ T5443] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 114.282480][ T5443] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 114.290178][ T5443] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 114.298071][ T5443] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [pid 5461] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5442] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5461] <... ioctl resumed>) = 0 [pid 5461] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 114.479434][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 114.488604][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 114.502935][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 114.512896][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 114.520860][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 114.528562][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 114.536433][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 114.545189][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 114.554305][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 114.568954][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 114.577779][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 114.585512][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 114.593205][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 114.601068][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 114.615320][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 114.624456][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 114.638428][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 114.647320][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 114.655005][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 114.662737][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 114.670610][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [pid 5461] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 114.679287][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 114.688429][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 114.702674][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 114.712070][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 114.719715][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5442] exit_group(0) = ? [pid 5461] <... futex resumed>) = ? [pid 5461] +++ exited with 0 +++ [ 114.727390][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 114.735241][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 114.747865][ T5443] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5443] <... ioctl resumed> ) = ? [pid 5443] +++ exited with 0 +++ [pid 5442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5442, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=45 /* 0.45 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 114.776470][ T5443] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 114.864044][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5462 attached , child_tidptr=0x5555555e8690) = 5462 [pid 5462] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5462] chdir("./21") = 0 [pid 5462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5462] setpgid(0, 0) = 0 [pid 5462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5462] write(3, "1000", 4) = 4 [pid 5462] close(3) = 0 [pid 5462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5462] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5462] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5463 attached => {parent_tid=[5463]}, 88) = 5463 [pid 5463] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], [pid 5463] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5463] rt_sigprocmask(SIG_SETMASK, [], [pid 5462] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5463] memfd_create("syzkaller", 0) = 3 [pid 5463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5463] munmap(0x7f664ca00000, 138412032) = 0 [pid 5463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5463] close(3) = 0 [pid 5463] close(4) = 0 [pid 5463] mkdir("./file0", 0777) = 0 [ 115.319874][ T5463] loop0: detected capacity change from 0 to 32768 [ 115.346877][ T5463] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5463) [ 115.369838][ T5463] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 115.380464][ T5463] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 115.389428][ T5463] BTRFS info (device loop0): using free-space-tree [pid 5463] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5463] chdir("./file0") = 0 [pid 5463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5463] ioctl(4, LOOP_CLR_FD) = 0 [pid 5463] close(4) = 0 [pid 5463] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5463] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5463] open("./file0", O_RDONLY [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... open resumed>) = 4 [pid 5463] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] <... futex resumed>) = 1 [pid 5463] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5462] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5462] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [ 115.548881][ T5463] BTRFS info (device loop0): balance: start -f -s [ 115.555595][ T5463] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 115.562715][ T5463] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 115.571036][ T5463] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 115.584668][ T5463] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5462] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5480 attached [pid 5480] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5462] <... clone3 resumed> => {parent_tid=[5480]}, 88) = 5480 [pid 5480] <... rseq resumed>) = 0 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], [pid 5480] set_robust_list(0x7f6654ffc9a0, 24 [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5480] <... set_robust_list resumed>) = 0 [pid 5480] rt_sigprocmask(SIG_SETMASK, [], [pid 5462] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] open(".", O_RDONLY) = 5 [pid 5480] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5480] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5462] <... futex resumed>) = 0 [pid 5480] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 115.593536][ T5463] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 115.601629][ T5463] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 115.609748][ T5463] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 115.618363][ T5463] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 115.664414][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 270336 free, is full [ 115.673496][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1507328, may_use=1437696, readonly=0 zone_unusable=0 [ 115.687733][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 115.696529][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 115.704241][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5462] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 115.712047][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 115.719888][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 115.729854][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 135168 free, is full [ 115.739554][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1646592, may_use=1433600, readonly=0 zone_unusable=0 [ 115.753959][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 115.762838][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 115.770523][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 115.778191][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 115.786023][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5480] <... ioctl resumed>) = 0 [pid 5480] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 115.849224][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 115.858705][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 115.872757][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 115.881564][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 115.889211][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 115.896906][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 115.904771][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 115.913415][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 115.922527][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 115.936835][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 115.945681][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 115.953388][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 115.961085][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 115.968925][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 115.982817][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 115.991282][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 116.000507][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 116.014235][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 116.022155][ T5463] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 116.031265][ T5463] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 116.045096][ T5463] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 116.053917][ T5463] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 116.061624][ T5463] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 116.069289][ T5463] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 116.077187][ T5463] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 116.085621][ T5463] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5480] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5463] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5463] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] exit_group(0 [pid 5480] <... futex resumed>) = ? [pid 5462] <... exit_group resumed>) = ? [pid 5480] +++ exited with 0 +++ [pid 5463] +++ exited with 0 +++ [pid 5462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5462, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 116.115246][ T5463] BTRFS info (device loop0): balance: ended with status: 0 [ 116.145353][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 5481 ./strace-static-x86_64: Process 5481 attached [pid 5481] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5481] chdir("./22") = 0 [pid 5481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5481] setpgid(0, 0) = 0 [pid 5481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5481] write(3, "1000", 4) = 4 [pid 5481] close(3) = 0 [pid 5481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5481] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5481] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5481] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5482 attached [pid 5482] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5481] <... clone3 resumed> => {parent_tid=[5482]}, 88) = 5482 [pid 5482] set_robust_list(0x7f665501d9a0, 24 [pid 5481] rt_sigprocmask(SIG_SETMASK, [], [pid 5482] <... set_robust_list resumed>) = 0 [pid 5482] rt_sigprocmask(SIG_SETMASK, [], [pid 5481] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5481] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] memfd_create("syzkaller", 0 [pid 5481] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5482] <... memfd_create resumed>) = 3 [pid 5482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5482] munmap(0x7f664ca00000, 138412032) = 0 [pid 5482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5482] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5482] close(3) = 0 [pid 5482] close(4) = 0 [pid 5482] mkdir("./file0", 0777) = 0 [ 116.552632][ T5482] loop0: detected capacity change from 0 to 32768 [ 116.584179][ T5482] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5482) [ 116.608946][ T5482] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 116.619310][ T5482] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 116.628676][ T5482] BTRFS info (device loop0): using free-space-tree [pid 5482] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5482] chdir("./file0") = 0 [pid 5482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5482] ioctl(4, LOOP_CLR_FD) = 0 [pid 5482] close(4) = 0 [pid 5482] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5482] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5481] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5481] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] open("./file0", O_RDONLY) = 4 [pid 5482] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... futex resumed>) = 0 [pid 5482] <... futex resumed>) = 1 [pid 5481] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5482] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5481] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5481] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5482] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] <... futex resumed>) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5482] open(".", O_RDONLY) = 5 [pid 5482] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5481] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5482] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5481] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5482] <... ioctl resumed>) = 0 [pid 5482] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] exit_group(0 [pid 5482] <... futex resumed>) = ? [pid 5481] <... exit_group resumed>) = ? [pid 5482] +++ exited with 0 +++ [pid 5481] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5481, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5499 attached , child_tidptr=0x5555555e8690) = 5499 [pid 5499] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5499] chdir("./23") = 0 [pid 5499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5499] setpgid(0, 0) = 0 [pid 5499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5499] write(3, "1000", 4) = 4 [pid 5499] close(3) = 0 [pid 5499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5499] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5499] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5500 attached [pid 5500] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5499] <... clone3 resumed> => {parent_tid=[5500]}, 88) = 5500 [pid 5500] set_robust_list(0x7f665501d9a0, 24 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], [pid 5500] <... set_robust_list resumed>) = 0 [pid 5500] rt_sigprocmask(SIG_SETMASK, [], [pid 5499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5499] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] memfd_create("syzkaller", 0 [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5500] <... memfd_create resumed>) = 3 [pid 5500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5500] munmap(0x7f664ca00000, 138412032) = 0 [pid 5500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5500] close(3) = 0 [pid 5500] close(4) = 0 [pid 5500] mkdir("./file0", 0777) = 0 [ 117.455894][ T5500] loop0: detected capacity change from 0 to 32768 [ 117.478311][ T5500] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5500) [pid 5500] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5500] chdir("./file0") = 0 [pid 5500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5500] ioctl(4, LOOP_CLR_FD) = 0 [pid 5500] close(4) = 0 [pid 5500] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] <... futex resumed>) = 0 [pid 5500] open("./file0", O_RDONLY [pid 5499] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... open resumed>) = 4 [pid 5500] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5500] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 0 [pid 5500] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5499] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5499] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 5500] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5500] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... mprotect resumed>) = 0 [pid 5500] <... futex resumed>) = 0 [pid 5500] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5517 attached [pid 5517] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5517] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5499] <... clone3 resumed> => {parent_tid=[5517]}, 88) = 5517 [pid 5517] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5499] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 0 [pid 5499] <... futex resumed>) = 1 [pid 5517] open(".", O_RDONLY [pid 5499] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... open resumed>) = 5 [pid 5517] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5499] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5499] <... futex resumed>) = 1 [pid 5499] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5500] <... futex resumed>) = 0 [pid 5500] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5500] <... ioctl resumed>) = 0 [pid 5500] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] exit_group(0 [pid 5500] <... futex resumed>) = 231 [pid 5517] <... futex resumed>) = ? [pid 5500] +++ exited with 0 +++ [pid 5499] <... exit_group resumed>) = ? [pid 5517] +++ exited with 0 +++ [pid 5499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5499, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5518 attached [pid 5518] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 5518 [pid 5518] <... set_robust_list resumed>) = 0 [pid 5518] chdir("./24") = 0 [pid 5518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5518] setpgid(0, 0) = 0 [pid 5518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5518] write(3, "1000", 4) = 4 [pid 5518] close(3) = 0 [pid 5518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5518] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5518] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5518] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5518] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5518] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5519 attached => {parent_tid=[5519]}, 88) = 5519 [pid 5519] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5518] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... rseq resumed>) = 0 [pid 5518] <... futex resumed>) = 0 [pid 5518] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5519] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5519] memfd_create("syzkaller", 0) = 3 [pid 5519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5519] munmap(0x7f664ca00000, 138412032) = 0 [pid 5519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5519] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5519] close(3) = 0 [pid 5519] close(4) = 0 [pid 5519] mkdir("./file0", 0777) = 0 [ 118.358234][ T5519] loop0: detected capacity change from 0 to 32768 [ 118.391925][ T5519] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5519) [pid 5519] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5519] chdir("./file0") = 0 [pid 5519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5519] ioctl(4, LOOP_CLR_FD) = 0 [pid 5519] close(4) = 0 [pid 5519] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] <... futex resumed>) = 0 [pid 5518] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... futex resumed>) = 1 [pid 5519] open("./file0", O_RDONLY) = 4 [pid 5519] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5519] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5518] <... futex resumed>) = 0 [pid 5519] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5518] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5518] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5518] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5518] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5518] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[5536]}, 88) = 5536 [pid 5518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5518] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5536 attached [pid 5536] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5536] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5536] open(".", O_RDONLY) = 5 [pid 5536] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5536] <... futex resumed>) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5536] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5518] <... futex resumed>) = 0 [pid 5519] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5536] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5519] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5536] <... ioctl resumed>) = 0 [pid 5536] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] exit_group(0 [pid 5519] <... futex resumed>) = ? [pid 5518] <... exit_group resumed>) = ? [pid 5536] +++ exited with 0 +++ [pid 5519] +++ exited with 0 +++ [pid 5518] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5518, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5537 attached , child_tidptr=0x5555555e8690) = 5537 [pid 5537] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5537] chdir("./25") = 0 [pid 5537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5537] setpgid(0, 0) = 0 [pid 5537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5537] write(3, "1000", 4) = 4 [pid 5537] close(3) = 0 [pid 5537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5537] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5537] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5538 attached => {parent_tid=[5538]}, 88) = 5538 [pid 5538] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5538] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5538] rt_sigprocmask(SIG_SETMASK, [], [pid 5537] rt_sigprocmask(SIG_SETMASK, [], [pid 5538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5538] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5537] <... futex resumed>) = 0 [pid 5537] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5538] memfd_create("syzkaller", 0) = 3 [pid 5538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5538] munmap(0x7f664ca00000, 138412032) = 0 [pid 5538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5538] close(3) = 0 [pid 5538] close(4) = 0 [pid 5538] mkdir("./file0", 0777) = 0 [ 119.198250][ T5538] loop0: detected capacity change from 0 to 32768 [ 119.227740][ T5538] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5538) [ 119.249173][ T5538] _btrfs_printk: 159 callbacks suppressed [ 119.249195][ T5538] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 119.266495][ T5538] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 119.275940][ T5538] BTRFS info (device loop0): using free-space-tree [pid 5538] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5538] chdir("./file0") = 0 [pid 5538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5538] ioctl(4, LOOP_CLR_FD) = 0 [pid 5538] close(4) = 0 [pid 5538] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5538] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] <... futex resumed>) = 0 [pid 5537] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = 0 [pid 5538] open("./file0", O_RDONLY) = 4 [pid 5538] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] <... futex resumed>) = 1 [pid 5538] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5537] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5538] <... futex resumed>) = 0 [pid 5538] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5537] <... futex resumed>) = 1 [ 119.434810][ T5538] BTRFS info (device loop0): balance: start -f -s [ 119.441661][ T5538] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 119.448816][ T5538] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 119.457201][ T5538] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 119.470961][ T5538] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5537] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5537] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5537] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5556 attached => {parent_tid=[5556]}, 88) = 5556 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], [pid 5556] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5537] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 119.479797][ T5538] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 119.487609][ T5538] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 119.495365][ T5538] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 119.503245][ T5538] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 119.533683][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 119.543337][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 119.558052][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 119.567830][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 119.576058][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5537] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5556] <... rseq resumed>) = 0 [pid 5537] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5537] futex(0x7f66550ed6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fbb000 [pid 5537] mprotect(0x7f6654fbc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654fdb990, parent_tid=0x7f6654fdb990, exit_signal=0, stack=0x7f6654fbb000, stack_size=0x20300, tls=0x7f6654fdb6c0} => {parent_tid=[5557]}, 88) = 5557 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5537] futex(0x7f66550ed6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5537] futex(0x7f66550ed6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5557 attached [pid 5557] rseq(0x7f6654fdbfe0, 0x20, 0, 0x53053053) = 0 [pid 5557] set_robust_list(0x7f6654fdb9a0, 24) = 0 [pid 5557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5557] ioctl(-1, FITRIM, {start=0, len=4294983680, minlen=0}) = -1 EBADF (Bad file descriptor) [pid 5557] futex(0x7f66550ed6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5537] <... futex resumed>) = 0 [pid 5557] futex(0x7f66550ed6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] set_robust_list(0x7f6654ffc9a0, 24) = 0 [ 119.583915][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 119.591808][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 119.602072][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 119.611237][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 119.625400][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [pid 5556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5556] open(".", O_RDONLY) = 5 [pid 5556] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 119.634300][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 119.642033][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 119.649712][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 119.657583][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 119.675315][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 119.684468][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 119.698466][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 119.707340][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 119.715048][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 119.722759][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 119.730626][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 119.739170][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 119.748300][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 119.762325][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 119.771159][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 119.778847][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5556] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5537] exit_group(0 [pid 5557] <... futex resumed>) = ? [pid 5556] <... futex resumed>) = ? [pid 5537] <... exit_group resumed>) = ? [pid 5557] +++ exited with 0 +++ [pid 5556] +++ exited with 0 +++ [ 119.786539][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 119.794433][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 119.807286][ T5538] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5538] <... ioctl resumed> ) = ? [pid 5538] +++ exited with 0 +++ [pid 5537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5537, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 119.837539][ T5538] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 119.910933][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5558 attached , child_tidptr=0x5555555e8690) = 5558 [pid 5558] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5558] chdir("./26") = 0 [pid 5558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5558] setpgid(0, 0) = 0 [pid 5558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5558] write(3, "1000", 4) = 4 [pid 5558] close(3) = 0 [pid 5558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5558] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5558] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5558] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5559 attached [pid 5559] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5558] <... clone3 resumed> => {parent_tid=[5559]}, 88) = 5559 [pid 5559] <... rseq resumed>) = 0 [pid 5558] rt_sigprocmask(SIG_SETMASK, [], [pid 5559] set_robust_list(0x7f665501d9a0, 24 [pid 5558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5559] <... set_robust_list resumed>) = 0 [pid 5558] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5558] <... futex resumed>) = 0 [pid 5559] memfd_create("syzkaller", 0 [pid 5558] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5559] <... memfd_create resumed>) = 3 [pid 5559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5559] munmap(0x7f664ca00000, 138412032) = 0 [pid 5559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5559] close(3) = 0 [pid 5559] close(4) = 0 [pid 5559] mkdir("./file0", 0777) = 0 [ 120.444567][ T5559] loop0: detected capacity change from 0 to 32768 [ 120.470576][ T5559] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5559) [ 120.488480][ T5559] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 120.503432][ T5559] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 120.512685][ T5559] BTRFS info (device loop0): using free-space-tree [pid 5559] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5559] chdir("./file0") = 0 [pid 5559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5559] ioctl(4, LOOP_CLR_FD) = 0 [pid 5559] close(4) = 0 [pid 5559] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] open("./file0", O_RDONLY) = 4 [pid 5559] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = 0 [pid 5559] <... futex resumed>) = 1 [pid 5558] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5558] <... futex resumed>) = 0 [ 120.654006][ T5559] BTRFS info (device loop0): balance: start -f -s [ 120.660673][ T5559] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 120.667741][ T5559] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 120.676240][ T5559] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 120.689867][ T5559] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5558] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5558] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5558] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5576 attached [pid 5576] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5558] <... clone3 resumed> => {parent_tid=[5576]}, 88) = 5576 [pid 5576] <... rseq resumed>) = 0 [pid 5558] rt_sigprocmask(SIG_SETMASK, [], [pid 5576] set_robust_list(0x7f6654ffc9a0, 24 [pid 5558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5576] <... set_robust_list resumed>) = 0 [pid 5558] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] rt_sigprocmask(SIG_SETMASK, [], [pid 5558] <... futex resumed>) = 0 [pid 5576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5558] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] open(".", O_RDONLY) = 5 [pid 5576] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... futex resumed>) = 0 [pid 5576] <... futex resumed>) = 1 [pid 5558] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5558] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5558] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 120.698704][ T5559] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 120.706418][ T5559] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 120.714141][ T5559] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 120.722154][ T5559] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [pid 5576] <... ioctl resumed>) = 0 [pid 5576] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 120.785701][ T3065] BTRFS info (device loop0): left=0, need=98304, flags=5 [ 120.793152][ T3065] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 120.801471][ T3065] BTRFS info (device loop0): space_info total=12451840, used=4096, pinned=0, reserved=8253440, may_use=0, readonly=4194304 zone_unusable=0 [ 120.815902][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 120.824760][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 120.832492][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 120.840203][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 120.848128][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 120.857296][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 120.867258][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 120.881291][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 120.890149][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 120.897806][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 120.905513][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 120.913385][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 120.922017][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 120.931092][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 120.946540][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 120.955358][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 120.963218][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 120.970920][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 120.978852][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 120.993431][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 121.002958][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 121.016942][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 121.025865][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 121.033562][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 121.041276][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 121.049096][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 121.057778][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 121.066992][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 121.081034][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 121.089827][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 121.097548][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 121.105266][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 121.113148][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 121.126507][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 121.134970][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 121.144876][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 121.158621][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 121.166275][ T5559] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5576] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5559] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] exit_group(0 [pid 5576] <... futex resumed>) = ? [pid 5576] +++ exited with 0 +++ [pid 5559] <... futex resumed>) = ? [pid 5558] <... exit_group resumed>) = ? [pid 5559] +++ exited with 0 +++ [pid 5558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5558, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 121.175376][ T5559] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 121.189342][ T5559] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 121.198188][ T5559] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 121.205924][ T5559] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5577 attached , child_tidptr=0x5555555e8690) = 5577 [pid 5577] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5577] chdir("./27") = 0 [pid 5577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5577] setpgid(0, 0) = 0 [pid 5577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5577] write(3, "1000", 4) = 4 [pid 5577] close(3) = 0 [pid 5577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5577] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5577] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5577] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5577] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5578 attached [pid 5578] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5577] <... clone3 resumed> => {parent_tid=[5578]}, 88) = 5578 [pid 5578] set_robust_list(0x7f665501d9a0, 24 [pid 5577] rt_sigprocmask(SIG_SETMASK, [], [pid 5578] <... set_robust_list resumed>) = 0 [pid 5577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5578] rt_sigprocmask(SIG_SETMASK, [], [pid 5577] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5578] memfd_create("syzkaller", 0) = 3 [pid 5578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5578] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5578] munmap(0x7f664ca00000, 138412032) = 0 [pid 5578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5578] close(3) = 0 [pid 5578] close(4) = 0 [pid 5578] mkdir("./file0", 0777) = 0 [pid 5578] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [ 121.772333][ T5578] loop0: detected capacity change from 0 to 32768 [ 121.796352][ T5578] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5578) [pid 5578] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5578] chdir("./file0") = 0 [pid 5578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5578] ioctl(4, LOOP_CLR_FD) = 0 [pid 5578] close(4) = 0 [pid 5578] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5578] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5578] open("./file0", O_RDONLY [pid 5577] <... futex resumed>) = 0 [pid 5578] <... open resumed>) = 4 [pid 5577] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 0 [pid 5577] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5577] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5577] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5577] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5577] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5577] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5595 attached => {parent_tid=[5595]}, 88) = 5595 [pid 5577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5577] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5595] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5595] open(".", O_RDONLY [pid 5578] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5595] <... open resumed>) = 5 [pid 5578] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = 0 [pid 5595] <... futex resumed>) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5578] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5595] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] <... futex resumed>) = 0 [pid 5578] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5577] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5578] <... ioctl resumed>) = 0 [pid 5578] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] exit_group(0 [pid 5595] <... futex resumed>) = ? [pid 5578] <... futex resumed>) = ? [pid 5577] <... exit_group resumed>) = ? [pid 5595] +++ exited with 0 +++ [pid 5578] +++ exited with 0 +++ [pid 5577] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5577, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5596 attached , child_tidptr=0x5555555e8690) = 5596 [pid 5596] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5596] chdir("./28") = 0 [pid 5596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5596] setpgid(0, 0) = 0 [pid 5596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5596] write(3, "1000", 4) = 4 [pid 5596] close(3) = 0 [pid 5596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5596] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5596] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5597 attached [pid 5597] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5596] <... clone3 resumed> => {parent_tid=[5597]}, 88) = 5597 [pid 5597] <... rseq resumed>) = 0 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5597] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5597] rt_sigprocmask(SIG_SETMASK, [], [pid 5596] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5596] <... futex resumed>) = 0 [pid 5597] memfd_create("syzkaller", 0 [pid 5596] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5597] <... memfd_create resumed>) = 3 [pid 5597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5597] munmap(0x7f664ca00000, 138412032) = 0 [pid 5597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5597] close(3) = 0 [pid 5597] close(4) = 0 [pid 5597] mkdir("./file0", 0777) = 0 [ 122.642317][ T5597] loop0: detected capacity change from 0 to 32768 [ 122.671510][ T5597] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5597) [pid 5597] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5597] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5597] chdir("./file0") = 0 [pid 5597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5597] ioctl(4, LOOP_CLR_FD) = 0 [pid 5597] close(4) = 0 [pid 5597] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5597] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5596] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] open("./file0", O_RDONLY [pid 5596] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... open resumed>) = 4 [pid 5597] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5596] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5596] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5596] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5597] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5596] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 5597] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] <... mprotect resumed>) = 0 [pid 5596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5614 attached => {parent_tid=[5614]}, 88) = 5614 [pid 5614] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5614] <... rseq resumed>) = 0 [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5614] set_robust_list(0x7f6654ffc9a0, 24 [pid 5596] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... set_robust_list resumed>) = 0 [pid 5596] <... futex resumed>) = 0 [pid 5614] rt_sigprocmask(SIG_SETMASK, [], [pid 5596] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5614] open(".", O_RDONLY) = 5 [pid 5614] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5614] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5596] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] <... futex resumed>) = 0 [pid 5596] <... futex resumed>) = 1 [pid 5597] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5596] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5597] <... ioctl resumed>) = 0 [pid 5597] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] exit_group(0 [pid 5597] <... futex resumed>) = 0 [pid 5596] <... exit_group resumed>) = ? [pid 5614] <... futex resumed>) = ? [pid 5597] +++ exited with 0 +++ [pid 5614] +++ exited with 0 +++ [pid 5596] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5596, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5615 attached , child_tidptr=0x5555555e8690) = 5615 [pid 5615] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5615] chdir("./29") = 0 [pid 5615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5615] setpgid(0, 0) = 0 [pid 5615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5615] write(3, "1000", 4) = 4 [pid 5615] close(3) = 0 [pid 5615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5615] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5615] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5615] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5616 attached [pid 5616] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5615] <... clone3 resumed> => {parent_tid=[5616]}, 88) = 5616 [pid 5616] set_robust_list(0x7f665501d9a0, 24 [pid 5615] rt_sigprocmask(SIG_SETMASK, [], [pid 5616] <... set_robust_list resumed>) = 0 [pid 5615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5616] rt_sigprocmask(SIG_SETMASK, [], [pid 5615] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5615] <... futex resumed>) = 0 [pid 5615] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5616] memfd_create("syzkaller", 0) = 3 [pid 5616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5616] munmap(0x7f664ca00000, 138412032) = 0 [pid 5616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5616] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5616] close(3) = 0 [pid 5616] close(4) = 0 [pid 5616] mkdir("./file0", 0777) = 0 [ 123.527129][ T5616] loop0: detected capacity change from 0 to 32768 [ 123.553387][ T5616] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5616) [pid 5616] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5616] chdir("./file0") = 0 [pid 5616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5616] ioctl(4, LOOP_CLR_FD) = 0 [pid 5616] close(4) = 0 [pid 5616] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5616] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5615] <... futex resumed>) = 0 [pid 5616] open("./file0", O_RDONLY) = 4 [pid 5615] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5616] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = 0 [pid 5615] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5616] <... futex resumed>) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5615] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5616] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5615] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5615] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5616] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5616] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... mmap resumed>) = 0x7f6654fdc000 [pid 5616] <... futex resumed>) = 0 [pid 5616] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5633 attached => {parent_tid=[5633]}, 88) = 5633 [pid 5615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5633] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5615] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] set_robust_list(0x7f6654ffc9a0, 24 [pid 5615] <... futex resumed>) = 0 [pid 5633] <... set_robust_list resumed>) = 0 [pid 5615] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5633] open(".", O_RDONLY) = 5 [pid 5633] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5633] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5615] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5616] <... futex resumed>) = 0 [pid 5616] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5615] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5616] <... ioctl resumed>) = 0 [pid 5616] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] exit_group(0) = ? [pid 5633] <... futex resumed>) = ? [pid 5616] <... futex resumed>) = ? [pid 5633] +++ exited with 0 +++ [pid 5616] +++ exited with 0 +++ [pid 5615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5615, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5634 attached , child_tidptr=0x5555555e8690) = 5634 [pid 5634] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5634] chdir("./30") = 0 [pid 5634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5634] setpgid(0, 0) = 0 [pid 5634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5634] write(3, "1000", 4) = 4 [pid 5634] close(3) = 0 [pid 5634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5634] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5634] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5634] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5635 attached [pid 5635] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5634] <... clone3 resumed> => {parent_tid=[5635]}, 88) = 5635 [pid 5635] set_robust_list(0x7f665501d9a0, 24 [pid 5634] rt_sigprocmask(SIG_SETMASK, [], [pid 5635] <... set_robust_list resumed>) = 0 [pid 5635] rt_sigprocmask(SIG_SETMASK, [], [pid 5634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5634] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] memfd_create("syzkaller", 0 [pid 5634] <... futex resumed>) = 0 [pid 5635] <... memfd_create resumed>) = 3 [pid 5634] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5635] munmap(0x7f664ca00000, 138412032) = 0 [pid 5635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5635] close(3) = 0 [pid 5635] close(4) = 0 [pid 5635] mkdir("./file0", 0777) = 0 [ 124.465587][ T5635] loop0: detected capacity change from 0 to 32768 [ 124.503933][ T5635] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5635) [ 124.530508][ T5635] _btrfs_printk: 167 callbacks suppressed [ 124.530528][ T5635] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 124.546621][ T5635] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 124.555849][ T5635] BTRFS info (device loop0): using free-space-tree [pid 5635] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5635] chdir("./file0") = 0 [pid 5635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5635] ioctl(4, LOOP_CLR_FD) = 0 [pid 5635] close(4) = 0 [pid 5635] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] <... futex resumed>) = 0 [pid 5634] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5634] <... futex resumed>) = 1 [pid 5635] open("./file0", O_RDONLY [pid 5634] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... open resumed>) = 4 [pid 5635] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] <... futex resumed>) = 0 [pid 5634] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5634] <... futex resumed>) = 1 [pid 5635] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5634] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5634] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5634] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[5653]}, 88) = 5653 ./strace-static-x86_64: Process 5653 attached [pid 5634] rt_sigprocmask(SIG_SETMASK, [], [pid 5653] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5653] <... rseq resumed>) = 0 [pid 5634] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] set_robust_list(0x7f6654ffc9a0, 24 [pid 5634] <... futex resumed>) = 0 [ 124.740975][ T5635] BTRFS info (device loop0): balance: start -f -s [ 124.747669][ T5635] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 124.755397][ T5635] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 124.763905][ T5635] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 124.777550][ T5635] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5653] <... set_robust_list resumed>) = 0 [pid 5634] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5653] open(".", O_RDONLY) = 5 [pid 5653] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] <... futex resumed>) = 0 [pid 5634] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = 0 [pid 5634] <... futex resumed>) = 1 [pid 5653] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5634] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5634] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 124.786506][ T5635] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 124.795307][ T5635] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 124.803057][ T5635] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 124.812502][ T5635] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [pid 5653] <... ioctl resumed>) = 0 [pid 5653] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 124.967254][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 124.977259][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 124.991243][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 125.000080][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 125.007734][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 125.015432][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 125.023336][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 125.032014][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 125.041205][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 125.055240][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 125.064155][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 125.071959][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 125.079628][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 125.087491][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 125.101706][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 125.111757][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 125.125805][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 125.134636][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 125.142353][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 125.150059][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 125.157881][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 125.166571][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 125.175711][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 125.190201][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 125.199015][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 125.206750][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 125.214462][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 125.222342][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 125.235682][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 125.244129][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 125.253237][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 5653] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] exit_group(0) = ? [pid 5653] <... futex resumed>) = ? [pid 5653] +++ exited with 0 +++ [ 125.266970][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 125.274579][ T5635] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 125.283679][ T5635] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 125.297579][ T5635] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 125.307623][ T5635] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 125.315320][ T5635] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 125.323037][ T5635] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 125.330908][ T5635] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 125.339321][ T5635] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5635] <... ioctl resumed> ) = ? [pid 5635] +++ exited with 0 +++ [pid 5634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5634, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 125.368621][ T5635] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 [ 125.456644][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5654 attached , child_tidptr=0x5555555e8690) = 5654 [pid 5654] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5654] chdir("./31") = 0 [pid 5654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5654] setpgid(0, 0) = 0 [pid 5654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5654] write(3, "1000", 4) = 4 [pid 5654] close(3) = 0 [pid 5654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5654] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5654] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5654] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5654] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5654] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5655 attached [pid 5655] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5654] <... clone3 resumed> => {parent_tid=[5655]}, 88) = 5655 [pid 5655] <... rseq resumed>) = 0 [pid 5654] rt_sigprocmask(SIG_SETMASK, [], [pid 5655] set_robust_list(0x7f665501d9a0, 24 [pid 5654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5655] <... set_robust_list resumed>) = 0 [pid 5654] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5654] <... futex resumed>) = 0 [pid 5655] memfd_create("syzkaller", 0 [pid 5654] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5655] <... memfd_create resumed>) = 3 [pid 5655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5655] munmap(0x7f664ca00000, 138412032) = 0 [pid 5655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5655] close(3) = 0 [pid 5655] close(4) = 0 [pid 5655] mkdir("./file0", 0777) = 0 [ 125.820830][ T5655] loop0: detected capacity change from 0 to 32768 [ 125.857309][ T5655] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5655) [pid 5655] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [ 125.879453][ T5655] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 125.890861][ T5655] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 125.899591][ T5655] BTRFS info (device loop0): using free-space-tree [pid 5655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5655] chdir("./file0") = 0 [pid 5655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5655] ioctl(4, LOOP_CLR_FD) = 0 [pid 5655] close(4) = 0 [pid 5655] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5654] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] open("./file0", O_RDONLY) = 4 [pid 5655] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5654] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5654] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5654] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [ 126.011045][ T5655] BTRFS info (device loop0): balance: start -f -s [ 126.017825][ T5655] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 126.025021][ T5655] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 126.033386][ T5655] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 126.047127][ T5655] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5654] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5654] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5654] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[5673]}, 88) = 5673 [pid 5654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5654] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5654] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5673 attached [pid 5673] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5673] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5673] open(".", O_RDONLY) = 5 [pid 5673] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] <... futex resumed>) = 0 [pid 5673] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5654] <... futex resumed>) = 0 [pid 5673] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 126.056002][ T5655] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 126.065427][ T5655] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 126.073201][ T5655] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 126.081856][ T5655] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 126.146133][ T3065] BTRFS info (device loop0): left=0, need=98304, flags=5 [ 126.153350][ T3065] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 126.161714][ T3065] BTRFS info (device loop0): space_info total=12451840, used=4096, pinned=0, reserved=8253440, may_use=0, readonly=4194304 zone_unusable=0 [ 126.176003][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 126.184880][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 5654] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5673] <... ioctl resumed>) = 0 [ 126.192700][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 126.200443][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 126.208304][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 126.217891][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 126.227040][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [pid 5673] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 126.241101][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 126.250366][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 126.259295][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 126.267045][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 126.274940][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 126.283595][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 126.292779][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 126.306781][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 126.315603][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 126.323353][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 126.331057][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 126.338895][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 126.353435][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 126.362578][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 126.376574][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 126.385415][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 126.393115][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 126.400888][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 126.408803][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 126.417520][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 126.426634][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 126.440865][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [pid 5673] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5655] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5655] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5655] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5654] exit_group(0 [pid 5673] <... futex resumed>) = ? [pid 5655] <... futex resumed>) = ? [pid 5654] <... exit_group resumed>) = ? [pid 5655] +++ exited with 0 +++ [pid 5673] +++ exited with 0 +++ [pid 5654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5654, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- [ 126.449667][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 126.457353][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5675 attached [pid 5675] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 5675 [pid 5675] <... set_robust_list resumed>) = 0 [pid 5675] chdir("./32") = 0 [pid 5675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5675] setpgid(0, 0) = 0 [pid 5675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5675] write(3, "1000", 4) = 4 [pid 5675] close(3) = 0 [pid 5675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5675] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5675] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5675] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5675] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5676 attached => {parent_tid=[5676]}, 88) = 5676 [pid 5676] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], [pid 5676] <... rseq resumed>) = 0 [pid 5675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5676] set_robust_list(0x7f665501d9a0, 24 [pid 5675] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... set_robust_list resumed>) = 0 [pid 5675] <... futex resumed>) = 0 [pid 5676] rt_sigprocmask(SIG_SETMASK, [], [pid 5675] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5676] memfd_create("syzkaller", 0) = 3 [pid 5676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5676] munmap(0x7f664ca00000, 138412032) = 0 [pid 5676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5676] close(3) = 0 [pid 5676] close(4) = 0 [pid 5676] mkdir("./file0", 0777) = 0 [ 127.076884][ T5676] loop0: detected capacity change from 0 to 32768 [ 127.108501][ T5676] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5676) [pid 5676] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5676] chdir("./file0") = 0 [pid 5676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5676] ioctl(4, LOOP_CLR_FD) = 0 [pid 5676] close(4) = 0 [pid 5676] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5676] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = 0 [pid 5675] <... futex resumed>) = 1 [pid 5676] open("./file0", O_RDONLY [pid 5675] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] <... open resumed>) = 4 [pid 5676] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5675] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5675] <... futex resumed>) = 0 [pid 5675] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5675] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5675] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5675] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5676] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} [pid 5676] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5693 attached [pid 5676] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] <... clone3 resumed> => {parent_tid=[5693]}, 88) = 5693 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5675] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5693] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5675] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5693] open(".", O_RDONLY) = 5 [pid 5693] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] <... futex resumed>) = 0 [pid 5693] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = 0 [pid 5675] <... futex resumed>) = 1 [pid 5676] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5675] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5676] <... ioctl resumed>) = 0 [pid 5676] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5675] exit_group(0 [pid 5676] <... futex resumed>) = ? [pid 5675] <... exit_group resumed>) = ? [pid 5693] <... futex resumed>) = ? [pid 5676] +++ exited with 0 +++ [pid 5693] +++ exited with 0 +++ [pid 5675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5675, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 5695 ./strace-static-x86_64: Process 5695 attached [pid 5695] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5695] chdir("./33") = 0 [pid 5695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5695] setpgid(0, 0) = 0 [pid 5695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5695] write(3, "1000", 4) = 4 [pid 5695] close(3) = 0 [pid 5695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5695] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5695] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5696 attached [pid 5696] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5695] <... clone3 resumed> => {parent_tid=[5696]}, 88) = 5696 [pid 5696] set_robust_list(0x7f665501d9a0, 24 [pid 5695] rt_sigprocmask(SIG_SETMASK, [], [pid 5696] <... set_robust_list resumed>) = 0 [pid 5695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5696] rt_sigprocmask(SIG_SETMASK, [], [pid 5695] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5695] <... futex resumed>) = 0 [pid 5696] memfd_create("syzkaller", 0 [pid 5695] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5696] <... memfd_create resumed>) = 3 [pid 5696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5696] munmap(0x7f664ca00000, 138412032) = 0 [pid 5696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5696] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5696] close(3) = 0 [pid 5696] close(4) = 0 [pid 5696] mkdir("./file0", 0777) = 0 [ 128.004471][ T5696] loop0: detected capacity change from 0 to 32768 [ 128.034477][ T5696] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5696) [pid 5696] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5696] chdir("./file0") = 0 [pid 5696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5696] ioctl(4, LOOP_CLR_FD) = 0 [pid 5696] close(4) = 0 [pid 5696] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] <... futex resumed>) = 0 [pid 5695] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5696] <... futex resumed>) = 0 [pid 5696] open("./file0", O_RDONLY) = 4 [pid 5695] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] <... futex resumed>) = 0 [pid 5696] <... futex resumed>) = 1 [pid 5695] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5695] <... futex resumed>) = 0 [pid 5695] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5695] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5695] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5714 attached => {parent_tid=[5714]}, 88) = 5714 [pid 5714] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5696] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5714] <... rseq resumed>) = 0 [pid 5696] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] rt_sigprocmask(SIG_SETMASK, [], [pid 5714] set_robust_list(0x7f6654ffc9a0, 24 [pid 5695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5696] <... futex resumed>) = 0 [pid 5696] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] <... set_robust_list resumed>) = 0 [pid 5695] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] rt_sigprocmask(SIG_SETMASK, [], [pid 5695] <... futex resumed>) = 0 [pid 5714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5695] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5714] open(".", O_RDONLY) = 5 [pid 5714] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5714] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = 0 [pid 5696] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5695] <... futex resumed>) = 1 [pid 5695] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5696] <... ioctl resumed>) = 0 [pid 5696] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] exit_group(0) = ? [pid 5714] <... futex resumed>) = ? [pid 5696] <... futex resumed>) = ? [pid 5696] +++ exited with 0 +++ [pid 5714] +++ exited with 0 +++ [pid 5695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5695, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5716 attached , child_tidptr=0x5555555e8690) = 5716 [pid 5716] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5716] chdir("./34") = 0 [pid 5716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5716] setpgid(0, 0) = 0 [pid 5716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5716] write(3, "1000", 4) = 4 [pid 5716] close(3) = 0 [pid 5716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5716] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5716] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5718 attached => {parent_tid=[5718]}, 88) = 5718 [pid 5718] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5718] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5718] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5716] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5718] <... futex resumed>) = 0 [pid 5718] memfd_create("syzkaller", 0) = 3 [pid 5718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5718] munmap(0x7f664ca00000, 138412032) = 0 [pid 5718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5718] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5718] close(3) = 0 [pid 5718] close(4) = 0 [pid 5718] mkdir("./file0", 0777) = 0 [ 128.972748][ T5718] loop0: detected capacity change from 0 to 32768 [ 129.012266][ T5718] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5718) [pid 5718] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5718] chdir("./file0") = 0 [pid 5718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5718] ioctl(4, LOOP_CLR_FD) = 0 [pid 5718] close(4) = 0 [pid 5718] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] <... futex resumed>) = 0 [pid 5718] open("./file0", O_RDONLY) = 4 [pid 5718] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5718] <... futex resumed>) = 1 [pid 5718] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5716] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5716] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5716] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5735 attached => {parent_tid=[5735]}, 88) = 5735 [pid 5735] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5716] rt_sigprocmask(SIG_SETMASK, [], [pid 5735] <... rseq resumed>) = 0 [pid 5735] set_robust_list(0x7f6654ffc9a0, 24 [pid 5716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5735] <... set_robust_list resumed>) = 0 [pid 5735] rt_sigprocmask(SIG_SETMASK, [], [pid 5716] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5735] open(".", O_RDONLY [pid 5716] <... futex resumed>) = 0 [pid 5716] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5735] <... open resumed>) = 5 [pid 5735] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5716] <... futex resumed>) = 0 [pid 5735] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = 0 [pid 5716] <... futex resumed>) = 1 [pid 5735] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5716] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5718] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5718] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] <... ioctl resumed>) = 0 [pid 5735] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] exit_group(0 [pid 5735] <... futex resumed>) = 0 [pid 5716] <... exit_group resumed>) = ? [pid 5718] <... futex resumed>) = ? [pid 5735] +++ exited with 0 +++ [pid 5718] +++ exited with 0 +++ [pid 5716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5716, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5736 attached [pid 5736] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 5736 [pid 5736] chdir("./35") = 0 [pid 5736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5736] setpgid(0, 0) = 0 [pid 5736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5736] write(3, "1000", 4) = 4 [pid 5736] close(3) = 0 [pid 5736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5736] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5736] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5737 attached [pid 5737] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5736] <... clone3 resumed> => {parent_tid=[5737]}, 88) = 5737 [pid 5737] <... rseq resumed>) = 0 [pid 5736] rt_sigprocmask(SIG_SETMASK, [], [pid 5737] set_robust_list(0x7f665501d9a0, 24 [pid 5736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5737] <... set_robust_list resumed>) = 0 [pid 5736] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5736] <... futex resumed>) = 0 [pid 5737] memfd_create("syzkaller", 0 [pid 5736] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5737] <... memfd_create resumed>) = 3 [pid 5737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5737] munmap(0x7f664ca00000, 138412032) = 0 [pid 5737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5737] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5737] close(3) = 0 [pid 5737] close(4) = 0 [pid 5737] mkdir("./file0", 0777) = 0 [ 129.893940][ T5737] loop0: detected capacity change from 0 to 32768 [ 129.918260][ T5737] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5737) [pid 5737] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [ 129.944503][ T5737] _btrfs_printk: 178 callbacks suppressed [ 129.944524][ T5737] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 129.961628][ T5737] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 129.970935][ T5737] BTRFS info (device loop0): using free-space-tree [pid 5737] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5737] chdir("./file0") = 0 [pid 5737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5737] ioctl(4, LOOP_CLR_FD) = 0 [pid 5737] close(4) = 0 [pid 5737] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] <... futex resumed>) = 0 [pid 5737] open("./file0", O_RDONLY [pid 5736] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... open resumed>) = 4 [pid 5736] <... futex resumed>) = 0 [pid 5736] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5736] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5737] <... futex resumed>) = 0 [pid 5736] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 130.077024][ T5737] BTRFS info (device loop0): balance: start -f -s [ 130.084249][ T5737] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 130.092142][ T5737] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 130.100532][ T5737] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 130.114298][ T5737] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5737] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5736] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5736] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5736] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5754 attached => {parent_tid=[5754]}, 88) = 5754 [pid 5754] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5754] <... rseq resumed>) = 0 [pid 5736] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5736] <... futex resumed>) = 0 [pid 5754] rt_sigprocmask(SIG_SETMASK, [], [pid 5736] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5754] open(".", O_RDONLY) = 5 [ 130.123181][ T5737] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 130.130879][ T5737] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 130.138917][ T5737] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 130.146821][ T5737] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 130.164832][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5754] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5754] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5736] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.174099][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 130.189630][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 130.198894][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 130.206729][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 130.214455][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 130.222353][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 130.231487][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1765376 free, is full [ 130.240615][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=16384, may_use=1433600, readonly=0 zone_unusable=0 [ 130.254746][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 130.263536][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 5736] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 130.271197][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 130.278841][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 130.286672][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5754] <... ioctl resumed>) = 0 [pid 5754] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.369342][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 130.378507][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 130.393531][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 130.402565][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 130.410304][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 130.417949][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 130.425944][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 130.434542][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 130.443643][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 130.459010][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 130.467830][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 130.475537][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 130.483352][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 130.491238][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 130.504953][ T2435] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 130.513420][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 130.522518][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 130.536274][ T2435] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 130.543947][ T5737] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 130.553079][ T5737] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 130.567212][ T5737] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 130.576133][ T5737] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 130.583890][ T5737] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 130.591596][ T5737] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 130.599436][ T5737] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 130.607968][ T5737] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5754] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5737] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5737] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] exit_group(0) = ? [pid 5754] <... futex resumed>) = ? [pid 5737] +++ exited with 0 +++ [pid 5754] +++ exited with 0 +++ [pid 5736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5736, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=51 /* 0.51 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 130.637761][ T5737] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 [ 130.701997][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 5755 ./strace-static-x86_64: Process 5755 attached [pid 5755] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5755] chdir("./36") = 0 [pid 5755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5755] setpgid(0, 0) = 0 [pid 5755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5755] write(3, "1000", 4) = 4 [pid 5755] close(3) = 0 [pid 5755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5755] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5755] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5755] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5756 attached [pid 5756] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5755] <... clone3 resumed> => {parent_tid=[5756]}, 88) = 5756 [pid 5756] <... rseq resumed>) = 0 [pid 5755] rt_sigprocmask(SIG_SETMASK, [], [pid 5756] set_robust_list(0x7f665501d9a0, 24 [pid 5755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5755] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5756] <... set_robust_list resumed>) = 0 [pid 5756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5756] memfd_create("syzkaller", 0) = 3 [pid 5756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5756] munmap(0x7f664ca00000, 138412032) = 0 [pid 5756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5756] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5756] close(3) = 0 [pid 5756] close(4) = 0 [pid 5756] mkdir("./file0", 0777) = 0 [ 131.135711][ T5756] loop0: detected capacity change from 0 to 32768 [ 131.174809][ T5756] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5756) [ 131.204789][ T5756] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 131.215846][ T5756] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 131.225422][ T5756] BTRFS info (device loop0): using free-space-tree [pid 5756] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5756] chdir("./file0") = 0 [pid 5756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5756] ioctl(4, LOOP_CLR_FD) = 0 [pid 5756] close(4) = 0 [pid 5756] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5756] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] <... futex resumed>) = 0 [pid 5755] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... futex resumed>) = 0 [pid 5755] <... futex resumed>) = 1 [pid 5756] open("./file0", O_RDONLY [pid 5755] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5756] <... open resumed>) = 4 [pid 5756] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5756] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5755] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 131.351233][ T5756] BTRFS info (device loop0): balance: start -f -s [ 131.357910][ T5756] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 131.365007][ T5756] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 131.373309][ T5756] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 131.387192][ T5756] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5755] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5755] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5755] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[5773]}, 88) = 5773 [pid 5755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5755] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5773 attached [pid 5773] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5773] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5773] open(".", O_RDONLY) = 5 [pid 5773] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5773] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5755] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 131.396020][ T5756] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 131.403714][ T5756] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 131.411412][ T5756] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 131.419271][ T5756] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 131.482075][ T3065] BTRFS info (device loop0): left=0, need=98304, flags=5 [ 131.489693][ T3065] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 131.498610][ T3065] BTRFS info (device loop0): space_info total=12451840, used=4096, pinned=0, reserved=8253440, may_use=0, readonly=4194304 zone_unusable=0 [ 131.513133][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 131.522048][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 5773] <... ioctl resumed>) = 0 [pid 5773] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 131.529733][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 131.537475][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 131.545350][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 131.555590][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 131.564807][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 131.579110][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 131.588275][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 131.596394][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 131.604427][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 131.612330][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 131.620970][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 131.630440][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 131.644468][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 131.653303][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 131.661005][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 131.668675][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 131.676571][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 131.690694][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 131.699766][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 131.713757][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 131.722573][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 131.730298][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 131.737966][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 131.745945][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 131.754603][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 131.763736][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [pid 5773] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5756] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] exit_group(0 [pid 5773] <... futex resumed>) = ? [pid 5755] <... exit_group resumed>) = ? [pid 5773] +++ exited with 0 +++ [ 131.777728][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 131.786636][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 131.794360][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5756] +++ exited with 0 +++ [pid 5755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5755, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5774 attached , child_tidptr=0x5555555e8690) = 5774 [pid 5774] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5774] chdir("./37") = 0 [pid 5774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5774] setpgid(0, 0) = 0 [pid 5774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5774] write(3, "1000", 4) = 4 [pid 5774] close(3) = 0 [pid 5774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5774] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5774] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5775 attached [pid 5775] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5774] <... clone3 resumed> => {parent_tid=[5775]}, 88) = 5775 [pid 5775] <... rseq resumed>) = 0 [pid 5775] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5775] rt_sigprocmask(SIG_SETMASK, [], [pid 5774] rt_sigprocmask(SIG_SETMASK, [], [pid 5775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5775] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5774] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] <... futex resumed>) = 0 [pid 5774] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5775] memfd_create("syzkaller", 0) = 3 [pid 5775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5775] munmap(0x7f664ca00000, 138412032) = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5775] close(3) = 0 [pid 5775] close(4) = 0 [pid 5775] mkdir("./file0", 0777) = 0 [ 132.343727][ T5775] loop0: detected capacity change from 0 to 32768 [ 132.380547][ T5775] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5775) [pid 5775] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5775] chdir("./file0") = 0 [pid 5775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5775] ioctl(4, LOOP_CLR_FD) = 0 [pid 5775] close(4) = 0 [pid 5775] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... futex resumed>) = 0 [pid 5774] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] <... futex resumed>) = 0 [pid 5775] open("./file0", O_RDONLY [pid 5774] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... open resumed>) = 4 [pid 5775] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5775] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5775] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5774] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5774] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5774] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5792 attached [pid 5775] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5792] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5775] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... clone3 resumed> => {parent_tid=[5792]}, 88) = 5792 [pid 5792] <... rseq resumed>) = 0 [pid 5775] <... futex resumed>) = 0 [pid 5774] rt_sigprocmask(SIG_SETMASK, [], [pid 5792] set_robust_list(0x7f6654ffc9a0, 24 [pid 5775] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] <... set_robust_list resumed>) = 0 [pid 5774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5774] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] open(".", O_RDONLY [pid 5774] <... futex resumed>) = 0 [pid 5792] <... open resumed>) = 5 [pid 5774] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5792] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5774] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... futex resumed>) = 0 [pid 5774] <... futex resumed>) = 1 [pid 5775] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5774] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5775] <... ioctl resumed>) = 0 [pid 5775] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] exit_group(0 [pid 5775] <... futex resumed>) = 231 [pid 5792] <... futex resumed>) = ? [pid 5775] +++ exited with 0 +++ [pid 5774] <... exit_group resumed>) = ? [pid 5792] +++ exited with 0 +++ [pid 5774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5774, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5793 attached , child_tidptr=0x5555555e8690) = 5793 [pid 5793] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5793] chdir("./38") = 0 [pid 5793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5793] setpgid(0, 0) = 0 [pid 5793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5793] write(3, "1000", 4) = 4 [pid 5793] close(3) = 0 [pid 5793] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5793] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5793] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5793] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5793] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5794 attached [pid 5794] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5793] <... clone3 resumed> => {parent_tid=[5794]}, 88) = 5794 [pid 5794] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5793] rt_sigprocmask(SIG_SETMASK, [], [pid 5794] rt_sigprocmask(SIG_SETMASK, [], [pid 5793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5793] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] memfd_create("syzkaller", 0 [pid 5793] <... futex resumed>) = 0 [pid 5793] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5794] <... memfd_create resumed>) = 3 [pid 5794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5794] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5794] munmap(0x7f664ca00000, 138412032) = 0 [pid 5794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5794] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5794] close(3) = 0 [pid 5794] close(4) = 0 [pid 5794] mkdir("./file0", 0777) = 0 [ 133.178160][ T5794] loop0: detected capacity change from 0 to 32768 [ 133.205420][ T5794] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5794) [pid 5794] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5794] chdir("./file0") = 0 [pid 5794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5794] ioctl(4, LOOP_CLR_FD) = 0 [pid 5794] close(4) = 0 [pid 5794] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5793] <... futex resumed>) = 0 [pid 5794] open("./file0", O_RDONLY [pid 5793] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... open resumed>) = 4 [pid 5793] <... futex resumed>) = 0 [pid 5793] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5794] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5793] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 1 [pid 5793] <... futex resumed>) = 0 [pid 5793] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5794] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5793] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5793] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5793] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 5794] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5794] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... mprotect resumed>) = 0 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5811 attached [pid 5811] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5793] <... clone3 resumed> => {parent_tid=[5811]}, 88) = 5811 [pid 5811] <... rseq resumed>) = 0 [pid 5793] rt_sigprocmask(SIG_SETMASK, [], [pid 5811] set_robust_list(0x7f6654ffc9a0, 24 [pid 5793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5811] <... set_robust_list resumed>) = 0 [pid 5793] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5793] <... futex resumed>) = 0 [pid 5811] open(".", O_RDONLY [pid 5793] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... open resumed>) = 5 [pid 5811] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5811] <... futex resumed>) = 1 [pid 5793] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] <... futex resumed>) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5794] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5793] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5794] <... ioctl resumed>) = 0 [pid 5794] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] exit_group(0 [pid 5794] <... futex resumed>) = ? [pid 5793] <... exit_group resumed>) = ? [pid 5811] <... futex resumed>) = ? [pid 5794] +++ exited with 0 +++ [pid 5811] +++ exited with 0 +++ [pid 5793] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5793, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5812 attached , child_tidptr=0x5555555e8690) = 5812 [pid 5812] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5812] chdir("./39") = 0 [pid 5812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5812] setpgid(0, 0) = 0 [pid 5812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5812] write(3, "1000", 4) = 4 [pid 5812] close(3) = 0 [pid 5812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5812] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5812] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5812] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5813 attached [pid 5813] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5812] <... clone3 resumed> => {parent_tid=[5813]}, 88) = 5813 [pid 5813] <... rseq resumed>) = 0 [pid 5812] rt_sigprocmask(SIG_SETMASK, [], [pid 5813] set_robust_list(0x7f665501d9a0, 24 [pid 5812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5813] <... set_robust_list resumed>) = 0 [pid 5812] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] rt_sigprocmask(SIG_SETMASK, [], [pid 5812] <... futex resumed>) = 0 [pid 5813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5812] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5813] memfd_create("syzkaller", 0) = 3 [pid 5813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5813] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5813] munmap(0x7f664ca00000, 138412032) = 0 [pid 5813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5813] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5813] close(3) = 0 [pid 5813] close(4) = 0 [pid 5813] mkdir("./file0", 0777) = 0 [ 134.107425][ T5813] loop0: detected capacity change from 0 to 32768 [ 134.137006][ T5813] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5813) [pid 5813] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5813] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5813] chdir("./file0") = 0 [pid 5813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5813] ioctl(4, LOOP_CLR_FD) = 0 [pid 5813] close(4) = 0 [pid 5813] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5812] <... futex resumed>) = 0 [pid 5813] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5812] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5813] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5812] <... futex resumed>) = 0 [pid 5812] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5813] open("./file0", O_RDONLY) = 4 [pid 5813] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] <... futex resumed>) = 0 [pid 5813] <... futex resumed>) = 1 [pid 5812] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5812] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5812] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5812] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5830 attached => {parent_tid=[5830]}, 88) = 5830 [pid 5812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5830] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5830] set_robust_list(0x7f6654ffc9a0, 24 [pid 5812] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... set_robust_list resumed>) = 0 [pid 5812] <... futex resumed>) = 0 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5830] open(".", O_RDONLY) = 5 [pid 5812] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5812] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = 0 [pid 5812] <... futex resumed>) = 0 [pid 5830] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5812] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5830] <... ioctl resumed>) = 0 [pid 5813] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5830] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] exit_group(0) = ? [pid 5830] +++ exited with 0 +++ [pid 5813] <... futex resumed>) = ? [pid 5813] +++ exited with 0 +++ [pid 5812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5812, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached , child_tidptr=0x5555555e8690) = 5831 [pid 5831] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5831] chdir("./40") = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5831] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5831] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5832 attached [pid 5832] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5831] <... clone3 resumed> => {parent_tid=[5832]}, 88) = 5832 [pid 5832] set_robust_list(0x7f665501d9a0, 24 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... set_robust_list resumed>) = 0 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] memfd_create("syzkaller", 0 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... memfd_create resumed>) = 3 [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5832] munmap(0x7f664ca00000, 138412032) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5832] close(3) = 0 [pid 5832] close(4) = 0 [pid 5832] mkdir("./file0", 0777) = 0 [ 134.992204][ T5832] loop0: detected capacity change from 0 to 32768 [ 135.008886][ T5832] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5832) [ 135.026456][ T5832] _btrfs_printk: 178 callbacks suppressed [ 135.026484][ T5832] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 135.044654][ T5832] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 135.053950][ T5832] BTRFS info (device loop0): using free-space-tree [pid 5832] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] chdir("./file0") = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5832] ioctl(4, LOOP_CLR_FD) = 0 [pid 5832] close(4) = 0 [pid 5832] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5831] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] open("./file0", O_RDONLY) = 4 [pid 5832] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = 1 [pid 5832] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5831] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5831] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [ 135.237524][ T5832] BTRFS info (device loop0): balance: start -f -s [ 135.244397][ T5832] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 135.251555][ T5832] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 135.259886][ T5832] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 135.273639][ T5832] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5831] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5849 attached [pid 5849] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5831] <... clone3 resumed> => {parent_tid=[5849]}, 88) = 5849 [pid 5849] <... rseq resumed>) = 0 [pid 5849] set_robust_list(0x7f6654ffc9a0, 24 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] <... set_robust_list resumed>) = 0 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... futex resumed>) = 0 [pid 5849] open(".", O_RDONLY [pid 5831] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] <... open resumed>) = 5 [ 135.282466][ T5832] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 135.290150][ T5832] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 135.297815][ T5832] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 135.305716][ T5832] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 135.324668][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5849] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5849] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = 1 [pid 5849] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 135.333797][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 135.347794][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 135.356631][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 135.364729][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 135.372562][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [pid 5831] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 135.380423][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 135.389109][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 135.398244][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 135.412231][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 135.421067][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 135.428709][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 135.436376][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 135.444273][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5849] <... ioctl resumed>) = 0 [pid 5849] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 135.527924][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 135.537363][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 135.551363][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 135.560197][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 135.567869][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 135.575585][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 135.583450][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 135.592116][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 135.601306][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 135.615294][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 135.624107][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 135.631792][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 135.639456][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 135.647343][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 135.660654][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 135.669025][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 135.678197][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 135.692070][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 135.699645][ T5832] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 135.708744][ T5832] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 135.722652][ T5832] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 135.731495][ T5832] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 135.739172][ T5832] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 135.746966][ T5832] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 135.754835][ T5832] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 135.763226][ T5832] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5849] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5832] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] exit_group(0 [pid 5849] <... futex resumed>) = ? [pid 5849] +++ exited with 0 +++ [pid 5831] <... exit_group resumed>) = ? [pid 5832] <... futex resumed>) = ? [pid 5832] +++ exited with 0 +++ [pid 5831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=47 /* 0.47 s */} --- [ 135.792824][ T5832] BTRFS info (device loop0): balance: ended with status: 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 [ 135.900663][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached , child_tidptr=0x5555555e8690) = 5850 [pid 5850] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5850] chdir("./41") = 0 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] setpgid(0, 0) = 0 [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5850] write(3, "1000", 4) = 4 [pid 5850] close(3) = 0 [pid 5850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5850] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5850] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5850] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5850] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5850] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5850] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5851 attached [pid 5851] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5850] <... clone3 resumed> => {parent_tid=[5851]}, 88) = 5851 [pid 5851] set_robust_list(0x7f665501d9a0, 24 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] <... set_robust_list resumed>) = 0 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] memfd_create("syzkaller", 0 [pid 5850] <... futex resumed>) = 0 [pid 5851] <... memfd_create resumed>) = 3 [pid 5850] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5851] munmap(0x7f664ca00000, 138412032) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5851] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5851] close(3) = 0 [pid 5851] close(4) = 0 [pid 5851] mkdir("./file0", 0777) = 0 [ 136.325135][ T5851] loop0: detected capacity change from 0 to 32768 [ 136.373285][ T5851] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5851) [ 136.399475][ T5851] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 136.409790][ T5851] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 136.419561][ T5851] BTRFS info (device loop0): using free-space-tree [pid 5851] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5851] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5851] chdir("./file0") = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5851] ioctl(4, LOOP_CLR_FD) = 0 [pid 5851] close(4) = 0 [pid 5851] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5850] <... futex resumed>) = 0 [pid 5850] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] open("./file0", O_RDONLY [pid 5850] <... futex resumed>) = 0 [pid 5851] <... open resumed>) = 4 [pid 5851] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5850] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5850] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... futex resumed>) = 0 [pid 5850] <... futex resumed>) = 1 [pid 5851] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 136.578114][ T5851] BTRFS info (device loop0): balance: start -f -s [ 136.584902][ T5851] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 136.592693][ T5851] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 136.601417][ T5851] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 136.615234][ T5851] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5850] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5850] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5850] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5850] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5850] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[5869]}, 88) = 5869 ./strace-static-x86_64: Process 5869 attached [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] set_robust_list(0x7f6654ffc9a0, 24 [pid 5850] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5850] <... futex resumed>) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 136.624151][ T5851] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 136.631951][ T5851] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 136.639671][ T5851] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 136.647562][ T5851] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [pid 5869] open(".", O_RDONLY) = 5 [pid 5869] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5850] <... futex resumed>) = 0 [pid 5869] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5850] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.672811][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 136.682121][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 136.696163][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 136.706306][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 136.714068][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5850] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5850] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 136.721858][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 136.729715][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 136.777536][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1761280 free, is full [ 136.787576][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=20480, may_use=1433600, readonly=0 zone_unusable=0 [ 136.802044][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 136.810923][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 136.818777][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 136.826482][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 136.834575][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5869] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.922187][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 136.931297][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 136.945277][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 136.954191][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 136.961884][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 136.969640][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 136.977502][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 136.986077][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 136.995177][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 137.009158][ T42] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 137.018030][ T42] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 137.025776][ T42] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 137.033494][ T42] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 137.041380][ T42] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 137.055576][ T42] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [pid 5869] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5850] exit_group(0 [pid 5869] <... futex resumed>) = ? [pid 5869] +++ exited with 0 +++ [pid 5850] <... exit_group resumed>) = ? [pid 5851] <... ioctl resumed> ) = ? [ 137.064160][ T42] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 137.073261][ T42] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 137.086979][ T42] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 137.094712][ T5851] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 137.103945][ T5851] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 5851] +++ exited with 0 +++ [pid 5850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=0, si_stime=43 /* 0.43 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached , child_tidptr=0x5555555e8690) = 5870 [pid 5870] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5870] chdir("./42") = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] setpgid(0, 0) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5870] write(3, "1000", 4) = 4 [pid 5870] close(3) = 0 [pid 5870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5870] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5870] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5870] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5870] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5871 attached [pid 5871] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5870] <... clone3 resumed> => {parent_tid=[5871]}, 88) = 5871 [pid 5871] set_robust_list(0x7f665501d9a0, 24 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... set_robust_list resumed>) = 0 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] memfd_create("syzkaller", 0 [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] <... memfd_create resumed>) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5871] munmap(0x7f664ca00000, 138412032) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] close(3) = 0 [pid 5871] close(4) = 0 [pid 5871] mkdir("./file0", 0777) = 0 [ 137.697605][ T5871] loop0: detected capacity change from 0 to 32768 [ 137.724276][ T5871] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5871) [pid 5871] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] chdir("./file0") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_CLR_FD) = 0 [pid 5871] close(4) = 0 [pid 5871] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... futex resumed>) = 0 [pid 5871] open("./file0", O_RDONLY [pid 5870] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... open resumed>) = 4 [pid 5871] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5870] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5870] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5870] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] <... futex resumed>) = 0 [pid 5870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} [pid 5871] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5888 attached [pid 5888] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5870] <... clone3 resumed> => {parent_tid=[5888]}, 88) = 5888 [pid 5888] <... rseq resumed>) = 0 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], [pid 5888] set_robust_list(0x7f6654ffc9a0, 24 [pid 5870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] <... set_robust_list resumed>) = 0 [pid 5870] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... futex resumed>) = 0 [pid 5888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] open(".", O_RDONLY) = 5 [pid 5888] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5870] <... futex resumed>) = 1 [pid 5871] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5870] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5870] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5871] <... ioctl resumed>) = 0 [pid 5871] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] exit_group(0) = ? [pid 5888] <... futex resumed>) = ? [pid 5871] +++ exited with 0 +++ [pid 5888] +++ exited with 0 +++ [pid 5870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5889 attached [pid 5889] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 5889 [pid 5889] <... set_robust_list resumed>) = 0 [pid 5889] chdir("./43") = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5889] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5889] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5890 attached [pid 5890] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5889] <... clone3 resumed> => {parent_tid=[5890]}, 88) = 5890 [pid 5890] set_robust_list(0x7f665501d9a0, 24 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] <... set_robust_list resumed>) = 0 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] memfd_create("syzkaller", 0 [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5890] <... memfd_create resumed>) = 3 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5890] munmap(0x7f664ca00000, 138412032) = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5890] close(3) = 0 [pid 5890] close(4) = 0 [pid 5890] mkdir("./file0", 0777) = 0 [ 138.583609][ T5890] loop0: detected capacity change from 0 to 32768 [ 138.608249][ T5890] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5890) [pid 5890] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5890] chdir("./file0") = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5890] ioctl(4, LOOP_CLR_FD) = 0 [pid 5890] close(4) = 0 [pid 5890] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5890] open("./file0", O_RDONLY [pid 5889] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... open resumed>) = 4 [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5890] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5889] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5889] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5890] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5890] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] <... mprotect resumed>) = 0 [pid 5889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5907 attached [pid 5907] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5889] <... clone3 resumed> => {parent_tid=[5907]}, 88) = 5907 [pid 5907] <... rseq resumed>) = 0 [pid 5907] set_robust_list(0x7f6654ffc9a0, 24 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] <... set_robust_list resumed>) = 0 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5907] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5889] <... futex resumed>) = 1 [pid 5907] open(".", O_RDONLY [pid 5889] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... open resumed>) = 5 [pid 5907] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5907] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] <... futex resumed>) = 0 [pid 5890] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5889] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5890] <... ioctl resumed>) = 0 [pid 5890] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] exit_group(0 [pid 5890] <... futex resumed>) = ? [pid 5889] <... exit_group resumed>) = ? [pid 5890] +++ exited with 0 +++ [pid 5907] <... futex resumed>) = ? [pid 5907] +++ exited with 0 +++ [pid 5889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5908 attached , child_tidptr=0x5555555e8690) = 5908 [pid 5908] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5908] chdir("./44") = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5908] setpgid(0, 0) = 0 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5908] write(3, "1000", 4) = 4 [pid 5908] close(3) = 0 [pid 5908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5908] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5908] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5908] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5909 attached [pid 5909] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5908] <... clone3 resumed> => {parent_tid=[5909]}, 88) = 5909 [pid 5909] set_robust_list(0x7f665501d9a0, 24 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] <... set_robust_list resumed>) = 0 [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5908] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] <... futex resumed>) = 0 [pid 5909] memfd_create("syzkaller", 0 [pid 5908] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5909] <... memfd_create resumed>) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5909] munmap(0x7f664ca00000, 138412032) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5909] close(3) = 0 [pid 5909] close(4) = 0 [pid 5909] mkdir("./file0", 0777) = 0 [ 139.466739][ T5909] loop0: detected capacity change from 0 to 32768 [ 139.493522][ T5909] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5909) [pid 5909] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./file0") = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5909] ioctl(4, LOOP_CLR_FD) = 0 [pid 5909] close(4) = 0 [pid 5909] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] open("./file0", O_RDONLY [pid 5908] <... futex resumed>) = 0 [pid 5909] <... open resumed>) = 4 [pid 5908] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5909] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5908] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5908] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5908] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 5909] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5908] <... mprotect resumed>) = 0 [pid 5909] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5926 attached => {parent_tid=[5926]}, 88) = 5926 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5908] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5926] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5926] open(".", O_RDONLY) = 5 [pid 5926] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5926] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... futex resumed>) = 0 [pid 5909] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5908] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5909] <... ioctl resumed>) = 0 [pid 5909] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] exit_group(0) = ? [pid 5926] <... futex resumed>) = ? [pid 5909] <... futex resumed>) = ? [pid 5926] +++ exited with 0 +++ [pid 5909] +++ exited with 0 +++ [pid 5908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5927 attached , child_tidptr=0x5555555e8690) = 5927 [pid 5927] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5927] chdir("./45") = 0 [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5927] setpgid(0, 0) = 0 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5927] write(3, "1000", 4) = 4 [pid 5927] close(3) = 0 [pid 5927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5927] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5927] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5927] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5928 attached => {parent_tid=[5928]}, 88) = 5928 [pid 5928] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5928] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], [pid 5927] rt_sigprocmask(SIG_SETMASK, [], [pid 5928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5927] <... futex resumed>) = 0 [pid 5928] memfd_create("syzkaller", 0 [pid 5927] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5928] <... memfd_create resumed>) = 3 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5928] munmap(0x7f664ca00000, 138412032) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5928] close(3) = 0 [pid 5928] close(4) = 0 [pid 5928] mkdir("./file0", 0777) = 0 [ 140.447341][ T5928] loop0: detected capacity change from 0 to 32768 [ 140.486439][ T5928] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5928) [ 140.509866][ T5928] _btrfs_printk: 170 callbacks suppressed [ 140.509885][ T5928] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 140.527534][ T5928] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 140.536633][ T5928] BTRFS info (device loop0): using free-space-tree [pid 5928] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5928] chdir("./file0") = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5928] ioctl(4, LOOP_CLR_FD) = 0 [pid 5928] close(4) = 0 [pid 5928] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... futex resumed>) = 0 [pid 5928] open("./file0", O_RDONLY) = 4 [pid 5927] <... futex resumed>) = 1 [pid 5927] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5927] <... futex resumed>) = 0 [ 140.625532][ T5928] BTRFS info (device loop0): balance: start -f -s [ 140.632536][ T5928] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 140.641335][ T5928] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 140.649690][ T5928] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 140.663489][ T5928] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5927] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5927] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5927] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5927] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 140.672350][ T5928] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 140.680089][ T5928] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 140.687767][ T5928] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 140.695774][ T5928] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 140.714973][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5927] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[5945]}, 88) = 5945 ./strace-static-x86_64: Process 5945 attached [pid 5927] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] <... rseq resumed>) = 0 [pid 5945] set_robust_list(0x7f6654ffc9a0, 24 [pid 5927] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5927] <... futex resumed>) = 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], [pid 5927] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] open(".", O_RDONLY) = 5 [pid 5945] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = 0 [pid 5927] <... futex resumed>) = 1 [pid 5945] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 140.724913][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 140.742108][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 140.751012][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 140.759345][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 140.767100][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 140.776669][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 140.785731][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 140.795062][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 140.809170][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 140.818015][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 5927] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 140.825710][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 140.833431][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 140.841272][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5945] <... ioctl resumed>) = 0 [pid 5945] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 140.927166][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 140.936283][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 140.950272][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 140.959180][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 140.967309][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 140.975042][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 140.982916][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 140.991566][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 141.000661][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 141.015517][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 141.024369][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 141.032106][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 141.039773][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 141.047651][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 141.061544][ T2435] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 141.070100][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 141.079174][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 141.092882][ T2435] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 141.100497][ T5928] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 141.109561][ T5928] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 141.123334][ T5928] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 141.132141][ T5928] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 141.139789][ T5928] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 141.147464][ T5928] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 141.155396][ T5928] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 141.163827][ T5928] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5945] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5928] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] exit_group(0 [pid 5928] <... futex resumed>) = ? [pid 5927] <... exit_group resumed>) = ? [pid 5928] +++ exited with 0 +++ [pid 5945] <... futex resumed>) = ? [pid 5945] +++ exited with 0 +++ [pid 5927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 141.193090][ T5928] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 141.280153][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5946 attached , child_tidptr=0x5555555e8690) = 5946 [pid 5946] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5946] chdir("./46") = 0 [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5946] setpgid(0, 0) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5946] write(3, "1000", 4) = 4 [pid 5946] close(3) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5946] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5946] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5946] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5947 attached [pid 5947] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 5946] <... clone3 resumed> => {parent_tid=[5947]}, 88) = 5947 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5946] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... rseq resumed>) = 0 [pid 5947] set_robust_list(0x7f665501d9a0, 24 [pid 5946] <... futex resumed>) = 0 [pid 5947] <... set_robust_list resumed>) = 0 [pid 5946] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5947] memfd_create("syzkaller", 0) = 3 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5947] munmap(0x7f664ca00000, 138412032) = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5947] close(3) = 0 [pid 5947] close(4) = 0 [pid 5947] mkdir("./file0", 0777) = 0 [ 141.747663][ T5947] loop0: detected capacity change from 0 to 32768 [ 141.784457][ T5947] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5947) [ 141.803948][ T5947] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 141.814541][ T5947] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 141.823437][ T5947] BTRFS info (device loop0): using free-space-tree [pid 5947] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5947] chdir("./file0") = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5947] ioctl(4, LOOP_CLR_FD) = 0 [pid 5947] close(4) = 0 [pid 5947] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5947] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] <... futex resumed>) = 0 [pid 5947] open("./file0", O_RDONLY [pid 5946] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... open resumed>) = 4 [pid 5947] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = 0 [pid 5946] <... futex resumed>) = 1 [pid 5947] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 141.990738][ T5947] BTRFS info (device loop0): balance: start -f -s [ 141.997660][ T5947] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 142.005500][ T5947] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 142.014449][ T5947] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 142.028513][ T5947] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5946] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5946] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5946] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5965 attached [ 142.037577][ T5947] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 142.045303][ T5947] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 142.053032][ T5947] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 142.060944][ T5947] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 142.084970][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 142.094500][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 142.108559][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 142.117439][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 142.125246][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 142.132988][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 => {parent_tid=[5965]}, 88) = 5965 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5946] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 142.140895][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 142.149618][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 142.158866][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 142.173440][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 142.182912][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 5946] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 5965] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5965] open(".", O_RDONLY) = 5 [pid 5965] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 142.191292][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 142.201159][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 142.211015][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5965] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5946] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 142.253528][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 135168 free, is full [ 142.263318][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1642496, may_use=1437696, readonly=0 zone_unusable=0 [ 142.277888][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 142.286935][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 142.295119][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 142.302795][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 142.310845][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 142.321271][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 142.330420][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 142.344448][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 142.353293][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 142.361007][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 142.368684][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 142.376584][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 5965] <... ioctl resumed>) = 0 [pid 5965] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 142.380002][ T28] audit: type=1400 audit(1705351704.170:93): avc: denied { rename } for pid=4482 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 142.407602][ T28] audit: type=1400 audit(1705351704.170:94): avc: denied { unlink } for pid=4482 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 142.412262][ T2435] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 142.432763][ T28] audit: type=1400 audit(1705351704.170:95): avc: denied { create } for pid=4482 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 142.438447][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 142.468105][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 142.481841][ T2435] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 142.489477][ T5947] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 5965] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5947] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] exit_group(0 [pid 5965] <... futex resumed>) = ? [pid 5947] <... futex resumed>) = ? [pid 5946] <... exit_group resumed>) = ? [pid 5965] +++ exited with 0 +++ [pid 5947] +++ exited with 0 +++ [ 142.498748][ T5947] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 5946] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5966 attached , child_tidptr=0x5555555e8690) = 5966 [pid 5966] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5966] chdir("./47") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5966] write(3, "1000", 4) = 4 [pid 5966] close(3) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5966] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5966] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5967 attached [pid 5967] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5966] <... clone3 resumed> => {parent_tid=[5967]}, 88) = 5967 [pid 5967] set_robust_list(0x7f665501d9a0, 24 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] <... set_robust_list resumed>) = 0 [pid 5966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5966] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] memfd_create("syzkaller", 0 [pid 5966] <... futex resumed>) = 0 [pid 5967] <... memfd_create resumed>) = 3 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5966] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5967] munmap(0x7f664ca00000, 138412032) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5967] close(3) = 0 [pid 5967] close(4) = 0 [pid 5967] mkdir("./file0", 0777) = 0 [ 143.077164][ T5967] loop0: detected capacity change from 0 to 32768 [ 143.102152][ T5967] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5967) [pid 5967] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5967] chdir("./file0") = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5967] ioctl(4, LOOP_CLR_FD) = 0 [pid 5967] close(4) = 0 [pid 5967] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 1 [pid 5967] open("./file0", O_RDONLY) = 4 [pid 5966] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] <... futex resumed>) = 1 [pid 5966] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5966] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5966] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5966] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5967] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5966] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5967] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5967] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 5984 attached [pid 5984] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 5966] <... clone3 resumed> => {parent_tid=[5984]}, 88) = 5984 [pid 5984] <... rseq resumed>) = 0 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] set_robust_list(0x7f6654ffc9a0, 24 [pid 5966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5984] <... set_robust_list resumed>) = 0 [pid 5966] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] <... futex resumed>) = 0 [pid 5984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5984] open(".", O_RDONLY) = 5 [pid 5984] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5984] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 0 [pid 5967] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5966] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5967] <... ioctl resumed>) = 0 [pid 5967] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] exit_group(0 [pid 5984] <... futex resumed>) = ? [pid 5967] <... futex resumed>) = ? [pid 5966] <... exit_group resumed>) = ? [pid 5967] +++ exited with 0 +++ [pid 5984] +++ exited with 0 +++ [pid 5966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5985 attached , child_tidptr=0x5555555e8690) = 5985 [pid 5985] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5985] chdir("./48") = 0 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5985] setpgid(0, 0) = 0 [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5985] write(3, "1000", 4) = 4 [pid 5985] close(3) = 0 [pid 5985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5985] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 5985] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 5985] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 5986 attached [pid 5986] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 5985] <... clone3 resumed> => {parent_tid=[5986]}, 88) = 5986 [pid 5986] set_robust_list(0x7f665501d9a0, 24 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], [pid 5986] <... set_robust_list resumed>) = 0 [pid 5985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5986] rt_sigprocmask(SIG_SETMASK, [], [pid 5985] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] <... futex resumed>) = 0 [pid 5986] memfd_create("syzkaller", 0 [pid 5985] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5986] <... memfd_create resumed>) = 3 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 5986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5986] munmap(0x7f664ca00000, 138412032) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5986] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5986] close(3) = 0 [pid 5986] close(4) = 0 [pid 5986] mkdir("./file0", 0777) = 0 [ 144.009291][ T5986] loop0: detected capacity change from 0 to 32768 [ 144.048329][ T5986] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (5986) [pid 5986] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5986] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5986] chdir("./file0") = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5986] ioctl(4, LOOP_CLR_FD) = 0 [pid 5986] close(4) = 0 [pid 5986] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5986] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5985] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] open("./file0", O_RDONLY) = 4 [pid 5986] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = 0 [pid 5986] <... futex resumed>) = 1 [pid 5985] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5985] <... futex resumed>) = 0 [pid 5985] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5985] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 5985] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6003 attached [pid 6003] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6003] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], [pid 5986] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5985] <... clone3 resumed> => {parent_tid=[6003]}, 88) = 6003 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], [pid 6003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5986] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6003] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... futex resumed>) = 0 [pid 6003] open(".", O_RDONLY) = 5 [pid 5985] <... futex resumed>) = 1 [pid 5985] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6003] <... futex resumed>) = 0 [pid 5985] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... futex resumed>) = 0 [pid 5985] <... futex resumed>) = 1 [pid 5986] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 5985] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5986] <... ioctl resumed>) = 0 [pid 5986] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] exit_group(0 [pid 6003] <... futex resumed>) = ? [pid 5986] <... futex resumed>) = ? [pid 6003] +++ exited with 0 +++ [pid 5986] +++ exited with 0 +++ [pid 5985] <... exit_group resumed>) = ? [pid 5985] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 6004 ./strace-static-x86_64: Process 6004 attached [pid 6004] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6004] chdir("./49") = 0 [pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6004] setpgid(0, 0) = 0 [pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6004] write(3, "1000", 4) = 4 [pid 6004] close(3) = 0 [pid 6004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6004] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6004] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6004] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6005 attached [pid 6005] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6004] <... clone3 resumed> => {parent_tid=[6005]}, 88) = 6005 [pid 6005] <... rseq resumed>) = 0 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] set_robust_list(0x7f665501d9a0, 24 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6005] <... set_robust_list resumed>) = 0 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6004] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6005] memfd_create("syzkaller", 0) = 3 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6005] munmap(0x7f664ca00000, 138412032) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6005] close(3) = 0 [pid 6005] close(4) = 0 [pid 6005] mkdir("./file0", 0777) = 0 [ 144.946061][ T6005] loop0: detected capacity change from 0 to 32768 [ 144.972185][ T6005] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6005) [pid 6005] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6005] chdir("./file0") = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_CLR_FD) = 0 [pid 6005] close(4) = 0 [pid 6005] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6005] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6004] <... futex resumed>) = 0 [pid 6005] open("./file0", O_RDONLY [pid 6004] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... open resumed>) = 4 [pid 6005] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6004] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6004] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6004] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 6005] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6004] <... mprotect resumed>) = 0 [pid 6005] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6005] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6022 attached [pid 6022] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6004] <... clone3 resumed> => {parent_tid=[6022]}, 88) = 6022 [pid 6022] set_robust_list(0x7f6654ffc9a0, 24 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6022] <... set_robust_list resumed>) = 0 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6022] rt_sigprocmask(SIG_SETMASK, [], [pid 6004] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6022] open(".", O_RDONLY [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] <... open resumed>) = 5 [pid 6022] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6004] <... futex resumed>) = 1 [pid 6005] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6004] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6005] <... ioctl resumed>) = 0 [pid 6005] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] exit_group(0 [pid 6022] <... futex resumed>) = ? [pid 6005] <... futex resumed>) = ? [pid 6004] <... exit_group resumed>) = ? [pid 6022] +++ exited with 0 +++ [pid 6005] +++ exited with 0 +++ [pid 6004] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6004, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6023 attached , child_tidptr=0x5555555e8690) = 6023 [pid 6023] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6023] chdir("./50") = 0 [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] setpgid(0, 0) = 0 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6023] write(3, "1000", 4) = 4 [pid 6023] close(3) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6023] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6023] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6023] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0} => {parent_tid=[6024]}, 88) = 6024 ./strace-static-x86_64: Process 6024 attached [pid 6023] rt_sigprocmask(SIG_SETMASK, [], [pid 6024] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6024] <... rseq resumed>) = 0 [pid 6023] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] set_robust_list(0x7f665501d9a0, 24 [pid 6023] <... futex resumed>) = 0 [pid 6024] <... set_robust_list resumed>) = 0 [pid 6023] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6024] munmap(0x7f664ca00000, 138412032) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6024] close(3) = 0 [pid 6024] close(4) = 0 [pid 6024] mkdir("./file0", 0777) = 0 [ 145.806182][ T6024] loop0: detected capacity change from 0 to 32768 [ 145.823680][ T6024] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6024) [ 145.840417][ T6024] _btrfs_printk: 170 callbacks suppressed [ 145.840438][ T6024] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 145.856435][ T6024] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 145.865202][ T6024] BTRFS info (device loop0): using free-space-tree [pid 6024] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6024] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("./file0") = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_CLR_FD) = 0 [pid 6024] close(4) = 0 [pid 6024] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6023] <... futex resumed>) = 0 [pid 6024] open("./file0", O_RDONLY [pid 6023] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... open resumed>) = 4 [pid 6024] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6024] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6023] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 146.022101][ T6024] BTRFS info (device loop0): balance: start -f -s [ 146.028739][ T6024] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 146.035863][ T6024] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 146.044245][ T6024] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 146.057887][ T6024] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6024] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6023] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6023] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6023] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[6041]}, 88) = 6041 ./strace-static-x86_64: Process 6041 attached [pid 6023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6041] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6023] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 146.066995][ T6024] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 146.074690][ T6024] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 146.082380][ T6024] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 146.090255][ T6024] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 146.108188][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6023] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... rseq resumed>) = 0 [pid 6041] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6041] open(".", O_RDONLY) = 5 [pid 6023] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6023] futex(0x7f66550ed6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 146.117735][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 146.131748][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 146.140632][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 146.148306][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 146.156007][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 146.163928][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [pid 6041] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... mmap resumed>) = 0x7f6654fbb000 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] mprotect(0x7f6654fbc000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654fdb990, parent_tid=0x7f6654fdb990, exit_signal=0, stack=0x7f6654fbb000, stack_size=0x20300, tls=0x7f6654fdb6c0} => {parent_tid=[6042]}, 88) = 6042 ./strace-static-x86_64: Process 6042 attached [pid 6023] rt_sigprocmask(SIG_SETMASK, [], [pid 6042] rseq(0x7f6654fdbfe0, 0x20, 0, 0x53053053) = 0 [pid 6023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6042] set_robust_list(0x7f6654fdb9a0, 24 [pid 6023] futex(0x7f66550ed6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... set_robust_list resumed>) = 0 [pid 6023] <... futex resumed>) = 0 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6023] futex(0x7f66550ed6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 146.172696][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 146.181842][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 146.195841][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 146.204685][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 146.212394][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 146.220097][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 146.227943][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 146.256731][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 286720 free, is full [pid 6042] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6023] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 146.265809][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1490944, may_use=1437696, readonly=0 zone_unusable=0 [ 146.280054][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 146.288855][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 146.296517][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 146.304181][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 146.312028][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 146.320886][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 146.330178][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 146.344135][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 146.353031][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 146.360861][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 146.368506][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 146.376344][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6042] <... ioctl resumed>) = 0 [pid 6042] futex(0x7f66550ed6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 146.448530][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 146.457056][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 146.466807][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 146.481000][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 146.489366][ T6024] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 146.498595][ T6024] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 146.512302][ T6024] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 146.521119][ T6024] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 146.528766][ T6024] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 146.536460][ T6024] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [pid 6042] futex(0x7f66550ed6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6024] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] exit_group(0 [pid 6041] <... futex resumed>) = ? [pid 6041] +++ exited with 0 +++ [pid 6024] <... futex resumed>) = ? [pid 6023] <... exit_group resumed>) = ? [pid 6024] +++ exited with 0 +++ [pid 6042] <... futex resumed>) = ? [pid 6042] +++ exited with 0 +++ [pid 6023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=53 /* 0.53 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 146.544320][ T6024] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 146.553097][ T6024] BTRFS info (device loop0): relocating block group 1048576 flags system [ 146.583368][ T6024] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6043 attached , child_tidptr=0x5555555e8690) = 6043 [pid 6043] set_robust_list(0x5555555e86a0, 24) = 0 [ 146.666174][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [pid 6043] chdir("./51") = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6043] setpgid(0, 0) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6043] write(3, "1000", 4) = 4 [pid 6043] close(3) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6043] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6043] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6044 attached [pid 6044] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6043] <... clone3 resumed> => {parent_tid=[6044]}, 88) = 6044 [pid 6044] set_robust_list(0x7f665501d9a0, 24 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], [pid 6044] <... set_robust_list resumed>) = 0 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 6043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6043] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] memfd_create("syzkaller", 0 [pid 6043] <... futex resumed>) = 0 [pid 6044] <... memfd_create resumed>) = 3 [pid 6043] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6044] munmap(0x7f664ca00000, 138412032) = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6044] close(3) = 0 [pid 6044] close(4) = 0 [pid 6044] mkdir("./file0", 0777) = 0 [ 147.012815][ T6044] loop0: detected capacity change from 0 to 32768 [ 147.039536][ T6044] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6044) [ 147.064784][ T6044] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 147.075465][ T6044] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 147.085006][ T6044] BTRFS info (device loop0): using free-space-tree [pid 6044] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6044] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6044] chdir("./file0") = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6044] ioctl(4, LOOP_CLR_FD) = 0 [pid 6044] close(4) = 0 [pid 6044] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6044] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6044] open("./file0", O_RDONLY [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... open resumed>) = 4 [pid 6044] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = 0 [pid 6044] <... futex resumed>) = 1 [pid 6043] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 147.246050][ T6044] BTRFS info (device loop0): balance: start -f -s [ 147.253117][ T6044] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 147.261301][ T6044] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 147.269619][ T6044] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 147.283366][ T6044] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6043] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6043] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6043] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[6062]}, 88) = 6062 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6043] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6062 attached [pid 6062] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6062] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6062] open(".", O_RDONLY) = 5 [pid 6062] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6062] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6043] <... futex resumed>) = 1 [pid 6062] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 147.292376][ T6044] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 147.300104][ T6044] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 147.308908][ T6044] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 147.316835][ T6044] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [pid 6043] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 147.387939][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1736704 free, is full [ 147.397150][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=40960, may_use=1437696, readonly=0 zone_unusable=0 [ 147.411666][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 147.420537][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 147.428227][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 147.435976][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 147.443871][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 147.452971][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 274432 free, is full [ 147.462023][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1507328, may_use=1433600, readonly=0 zone_unusable=0 [ 147.476290][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 147.485132][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 147.493015][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 147.500689][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 147.508506][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6062] <... ioctl resumed>) = 0 [pid 6062] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 147.581370][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 147.590648][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 147.604639][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 147.613477][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 147.621178][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 147.628945][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 147.636819][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 147.645389][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 147.654502][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 147.669598][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 147.678454][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 147.686159][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 147.693886][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 147.701787][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 147.715428][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [pid 6062] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [ 147.723861][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 147.733017][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 147.746727][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 147.754445][ T6044] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 147.763552][ T6044] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 6044] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] exit_group(0 [pid 6062] <... futex resumed>) = ? [pid 6044] <... futex resumed>) = ? [pid 6043] <... exit_group resumed>) = ? [pid 6062] +++ exited with 0 +++ [pid 6044] +++ exited with 0 +++ [pid 6043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=38 /* 0.38 s */} --- umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6063 attached , child_tidptr=0x5555555e8690) = 6063 [pid 6063] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6063] chdir("./52") = 0 [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6063] setpgid(0, 0) = 0 [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6063] write(3, "1000", 4) = 4 [pid 6063] close(3) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6063] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6063] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6064 attached [pid 6064] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6063] <... clone3 resumed> => {parent_tid=[6064]}, 88) = 6064 [pid 6064] set_robust_list(0x7f665501d9a0, 24 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], [pid 6064] <... set_robust_list resumed>) = 0 [pid 6063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6063] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] memfd_create("syzkaller", 0 [pid 6063] <... futex resumed>) = 0 [pid 6064] <... memfd_create resumed>) = 3 [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6063] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6064] munmap(0x7f664ca00000, 138412032) = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6064] close(3) = 0 [pid 6064] close(4) = 0 [pid 6064] mkdir("./file0", 0777) = 0 [ 148.290392][ T6064] loop0: detected capacity change from 0 to 32768 [ 148.318324][ T6064] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6064) [pid 6064] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6064] chdir("./file0") = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6064] ioctl(4, LOOP_CLR_FD) = 0 [pid 6064] close(4) = 0 [pid 6064] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6063] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] open("./file0", O_RDONLY [pid 6063] <... futex resumed>) = 0 [pid 6064] <... open resumed>) = 4 [pid 6063] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 0 [pid 6063] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] <... futex resumed>) = 1 [pid 6064] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6063] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6063] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6063] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6081 attached [pid 6081] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6081] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], [pid 6063] <... clone3 resumed> => {parent_tid=[6081]}, 88) = 6081 [pid 6081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], [pid 6081] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6063] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] open(".", O_RDONLY [pid 6063] <... futex resumed>) = 0 [pid 6063] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6081] <... open resumed>) = 5 [pid 6081] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6081] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6063] <... futex resumed>) = 0 [pid 6081] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6063] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6064] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6081] <... ioctl resumed>) = 0 [pid 6081] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] exit_group(0 [pid 6081] <... futex resumed>) = ? [pid 6064] <... futex resumed>) = ? [pid 6081] +++ exited with 0 +++ [pid 6064] +++ exited with 0 +++ [pid 6063] <... exit_group resumed>) = ? [pid 6063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6082 attached , child_tidptr=0x5555555e8690) = 6082 [pid 6082] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6082] chdir("./53") = 0 [pid 6082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6082] setpgid(0, 0) = 0 [pid 6082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6082] write(3, "1000", 4) = 4 [pid 6082] close(3) = 0 [pid 6082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6082] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6082] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6083 attached => {parent_tid=[6083]}, 88) = 6083 [pid 6083] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6083] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6083] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6082] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = 1 [pid 6083] memfd_create("syzkaller", 0 [pid 6082] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6083] <... memfd_create resumed>) = 3 [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6083] munmap(0x7f664ca00000, 138412032) = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6083] close(3) = 0 [pid 6083] close(4) = 0 [pid 6083] mkdir("./file0", 0777) = 0 [ 149.093962][ T6083] loop0: detected capacity change from 0 to 32768 [ 149.119157][ T6083] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6083) [pid 6083] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6083] chdir("./file0") = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6083] ioctl(4, LOOP_CLR_FD) = 0 [pid 6083] close(4) = 0 [pid 6083] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] open("./file0", O_RDONLY [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... open resumed>) = 4 [pid 6083] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] <... futex resumed>) = 0 [pid 6082] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] <... futex resumed>) = 0 [pid 6082] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6082] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6083] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6083] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = 0 [pid 6083] open(".", O_RDONLY [pid 6082] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... open resumed>) = 5 [pid 6083] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6083] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6082] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6082] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6083] <... ioctl resumed>) = 0 [pid 6083] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] exit_group(0 [pid 6083] <... futex resumed>) = ? [pid 6082] <... exit_group resumed>) = ? [pid 6083] +++ exited with 0 +++ [pid 6082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6082, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6100 attached , child_tidptr=0x5555555e8690) = 6100 [pid 6100] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6100] chdir("./54") = 0 [pid 6100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6100] setpgid(0, 0) = 0 [pid 6100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6100] write(3, "1000", 4) = 4 [pid 6100] close(3) = 0 [pid 6100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6100] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6100] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6101 attached [pid 6101] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6100] <... clone3 resumed> => {parent_tid=[6101]}, 88) = 6101 [pid 6101] set_robust_list(0x7f665501d9a0, 24 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], [pid 6101] <... set_robust_list resumed>) = 0 [pid 6100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], [pid 6100] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] memfd_create("syzkaller", 0 [pid 6100] <... futex resumed>) = 0 [pid 6100] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6101] <... memfd_create resumed>) = 3 [pid 6101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6101] munmap(0x7f664ca00000, 138412032) = 0 [pid 6101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6101] close(3) = 0 [pid 6101] close(4) = 0 [pid 6101] mkdir("./file0", 0777) = 0 [ 150.031110][ T6101] loop0: detected capacity change from 0 to 32768 [ 150.060228][ T6101] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6101) [pid 6101] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6101] chdir("./file0") = 0 [pid 6101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6101] ioctl(4, LOOP_CLR_FD) = 0 [pid 6101] close(4) = 0 [pid 6101] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6100] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] open("./file0", O_RDONLY [pid 6100] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... open resumed>) = 4 [pid 6101] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6100] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6100] <... futex resumed>) = 0 [pid 6100] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6100] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6101] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6100] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 6101] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] <... mprotect resumed>) = 0 [pid 6100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6118 attached [pid 6118] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6118] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6100] <... clone3 resumed> => {parent_tid=[6118]}, 88) = 6118 [pid 6118] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6100] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = 0 [pid 6100] <... futex resumed>) = 1 [pid 6118] open(".", O_RDONLY [pid 6100] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... open resumed>) = 5 [pid 6118] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6118] <... futex resumed>) = 1 [pid 6100] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6101] <... futex resumed>) = 0 [pid 6100] <... futex resumed>) = 1 [pid 6101] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6100] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6101] <... ioctl resumed>) = 0 [pid 6101] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] exit_group(0 [pid 6101] <... futex resumed>) = 0 [pid 6101] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6118] <... futex resumed>) = ? [pid 6101] <... futex resumed>) = ? [pid 6100] <... exit_group resumed>) = ? [pid 6118] +++ exited with 0 +++ [pid 6101] +++ exited with 0 +++ [pid 6100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6100, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6119 attached , child_tidptr=0x5555555e8690) = 6119 [pid 6119] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6119] chdir("./55") = 0 [pid 6119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6119] setpgid(0, 0) = 0 [pid 6119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6119] write(3, "1000", 4) = 4 [pid 6119] close(3) = 0 [pid 6119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6119] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6119] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6120 attached [pid 6120] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6119] <... clone3 resumed> => {parent_tid=[6120]}, 88) = 6120 [pid 6120] set_robust_list(0x7f665501d9a0, 24 [pid 6119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6120] <... set_robust_list resumed>) = 0 [pid 6119] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6120] memfd_create("syzkaller", 0) = 3 [pid 6120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6120] munmap(0x7f664ca00000, 138412032) = 0 [pid 6120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6120] close(3) = 0 [pid 6120] close(4) = 0 [pid 6120] mkdir("./file0", 0777) = 0 [ 150.930956][ T6120] loop0: detected capacity change from 0 to 32768 [ 150.967277][ T6120] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6120) [pid 6120] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 150.999970][ T6120] _btrfs_printk: 170 callbacks suppressed [ 150.999992][ T6120] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 151.016601][ T6120] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 151.028184][ T6120] BTRFS info (device loop0): using free-space-tree [pid 6120] chdir("./file0") = 0 [pid 6120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6120] ioctl(4, LOOP_CLR_FD) = 0 [pid 6120] close(4) = 0 [pid 6120] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6119] <... futex resumed>) = 1 [pid 6120] open("./file0", O_RDONLY) = 4 [pid 6119] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] <... futex resumed>) = 1 [pid 6119] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6119] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 151.134818][ T6120] BTRFS info (device loop0): balance: start -f -s [ 151.141826][ T6120] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 151.149263][ T6120] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 151.157717][ T6120] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 151.171486][ T6120] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6119] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 151.180305][ T6120] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 151.187963][ T6120] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 151.195718][ T6120] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 151.203695][ T6120] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 151.221954][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6137 attached [pid 6137] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6119] <... clone3 resumed> => {parent_tid=[6137]}, 88) = 6137 [pid 6137] <... rseq resumed>) = 0 [pid 6119] rt_sigprocmask(SIG_SETMASK, [], [pid 6137] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6137] rt_sigprocmask(SIG_SETMASK, [], [pid 6119] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6119] <... futex resumed>) = 0 [pid 6137] open(".", O_RDONLY) = 5 [pid 6119] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 151.231598][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 151.246033][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 151.255800][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 151.263509][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 151.271482][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 151.280081][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 151.289221][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 151.298443][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 151.312452][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 151.321285][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 6137] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 151.328968][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 151.336669][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 151.344496][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6137] <... ioctl resumed>) = 0 [pid 6137] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 151.427804][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 151.436947][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 151.452324][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 151.461191][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 151.468878][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 151.476577][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 151.484465][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 151.493139][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 151.502235][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 151.516689][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 151.525914][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 151.534057][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 151.541927][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 151.549758][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 151.563380][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 151.571855][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 151.580963][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 151.594693][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 151.602340][ T6120] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 151.611447][ T6120] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 151.625152][ T6120] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 151.634058][ T6120] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 151.641749][ T6120] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 151.649395][ T6120] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 151.657281][ T6120] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 151.665575][ T6120] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6137] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6120] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] exit_group(0) = ? [pid 6120] +++ exited with 0 +++ [pid 6137] <... futex resumed>) = ? [pid 6137] +++ exited with 0 +++ [pid 6119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6119, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=45 /* 0.45 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 [ 151.694436][ T6120] BTRFS info (device loop0): balance: ended with status: 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 151.773264][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6138 attached , child_tidptr=0x5555555e8690) = 6138 [pid 6138] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6138] chdir("./56") = 0 [pid 6138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6138] setpgid(0, 0) = 0 [pid 6138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6138] write(3, "1000", 4) = 4 [pid 6138] close(3) = 0 [pid 6138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6138] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6138] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6139 attached [pid 6139] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6139] set_robust_list(0x7f665501d9a0, 24 [pid 6138] <... clone3 resumed> => {parent_tid=[6139]}, 88) = 6139 [pid 6139] <... set_robust_list resumed>) = 0 [pid 6138] rt_sigprocmask(SIG_SETMASK, [], [pid 6139] rt_sigprocmask(SIG_SETMASK, [], [pid 6138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6138] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] memfd_create("syzkaller", 0 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6139] <... memfd_create resumed>) = 3 [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6139] munmap(0x7f664ca00000, 138412032) = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6139] close(3) = 0 [pid 6139] close(4) = 0 [pid 6139] mkdir("./file0", 0777) = 0 [ 152.216886][ T6139] loop0: detected capacity change from 0 to 32768 [ 152.247682][ T6139] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6139) [pid 6139] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6139] chdir("./file0") = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6139] ioctl(4, LOOP_CLR_FD) = 0 [ 152.279234][ T6139] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 152.289768][ T6139] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 152.298521][ T6139] BTRFS info (device loop0): using free-space-tree [pid 6139] close(4) = 0 [pid 6139] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] open("./file0", O_RDONLY [pid 6138] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... open resumed>) = 4 [pid 6139] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6138] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 152.391094][ T6139] BTRFS info (device loop0): balance: start -f -s [ 152.398110][ T6139] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 152.405687][ T6139] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 152.414053][ T6139] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 152.427727][ T6139] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6138] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6138] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6138] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6156 attached [pid 6156] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6138] <... clone3 resumed> => {parent_tid=[6156]}, 88) = 6156 [pid 6156] <... rseq resumed>) = 0 [pid 6138] rt_sigprocmask(SIG_SETMASK, [], [pid 6156] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], [pid 6138] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6156] open(".", O_RDONLY [pid 6138] <... futex resumed>) = 0 [pid 6156] <... open resumed>) = 5 [pid 6138] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [ 152.436642][ T6139] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 152.444530][ T6139] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 152.452559][ T6139] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 152.460454][ T6139] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 152.479881][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6138] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 152.489497][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 152.503650][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 152.512874][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 152.520623][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 152.528301][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [pid 6156] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6138] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 152.536194][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 152.545211][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1761280 free, is full [ 152.554601][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=20480, may_use=1433600, readonly=0 zone_unusable=0 [ 152.568661][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 152.577455][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 152.585146][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 152.592959][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 152.600927][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6156] <... ioctl resumed>) = 0 [pid 6156] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 152.684087][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 152.693257][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 152.707246][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 152.716126][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 152.723846][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 152.731549][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 152.739367][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 152.748030][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 152.757127][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 152.771076][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 152.779875][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 152.787578][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 152.795273][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 152.803138][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 152.816927][ T2435] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 152.825509][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 152.834655][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 152.848351][ T2435] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 152.855972][ T6139] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 152.865069][ T6139] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 6156] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6139] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6139] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] exit_group(0 [pid 6139] <... futex resumed>) = ? [pid 6138] <... exit_group resumed>) = ? [pid 6156] <... futex resumed>) = ? [pid 6139] +++ exited with 0 +++ [pid 6156] +++ exited with 0 +++ [pid 6138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6138, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6157 attached , child_tidptr=0x5555555e8690) = 6157 [pid 6157] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6157] chdir("./57") = 0 [pid 6157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6157] setpgid(0, 0) = 0 [pid 6157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6157] write(3, "1000", 4) = 4 [pid 6157] close(3) = 0 [pid 6157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6157] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6157] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6158 attached [pid 6158] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6157] <... clone3 resumed> => {parent_tid=[6158]}, 88) = 6158 [pid 6158] set_robust_list(0x7f665501d9a0, 24 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], [pid 6158] <... set_robust_list resumed>) = 0 [pid 6157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6158] rt_sigprocmask(SIG_SETMASK, [], [pid 6157] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6157] <... futex resumed>) = 0 [pid 6158] memfd_create("syzkaller", 0 [pid 6157] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6158] <... memfd_create resumed>) = 3 [pid 6158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6158] munmap(0x7f664ca00000, 138412032) = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6158] close(3) = 0 [pid 6158] close(4) = 0 [pid 6158] mkdir("./file0", 0777) = 0 [ 153.408427][ T6158] loop0: detected capacity change from 0 to 32768 [ 153.441252][ T6158] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6158) [pid 6158] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6158] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6158] chdir("./file0") = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6158] ioctl(4, LOOP_CLR_FD) = 0 [pid 6158] close(4) = 0 [pid 6158] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] open("./file0", O_RDONLY [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... open resumed>) = 4 [pid 6158] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6158] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6157] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6157] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6157] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6157] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6158] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6157] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} [pid 6158] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6175 attached [pid 6158] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6175] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6157] <... clone3 resumed> => {parent_tid=[6175]}, 88) = 6175 [pid 6175] <... rseq resumed>) = 0 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], [pid 6175] set_robust_list(0x7f6654ffc9a0, 24 [pid 6157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6175] <... set_robust_list resumed>) = 0 [pid 6157] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] rt_sigprocmask(SIG_SETMASK, [], [pid 6157] <... futex resumed>) = 0 [pid 6175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6157] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] open(".", O_RDONLY) = 5 [pid 6175] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6175] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 6157] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6157] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6158] <... ioctl resumed>) = 0 [pid 6158] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] exit_group(0) = ? [pid 6175] <... futex resumed>) = ? [pid 6158] <... futex resumed>) = ? [pid 6158] +++ exited with 0 +++ [pid 6175] +++ exited with 0 +++ [pid 6157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6157, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6176 attached , child_tidptr=0x5555555e8690) = 6176 [pid 6176] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6176] chdir("./58") = 0 [pid 6176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6176] setpgid(0, 0) = 0 [pid 6176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6176] write(3, "1000", 4) = 4 [pid 6176] close(3) = 0 [pid 6176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6176] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6176] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6177 attached [pid 6177] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6176] <... clone3 resumed> => {parent_tid=[6177]}, 88) = 6177 [pid 6177] set_robust_list(0x7f665501d9a0, 24 [pid 6176] rt_sigprocmask(SIG_SETMASK, [], [pid 6177] <... set_robust_list resumed>) = 0 [pid 6176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6177] rt_sigprocmask(SIG_SETMASK, [], [pid 6176] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6177] memfd_create("syzkaller", 0 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6177] <... memfd_create resumed>) = 3 [pid 6177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6177] munmap(0x7f664ca00000, 138412032) = 0 [pid 6177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6177] close(3) = 0 [pid 6177] close(4) = 0 [pid 6177] mkdir("./file0", 0777) = 0 [ 154.241433][ T6177] loop0: detected capacity change from 0 to 32768 [ 154.274971][ T6177] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6177) [pid 6177] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6177] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6177] chdir("./file0") = 0 [pid 6177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6177] ioctl(4, LOOP_CLR_FD) = 0 [pid 6177] close(4) = 0 [pid 6177] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] open("./file0", O_RDONLY) = 4 [pid 6177] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6177] <... futex resumed>) = 1 [pid 6176] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6176] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6176] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6194 attached => {parent_tid=[6194]}, 88) = 6194 [pid 6176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6176] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6194] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6194] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6194] open(".", O_RDONLY) = 5 [pid 6194] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6194] <... futex resumed>) = 1 [pid 6176] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6194] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6194] <... ioctl resumed>) = 0 [pid 6194] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6177] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] exit_group(0) = ? [pid 6194] <... futex resumed>) = ? [pid 6177] +++ exited with 0 +++ [pid 6194] +++ exited with 0 +++ [pid 6176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6176, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6195 attached , child_tidptr=0x5555555e8690) = 6195 [pid 6195] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6195] chdir("./59") = 0 [pid 6195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6195] setpgid(0, 0) = 0 [pid 6195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6195] write(3, "1000", 4) = 4 [pid 6195] close(3) = 0 [pid 6195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6195] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6195] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6196 attached => {parent_tid=[6196]}, 88) = 6196 [pid 6196] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6195] rt_sigprocmask(SIG_SETMASK, [], [pid 6196] <... rseq resumed>) = 0 [pid 6196] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6196] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6195] <... futex resumed>) = 0 [pid 6196] memfd_create("syzkaller", 0 [pid 6195] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6196] <... memfd_create resumed>) = 3 [pid 6196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6196] munmap(0x7f664ca00000, 138412032) = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6196] close(3) = 0 [pid 6196] close(4) = 0 [pid 6196] mkdir("./file0", 0777) = 0 [ 155.096513][ T6196] loop0: detected capacity change from 0 to 32768 [ 155.124329][ T6196] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6196) [pid 6196] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6196] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6196] chdir("./file0") = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6196] ioctl(4, LOOP_CLR_FD) = 0 [pid 6196] close(4) = 0 [pid 6196] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] open("./file0", O_RDONLY [pid 6195] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... open resumed>) = 4 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] <... futex resumed>) = 1 [pid 6195] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6195] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6195] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6196] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6195] <... mmap resumed>) = 0x7f6654fdc000 [pid 6196] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 6196] <... futex resumed>) = 0 [pid 6195] <... mprotect resumed>) = 0 [pid 6196] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6213 attached [pid 6213] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6213] set_robust_list(0x7f6654ffc9a0, 24 [pid 6195] <... clone3 resumed> => {parent_tid=[6213]}, 88) = 6213 [pid 6213] <... set_robust_list resumed>) = 0 [pid 6195] rt_sigprocmask(SIG_SETMASK, [], [pid 6213] rt_sigprocmask(SIG_SETMASK, [], [pid 6195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6195] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] open(".", O_RDONLY [pid 6195] <... futex resumed>) = 0 [pid 6213] <... open resumed>) = 5 [pid 6195] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6213] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6213] <... futex resumed>) = 1 [pid 6195] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6196] <... futex resumed>) = 0 [pid 6195] <... futex resumed>) = 1 [pid 6195] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6195] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6196] <... ioctl resumed>) = 0 [pid 6196] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] exit_group(0) = ? [pid 6213] <... futex resumed>) = ? [pid 6196] <... futex resumed>) = ? [pid 6213] +++ exited with 0 +++ [pid 6196] +++ exited with 0 +++ [pid 6195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6195, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 6214 ./strace-static-x86_64: Process 6214 attached [pid 6214] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6214] chdir("./60") = 0 [pid 6214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6214] setpgid(0, 0) = 0 [pid 6214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6214] write(3, "1000", 4) = 4 [pid 6214] close(3) = 0 [pid 6214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6214] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6214] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6215 attached [pid 6215] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6214] <... clone3 resumed> => {parent_tid=[6215]}, 88) = 6215 [pid 6215] set_robust_list(0x7f665501d9a0, 24 [pid 6214] rt_sigprocmask(SIG_SETMASK, [], [pid 6215] <... set_robust_list resumed>) = 0 [pid 6215] rt_sigprocmask(SIG_SETMASK, [], [pid 6214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6214] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] memfd_create("syzkaller", 0 [pid 6214] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6215] <... memfd_create resumed>) = 3 [pid 6215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6215] munmap(0x7f664ca00000, 138412032) = 0 [pid 6215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6215] close(3) = 0 [pid 6215] close(4) = 0 [pid 6215] mkdir("./file0", 0777) = 0 [ 155.994689][ T6215] loop0: detected capacity change from 0 to 32768 [ 156.020944][ T6215] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6215) [ 156.046961][ T6215] _btrfs_printk: 170 callbacks suppressed [ 156.046982][ T6215] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 156.063777][ T6215] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 156.072612][ T6215] BTRFS info (device loop0): using free-space-tree [pid 6215] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6215] chdir("./file0") = 0 [pid 6215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6215] ioctl(4, LOOP_CLR_FD) = 0 [pid 6215] close(4) = 0 [pid 6215] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6215] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6214] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6214] <... futex resumed>) = 0 [pid 6215] open("./file0", O_RDONLY [pid 6214] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] <... open resumed>) = 4 [pid 6215] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6215] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6214] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6214] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 156.211107][ T6215] BTRFS info (device loop0): balance: start -f -s [ 156.217720][ T6215] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 156.225174][ T6215] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 156.233693][ T6215] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 156.247754][ T6215] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6215] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6214] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6214] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6214] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6232 attached => {parent_tid=[6232]}, 88) = 6232 [pid 6232] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6214] rt_sigprocmask(SIG_SETMASK, [], [pid 6232] <... rseq resumed>) = 0 [pid 6214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6232] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6214] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] rt_sigprocmask(SIG_SETMASK, [], [pid 6214] <... futex resumed>) = 0 [pid 6232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6214] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] open(".", O_RDONLY) = 5 [ 156.256982][ T6215] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 156.264762][ T6215] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 156.272796][ T6215] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 156.280720][ T6215] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 156.299559][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6232] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6214] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 156.309432][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 156.324856][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 156.333738][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 156.341445][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 156.349118][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 156.357004][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 156.365680][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1761280 free, is full [ 156.374811][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=20480, may_use=1433600, readonly=0 zone_unusable=0 [ 156.388879][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 156.397691][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 6214] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 156.405363][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 156.413035][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 156.420878][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6232] <... ioctl resumed>) = 0 [pid 6232] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 156.504513][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 156.513697][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 156.528133][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 156.537002][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 156.544695][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 156.552407][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 156.560274][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 156.568934][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 156.578095][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 156.592437][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 156.601709][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 156.609359][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 156.617403][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 156.625307][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 156.638946][ T2422] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 156.647393][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 156.656537][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 156.670261][ T2422] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 156.677867][ T6215] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 156.686966][ T6215] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 156.700860][ T6215] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 156.709655][ T6215] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 156.717344][ T6215] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 156.725028][ T6215] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 156.732873][ T6215] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 156.741126][ T6215] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6232] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6215] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6215] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] exit_group(0 [pid 6232] <... futex resumed>) = ? [pid 6215] <... futex resumed>) = ? [pid 6214] <... exit_group resumed>) = ? [pid 6232] +++ exited with 0 +++ [pid 6215] +++ exited with 0 +++ [pid 6214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6214, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=51 /* 0.51 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 156.769773][ T6215] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 156.858928][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6233 attached , child_tidptr=0x5555555e8690) = 6233 [pid 6233] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6233] chdir("./61") = 0 [pid 6233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6233] setpgid(0, 0) = 0 [pid 6233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6233] write(3, "1000", 4) = 4 [pid 6233] close(3) = 0 [pid 6233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6233] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6233] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6234 attached => {parent_tid=[6234]}, 88) = 6234 [pid 6234] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6234] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6234] rt_sigprocmask(SIG_SETMASK, [], [pid 6233] rt_sigprocmask(SIG_SETMASK, [], [pid 6234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6234] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6234] memfd_create("syzkaller", 0) = 3 [pid 6234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6234] munmap(0x7f664ca00000, 138412032) = 0 [pid 6234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6234] close(3) = 0 [pid 6234] close(4) = 0 [pid 6234] mkdir("./file0", 0777) = 0 [ 157.317406][ T6234] loop0: detected capacity change from 0 to 32768 [ 157.345111][ T6234] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6234) [pid 6234] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 157.368230][ T6234] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 157.378967][ T6234] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 157.387946][ T6234] BTRFS info (device loop0): using free-space-tree [pid 6234] chdir("./file0") = 0 [pid 6234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6234] ioctl(4, LOOP_CLR_FD) = 0 [pid 6234] close(4) = 0 [pid 6234] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6234] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6234] <... futex resumed>) = 0 [pid 6233] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] open("./file0", O_RDONLY) = 4 [pid 6234] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6233] <... futex resumed>) = 0 [ 157.513303][ T6234] BTRFS info (device loop0): balance: start -f -s [ 157.520396][ T6234] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 157.527755][ T6234] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 157.536223][ T6234] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 157.549815][ T6234] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6233] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6233] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6233] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[6251]}, 88) = 6251 [pid 6233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6233] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6251 attached [pid 6251] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6251] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6251] open(".", O_RDONLY) = 5 [pid 6251] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 157.558642][ T6234] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 157.566343][ T6234] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 157.574039][ T6234] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 157.581895][ T6234] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [pid 6251] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6233] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 157.641082][ T3065] BTRFS info (device loop0): left=0, need=98304, flags=5 [ 157.648687][ T3065] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 157.657058][ T3065] BTRFS info (device loop0): space_info total=12451840, used=4096, pinned=0, reserved=8253440, may_use=0, readonly=4194304 zone_unusable=0 [ 157.671316][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 157.680484][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 6251] <... ioctl resumed>) = 0 [ 157.688208][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 157.695951][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 157.703870][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 157.713153][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 157.722346][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [pid 6251] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 157.736582][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 157.745574][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 157.753400][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 157.762186][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 157.770077][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 157.778708][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 157.788018][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 157.802078][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 157.810921][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 157.818602][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 157.826310][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 157.834207][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 157.848708][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 157.857833][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 157.871836][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 157.880658][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 157.888328][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 157.896031][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 157.903894][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 157.912646][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 157.921729][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [pid 6251] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] exit_group(0 [pid 6251] <... futex resumed>) = ? [pid 6251] +++ exited with 0 +++ [pid 6233] <... exit_group resumed>) = ? [pid 6234] <... ioctl resumed> ) = ? [ 157.935718][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 157.944540][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 157.952205][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 6234] +++ exited with 0 +++ [pid 6233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6233, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 6252 ./strace-static-x86_64: Process 6252 attached [pid 6252] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6252] chdir("./62") = 0 [pid 6252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6252] setpgid(0, 0) = 0 [pid 6252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6252] write(3, "1000", 4) = 4 [pid 6252] close(3) = 0 [pid 6252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6252] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6252] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6253 attached [pid 6253] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6252] <... clone3 resumed> => {parent_tid=[6253]}, 88) = 6253 [pid 6253] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6252] rt_sigprocmask(SIG_SETMASK, [], [pid 6253] rt_sigprocmask(SIG_SETMASK, [], [pid 6252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6252] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] memfd_create("syzkaller", 0 [pid 6252] <... futex resumed>) = 0 [pid 6253] <... memfd_create resumed>) = 3 [pid 6252] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6253] munmap(0x7f664ca00000, 138412032) = 0 [pid 6253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6253] close(3) = 0 [pid 6253] close(4) = 0 [pid 6253] mkdir("./file0", 0777) = 0 [ 158.441780][ T6253] loop0: detected capacity change from 0 to 32768 [pid 6253] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [ 158.484661][ T6253] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6253) [pid 6253] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6253] chdir("./file0") = 0 [pid 6253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6253] ioctl(4, LOOP_CLR_FD) = 0 [pid 6253] close(4) = 0 [pid 6253] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6253] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... futex resumed>) = 0 [pid 6253] open("./file0", O_RDONLY) = 4 [pid 6252] <... futex resumed>) = 1 [pid 6252] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... futex resumed>) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6253] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6252] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6252] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6252] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6270 attached [pid 6270] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6252] <... clone3 resumed> => {parent_tid=[6270]}, 88) = 6270 [pid 6252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6252] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6270] <... rseq resumed>) = 0 [pid 6270] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6270] open(".", O_RDONLY) = 5 [pid 6270] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6252] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6253] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6270] <... ioctl resumed>) = 0 [pid 6270] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] exit_group(0 [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6253] <... futex resumed>) = ? [pid 6252] <... exit_group resumed>) = ? [pid 6270] <... futex resumed>) = ? [pid 6253] +++ exited with 0 +++ [pid 6270] +++ exited with 0 +++ [pid 6252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6252, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6271 attached , child_tidptr=0x5555555e8690) = 6271 [pid 6271] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6271] chdir("./63") = 0 [pid 6271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6271] setpgid(0, 0) = 0 [pid 6271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6271] write(3, "1000", 4) = 4 [pid 6271] close(3) = 0 [pid 6271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6271] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6271] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6271] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6271] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6272 attached [pid 6272] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6271] <... clone3 resumed> => {parent_tid=[6272]}, 88) = 6272 [pid 6272] set_robust_list(0x7f665501d9a0, 24 [pid 6271] rt_sigprocmask(SIG_SETMASK, [], [pid 6272] <... set_robust_list resumed>) = 0 [pid 6271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6272] rt_sigprocmask(SIG_SETMASK, [], [pid 6271] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6271] <... futex resumed>) = 0 [pid 6272] memfd_create("syzkaller", 0 [pid 6271] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6272] <... memfd_create resumed>) = 3 [pid 6272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6272] munmap(0x7f664ca00000, 138412032) = 0 [pid 6272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6272] close(3) = 0 [pid 6272] close(4) = 0 [pid 6272] mkdir("./file0", 0777) = 0 [ 159.327975][ T6272] loop0: detected capacity change from 0 to 32768 [ 159.367283][ T6272] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6272) [pid 6272] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6272] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6272] chdir("./file0") = 0 [pid 6272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6272] ioctl(4, LOOP_CLR_FD) = 0 [pid 6272] close(4) = 0 [pid 6272] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6272] open("./file0", O_RDONLY [pid 6271] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... open resumed>) = 4 [pid 6271] <... futex resumed>) = 0 [pid 6272] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] <... futex resumed>) = 0 [pid 6271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6272] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6271] <... futex resumed>) = 0 [pid 6272] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6271] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6271] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6271] <... futex resumed>) = 0 [pid 6271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6272] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6271] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6289 attached [pid 6289] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6289] set_robust_list(0x7f6654ffc9a0, 24 [pid 6271] <... clone3 resumed> => {parent_tid=[6289]}, 88) = 6289 [pid 6289] <... set_robust_list resumed>) = 0 [pid 6271] rt_sigprocmask(SIG_SETMASK, [], [pid 6289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6289] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6271] <... futex resumed>) = 0 [pid 6289] open(".", O_RDONLY [pid 6271] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... open resumed>) = 5 [pid 6289] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] <... futex resumed>) = 0 [pid 6289] <... futex resumed>) = 1 [pid 6271] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6272] <... futex resumed>) = 0 [pid 6271] <... futex resumed>) = 1 [pid 6272] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6271] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6272] <... ioctl resumed>) = 0 [pid 6272] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] exit_group(0 [pid 6289] <... futex resumed>) = ? [pid 6272] <... futex resumed>) = ? [pid 6271] <... exit_group resumed>) = ? [pid 6289] +++ exited with 0 +++ [pid 6272] +++ exited with 0 +++ [pid 6271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6271, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6290 attached , child_tidptr=0x5555555e8690) = 6290 [pid 6290] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6290] chdir("./64") = 0 [pid 6290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6290] setpgid(0, 0) = 0 [pid 6290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6290] write(3, "1000", 4) = 4 [pid 6290] close(3) = 0 [pid 6290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6290] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6290] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6291 attached [pid 6291] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6290] <... clone3 resumed> => {parent_tid=[6291]}, 88) = 6291 [pid 6291] set_robust_list(0x7f665501d9a0, 24 [pid 6290] rt_sigprocmask(SIG_SETMASK, [], [pid 6291] <... set_robust_list resumed>) = 0 [pid 6290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6291] rt_sigprocmask(SIG_SETMASK, [], [pid 6290] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6291] memfd_create("syzkaller", 0 [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6291] <... memfd_create resumed>) = 3 [pid 6291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6291] munmap(0x7f664ca00000, 138412032) = 0 [pid 6291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6291] close(3) = 0 [pid 6291] close(4) = 0 [pid 6291] mkdir("./file0", 0777) = 0 [ 160.271110][ T6291] loop0: detected capacity change from 0 to 32768 [ 160.297751][ T6291] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6291) [pid 6291] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6291] chdir("./file0") = 0 [pid 6291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6291] ioctl(4, LOOP_CLR_FD) = 0 [pid 6291] close(4) = 0 [pid 6291] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] open("./file0", O_RDONLY [pid 6290] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... open resumed>) = 4 [pid 6291] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6290] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6290] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 6291] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6290] <... mprotect resumed>) = 0 [pid 6291] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[6308]}, 88) = 6308 ./strace-static-x86_64: Process 6308 attached [pid 6308] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6290] rt_sigprocmask(SIG_SETMASK, [], [pid 6308] <... rseq resumed>) = 0 [pid 6290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6308] set_robust_list(0x7f6654ffc9a0, 24 [pid 6290] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... set_robust_list resumed>) = 0 [pid 6290] <... futex resumed>) = 0 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], [pid 6290] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6308] open(".", O_RDONLY) = 5 [pid 6308] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6308] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 0 [pid 6291] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6290] <... futex resumed>) = 1 [pid 6290] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6291] <... ioctl resumed>) = 0 [pid 6291] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] exit_group(0) = ? [pid 6291] <... futex resumed>) = ? [pid 6308] <... futex resumed>) = ? [pid 6308] +++ exited with 0 +++ [pid 6291] +++ exited with 0 +++ [pid 6290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6290, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6309 attached , child_tidptr=0x5555555e8690) = 6309 [pid 6309] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6309] chdir("./65") = 0 [pid 6309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6309] setpgid(0, 0) = 0 [pid 6309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6309] write(3, "1000", 4) = 4 [pid 6309] close(3) = 0 [pid 6309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6309] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6309] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6310 attached [pid 6310] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6309] <... clone3 resumed> => {parent_tid=[6310]}, 88) = 6310 [pid 6310] <... rseq resumed>) = 0 [pid 6309] rt_sigprocmask(SIG_SETMASK, [], [pid 6310] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6309] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] memfd_create("syzkaller", 0 [pid 6309] <... futex resumed>) = 0 [pid 6310] <... memfd_create resumed>) = 3 [pid 6310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6309] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6310] <... mmap resumed>) = 0x7f664ca00000 [pid 6310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6310] munmap(0x7f664ca00000, 138412032) = 0 [pid 6310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6310] close(3) = 0 [pid 6310] close(4) = 0 [pid 6310] mkdir("./file0", 0777) = 0 [ 161.106030][ T6310] loop0: detected capacity change from 0 to 32768 [ 161.143488][ T6310] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6310) [ 161.163871][ T6310] _btrfs_printk: 167 callbacks suppressed [ 161.163892][ T6310] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 161.181325][ T6310] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 161.190563][ T6310] BTRFS info (device loop0): using free-space-tree [pid 6310] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6310] chdir("./file0") = 0 [pid 6310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6310] ioctl(4, LOOP_CLR_FD) = 0 [pid 6310] close(4) = 0 [pid 6310] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6310] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6309] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] open("./file0", O_RDONLY) = 4 [pid 6310] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6310] <... futex resumed>) = 1 [pid 6309] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 161.315852][ T6310] BTRFS info (device loop0): balance: start -f -s [ 161.322949][ T6310] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 161.330717][ T6310] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 161.339087][ T6310] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 161.352843][ T6310] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6309] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6309] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [ 161.361664][ T6310] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 161.369876][ T6310] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 161.378081][ T6310] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 161.385953][ T6310] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 161.404727][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6327 attached [pid 6327] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6309] <... clone3 resumed> => {parent_tid=[6327]}, 88) = 6327 [pid 6327] set_robust_list(0x7f6654ffc9a0, 24 [pid 6309] rt_sigprocmask(SIG_SETMASK, [], [pid 6327] <... set_robust_list resumed>) = 0 [pid 6309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6327] rt_sigprocmask(SIG_SETMASK, [], [pid 6309] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6309] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6327] open(".", O_RDONLY) = 5 [pid 6327] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6327] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6309] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 161.414322][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 161.428838][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 161.437730][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 161.445462][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 161.453167][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 161.461040][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 161.469970][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 161.479068][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 161.493479][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 161.502318][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 6309] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 161.510045][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 161.517707][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 161.525677][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6327] <... ioctl resumed>) = 0 [pid 6327] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 161.609033][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 161.618156][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 161.632165][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 161.641290][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 161.648953][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 161.656657][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 161.664525][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 161.674317][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 161.683442][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 161.697454][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 161.706368][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 161.714101][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 161.721790][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 161.729635][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 161.743434][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 161.751849][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 161.761011][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 161.774770][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 161.782434][ T6310] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 161.791575][ T6310] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 161.805456][ T6310] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 161.814305][ T6310] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 161.822022][ T6310] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 161.829687][ T6310] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 161.837565][ T6310] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 161.845895][ T6310] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6327] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6310] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6310] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] exit_group(0 [pid 6310] <... futex resumed>) = ? [pid 6309] <... exit_group resumed>) = ? [pid 6310] +++ exited with 0 +++ [pid 6327] <... futex resumed>) = ? [pid 6327] +++ exited with 0 +++ [pid 6309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6309, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 161.875495][ T6310] BTRFS info (device loop0): balance: ended with status: 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 161.944010][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6328 attached [pid 6328] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 6328 [pid 6328] <... set_robust_list resumed>) = 0 [pid 6328] chdir("./66") = 0 [pid 6328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6328] setpgid(0, 0) = 0 [pid 6328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6328] write(3, "1000", 4) = 4 [pid 6328] close(3) = 0 [pid 6328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6328] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6328] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6329 attached [pid 6329] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6328] <... clone3 resumed> => {parent_tid=[6329]}, 88) = 6329 [pid 6329] set_robust_list(0x7f665501d9a0, 24 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... set_robust_list resumed>) = 0 [pid 6329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] <... futex resumed>) = 0 [pid 6329] memfd_create("syzkaller", 0 [pid 6328] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] <... memfd_create resumed>) = 3 [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6329] munmap(0x7f664ca00000, 138412032) = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6329] close(3) = 0 [pid 6329] close(4) = 0 [pid 6329] mkdir("./file0", 0777) = 0 [ 162.331065][ T6329] loop0: detected capacity change from 0 to 32768 [ 162.362089][ T6329] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6329) [pid 6329] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 162.383771][ T6329] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 162.394830][ T6329] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 162.403659][ T6329] BTRFS info (device loop0): using free-space-tree [pid 6329] chdir("./file0") = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6329] ioctl(4, LOOP_CLR_FD) = 0 [pid 6329] close(4) = 0 [pid 6329] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] open("./file0", O_RDONLY [pid 6328] <... futex resumed>) = 0 [pid 6329] <... open resumed>) = 4 [pid 6328] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] <... futex resumed>) = 1 [ 162.541297][ T6329] BTRFS info (device loop0): balance: start -f -s [ 162.548383][ T6329] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 162.556057][ T6329] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 162.564346][ T6329] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 162.577924][ T6329] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6329] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6328] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6328] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6328] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6346 attached [pid 6346] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6328] <... clone3 resumed> => {parent_tid=[6346]}, 88) = 6346 [pid 6346] <... rseq resumed>) = 0 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], [pid 6346] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6346] rt_sigprocmask(SIG_SETMASK, [], [pid 6328] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] open(".", O_RDONLY) = 5 [ 162.586893][ T6329] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 162.594588][ T6329] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 162.602296][ T6329] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 162.610169][ T6329] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 162.627728][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6346] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] <... futex resumed>) = 0 [pid 6346] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 162.638262][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 162.652251][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 162.661082][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 162.668746][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 162.676445][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 162.684317][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 162.693029][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 162.702142][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 162.716131][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 162.725042][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 162.732728][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 6328] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 162.742179][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 162.750007][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6346] <... ioctl resumed>) = 0 [pid 6346] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 162.833469][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 162.842608][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 162.856878][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 162.866003][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 162.873703][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 162.881376][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 162.889191][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 162.897854][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 162.906950][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 162.921943][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 162.930770][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 162.938442][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 162.946647][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 162.954519][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 162.968189][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [pid 6346] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6329] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6329] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 162.976582][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 162.985748][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 162.999495][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 163.007383][ T6329] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 163.016522][ T6329] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 6329] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] exit_group(0 [pid 6346] <... futex resumed>) = ? [pid 6329] <... futex resumed>) = ? [pid 6328] <... exit_group resumed>) = ? [pid 6346] +++ exited with 0 +++ [pid 6329] +++ exited with 0 +++ [pid 6328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6328, si_uid=0, si_status=0, si_utime=0, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6347 attached , child_tidptr=0x5555555e8690) = 6347 [pid 6347] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6347] chdir("./67") = 0 [pid 6347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6347] setpgid(0, 0) = 0 [pid 6347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6347] write(3, "1000", 4) = 4 [pid 6347] close(3) = 0 [pid 6347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6347] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6347] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6348 attached [pid 6348] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6347] <... clone3 resumed> => {parent_tid=[6348]}, 88) = 6348 [pid 6348] <... rseq resumed>) = 0 [pid 6347] rt_sigprocmask(SIG_SETMASK, [], [pid 6348] set_robust_list(0x7f665501d9a0, 24 [pid 6347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6348] <... set_robust_list resumed>) = 0 [pid 6347] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6347] <... futex resumed>) = 0 [pid 6348] memfd_create("syzkaller", 0 [pid 6347] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6348] <... memfd_create resumed>) = 3 [pid 6348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6348] munmap(0x7f664ca00000, 138412032) = 0 [pid 6348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6348] close(3) = 0 [pid 6348] close(4) = 0 [pid 6348] mkdir("./file0", 0777) = 0 [ 163.533844][ T6348] loop0: detected capacity change from 0 to 32768 [ 163.563498][ T6348] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6348) [pid 6348] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6348] chdir("./file0") = 0 [pid 6348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6348] ioctl(4, LOOP_CLR_FD) = 0 [pid 6348] close(4) = 0 [pid 6348] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] <... futex resumed>) = 0 [pid 6347] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] open("./file0", O_RDONLY [pid 6347] <... futex resumed>) = 0 [pid 6347] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6348] <... open resumed>) = 4 [pid 6348] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] <... futex resumed>) = 0 [pid 6348] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6347] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6347] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6347] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6348] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6348] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6347] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6365 attached => {parent_tid=[6365]}, 88) = 6365 [pid 6347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6365] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6347] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] set_robust_list(0x7f6654ffc9a0, 24 [pid 6347] <... futex resumed>) = 0 [pid 6365] <... set_robust_list resumed>) = 0 [pid 6347] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6365] open(".", O_RDONLY) = 5 [pid 6365] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] <... futex resumed>) = 0 [pid 6365] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6347] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = 0 [pid 6347] <... futex resumed>) = 1 [pid 6348] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6347] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6348] <... ioctl resumed>) = 0 [pid 6348] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] exit_group(0 [pid 6348] <... futex resumed>) = ? [pid 6347] <... exit_group resumed>) = ? [pid 6365] <... futex resumed>) = ? [pid 6348] +++ exited with 0 +++ [pid 6365] +++ exited with 0 +++ [pid 6347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6347, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 6366 ./strace-static-x86_64: Process 6366 attached [pid 6366] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6366] chdir("./68") = 0 [pid 6366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6366] setpgid(0, 0) = 0 [pid 6366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6366] write(3, "1000", 4) = 4 [pid 6366] close(3) = 0 [pid 6366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6366] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6366] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6366] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6367 attached [pid 6367] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6366] <... clone3 resumed> => {parent_tid=[6367]}, 88) = 6367 [pid 6367] <... rseq resumed>) = 0 [pid 6366] rt_sigprocmask(SIG_SETMASK, [], [pid 6367] set_robust_list(0x7f665501d9a0, 24 [pid 6366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6367] <... set_robust_list resumed>) = 0 [pid 6366] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] rt_sigprocmask(SIG_SETMASK, [], [pid 6366] <... futex resumed>) = 0 [pid 6367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6366] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6367] memfd_create("syzkaller", 0) = 3 [pid 6367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6367] munmap(0x7f664ca00000, 138412032) = 0 [pid 6367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6367] close(3) = 0 [pid 6367] close(4) = 0 [pid 6367] mkdir("./file0", 0777) = 0 [ 164.437120][ T6367] loop0: detected capacity change from 0 to 32768 [ 164.465116][ T6367] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6367) [pid 6367] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6367] chdir("./file0") = 0 [pid 6367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6367] ioctl(4, LOOP_CLR_FD) = 0 [pid 6367] close(4) = 0 [pid 6367] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6367] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6367] <... futex resumed>) = 0 [pid 6366] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] open("./file0", O_RDONLY) = 4 [pid 6367] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 0 [pid 6367] <... futex resumed>) = 1 [pid 6366] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6366] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6366] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6384 attached => {parent_tid=[6384]}, 88) = 6384 [pid 6384] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6366] rt_sigprocmask(SIG_SETMASK, [], [pid 6384] <... rseq resumed>) = 0 [pid 6366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6384] set_robust_list(0x7f6654ffc9a0, 24 [pid 6366] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... set_robust_list resumed>) = 0 [pid 6366] <... futex resumed>) = 0 [pid 6384] rt_sigprocmask(SIG_SETMASK, [], [pid 6366] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6384] open(".", O_RDONLY) = 5 [pid 6384] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 0 [pid 6384] <... futex resumed>) = 1 [pid 6366] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6384] <... ioctl resumed>) = 0 [pid 6367] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6384] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6367] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] <... futex resumed>) = 0 [pid 6366] exit_group(0 [pid 6367] <... futex resumed>) = ? [pid 6366] <... exit_group resumed>) = ? [pid 6384] +++ exited with 0 +++ [pid 6367] +++ exited with 0 +++ [pid 6366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6366, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6385 attached , child_tidptr=0x5555555e8690) = 6385 [pid 6385] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6385] chdir("./69") = 0 [pid 6385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6385] setpgid(0, 0) = 0 [pid 6385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6385] write(3, "1000", 4) = 4 [pid 6385] close(3) = 0 [pid 6385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6385] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6385] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6386 attached [pid 6386] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6385] <... clone3 resumed> => {parent_tid=[6386]}, 88) = 6386 [pid 6386] set_robust_list(0x7f665501d9a0, 24 [pid 6385] rt_sigprocmask(SIG_SETMASK, [], [pid 6386] <... set_robust_list resumed>) = 0 [pid 6385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6386] rt_sigprocmask(SIG_SETMASK, [], [pid 6385] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6385] <... futex resumed>) = 0 [pid 6386] memfd_create("syzkaller", 0 [pid 6385] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6386] <... memfd_create resumed>) = 3 [pid 6386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6386] munmap(0x7f664ca00000, 138412032) = 0 [pid 6386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6386] close(3) = 0 [pid 6386] close(4) = 0 [pid 6386] mkdir("./file0", 0777) = 0 [ 165.224029][ T6386] loop0: detected capacity change from 0 to 32768 [ 165.259409][ T6386] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6386) [pid 6386] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6386] chdir("./file0") = 0 [pid 6386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6386] ioctl(4, LOOP_CLR_FD) = 0 [pid 6386] close(4) = 0 [pid 6386] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6386] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = 0 [pid 6385] <... futex resumed>) = 1 [pid 6385] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] open("./file0", O_RDONLY) = 4 [pid 6386] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6385] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6385] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6386] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6386] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} [pid 6386] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6403 attached [pid 6385] <... clone3 resumed> => {parent_tid=[6403]}, 88) = 6403 [pid 6385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6385] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6385] <... futex resumed>) = 0 [pid 6403] <... rseq resumed>) = 0 [pid 6385] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6403] open(".", O_RDONLY) = 5 [pid 6403] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6386] <... futex resumed>) = 0 [pid 6386] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6385] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6386] <... ioctl resumed>) = 0 [pid 6386] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6386] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] exit_group(0) = ? [pid 6403] <... futex resumed>) = ? [pid 6386] <... futex resumed>) = ? [pid 6386] +++ exited with 0 +++ [pid 6403] +++ exited with 0 +++ [pid 6385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6385, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6404 attached , child_tidptr=0x5555555e8690) = 6404 [pid 6404] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6404] chdir("./70") = 0 [pid 6404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6404] setpgid(0, 0) = 0 [pid 6404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6404] write(3, "1000", 4) = 4 [pid 6404] close(3) = 0 [pid 6404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6404] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6404] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6404] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6405 attached [pid 6405] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6404] <... clone3 resumed> => {parent_tid=[6405]}, 88) = 6405 [pid 6405] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6404] rt_sigprocmask(SIG_SETMASK, [], [pid 6405] rt_sigprocmask(SIG_SETMASK, [], [pid 6404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6404] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] memfd_create("syzkaller", 0 [pid 6404] <... futex resumed>) = 0 [pid 6404] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6405] <... memfd_create resumed>) = 3 [pid 6405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6405] munmap(0x7f664ca00000, 138412032) = 0 [pid 6405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6405] close(3) = 0 [pid 6405] close(4) = 0 [pid 6405] mkdir("./file0", 0777) = 0 [ 166.109268][ T6405] loop0: detected capacity change from 0 to 32768 [ 166.126318][ T6405] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6405) [pid 6405] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6405] chdir("./file0") = 0 [pid 6405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6405] ioctl(4, LOOP_CLR_FD) = 0 [pid 6405] close(4) = 0 [pid 6405] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6404] <... futex resumed>) = 0 [pid 6404] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] open("./file0", O_RDONLY [pid 6404] <... futex resumed>) = 0 [pid 6405] <... open resumed>) = 4 [pid 6404] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6405] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] <... futex resumed>) = 0 [pid 6404] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6404] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6405] <... futex resumed>) = 1 [pid 6405] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6404] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6404] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6404] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 166.298771][ T6405] _btrfs_printk: 173 callbacks suppressed [ 166.298794][ T6405] BTRFS info (device loop0): balance: start -f -s [ 166.314506][ T6405] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 166.321663][ T6405] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 166.330015][ T6405] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [pid 6404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6404] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6422 attached [pid 6422] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6422] set_robust_list(0x7f6654ffc9a0, 24 [pid 6404] <... clone3 resumed> => {parent_tid=[6422]}, 88) = 6422 [pid 6422] <... set_robust_list resumed>) = 0 [pid 6422] rt_sigprocmask(SIG_SETMASK, [], [pid 6404] rt_sigprocmask(SIG_SETMASK, [], [pid 6422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6422] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6404] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6404] <... futex resumed>) = 0 [pid 6422] open(".", O_RDONLY) = 5 [pid 6404] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6422] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] <... futex resumed>) = 0 [pid 6422] <... futex resumed>) = 1 [pid 6404] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6404] <... futex resumed>) = 0 [ 166.344084][ T6405] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 166.353512][ T6405] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 166.361255][ T6405] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 166.370455][ T6405] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 166.378581][ T6405] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [pid 6404] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 166.439455][ T3065] BTRFS info (device loop0): left=0, need=98304, flags=5 [ 166.446632][ T3065] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 166.454953][ T3065] BTRFS info (device loop0): space_info total=12451840, used=4096, pinned=0, reserved=8253440, may_use=0, readonly=4194304 zone_unusable=0 [ 166.469182][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 166.478009][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 6422] <... ioctl resumed>) = 0 [pid 6422] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 166.485711][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 166.493444][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 166.501766][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 166.512116][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 166.521436][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 166.536542][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 166.545446][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 166.553153][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 166.560831][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 166.568670][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 166.577347][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 166.586470][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 166.600450][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 166.609267][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 166.616996][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 166.624716][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 166.632601][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 166.646985][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 166.656107][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 166.670134][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 166.678930][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 166.686620][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 166.694317][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 166.702176][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 166.710728][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 166.719799][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 166.733782][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 166.742634][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 166.750337][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 166.758032][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 166.765921][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 166.779497][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 166.788012][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 166.797112][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 166.810830][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 166.818401][ T6405] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 166.827522][ T6405] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 166.841241][ T6405] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 166.850063][ T6405] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 166.857820][ T6405] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 166.865529][ T6405] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 166.873391][ T6405] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 166.881907][ T6405] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6422] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6405] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6404] exit_group(0 [pid 6422] <... futex resumed>) = ? [pid 6404] <... exit_group resumed>) = ? [pid 6405] <... futex resumed>) = ? [pid 6422] +++ exited with 0 +++ [pid 6405] +++ exited with 0 +++ [pid 6404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6404, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 [ 166.911595][ T6405] BTRFS info (device loop0): balance: ended with status: 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 166.988506][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6423 attached [pid 6423] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 6423 [pid 6423] <... set_robust_list resumed>) = 0 [pid 6423] chdir("./71") = 0 [pid 6423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6423] setpgid(0, 0) = 0 [pid 6423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6423] write(3, "1000", 4) = 4 [pid 6423] close(3) = 0 [pid 6423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6423] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6423] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6424 attached [pid 6424] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6423] <... clone3 resumed> => {parent_tid=[6424]}, 88) = 6424 [pid 6423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6423] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6423] <... futex resumed>) = 0 [pid 6424] rt_sigprocmask(SIG_SETMASK, [], [pid 6423] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6424] memfd_create("syzkaller", 0) = 3 [pid 6424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6424] munmap(0x7f664ca00000, 138412032) = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6424] close(3) = 0 [pid 6424] close(4) = 0 [pid 6424] mkdir("./file0", 0777) = 0 [ 167.495520][ T6424] loop0: detected capacity change from 0 to 32768 [ 167.523358][ T6424] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6424) [pid 6424] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 167.545637][ T6424] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 167.555920][ T6424] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 167.565558][ T6424] BTRFS info (device loop0): using free-space-tree [pid 6424] chdir("./file0") = 0 [pid 6424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6424] ioctl(4, LOOP_CLR_FD) = 0 [pid 6424] close(4) = 0 [pid 6424] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6424] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] <... futex resumed>) = 0 [pid 6424] open("./file0", O_RDONLY [pid 6423] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6424] <... open resumed>) = 4 [pid 6424] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6424] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6423] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 167.712688][ T6424] BTRFS info (device loop0): balance: start -f -s [ 167.719352][ T6424] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 167.726815][ T6424] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 167.735179][ T6424] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 167.749017][ T6424] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6423] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6423] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6423] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 167.757834][ T6424] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 167.765523][ T6424] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 167.773212][ T6424] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 167.781104][ T6424] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 167.799150][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6441 attached => {parent_tid=[6441]}, 88) = 6441 [pid 6441] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6423] rt_sigprocmask(SIG_SETMASK, [], [pid 6441] <... rseq resumed>) = 0 [pid 6423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6423] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] set_robust_list(0x7f6654ffc9a0, 24 [pid 6423] <... futex resumed>) = 0 [pid 6441] <... set_robust_list resumed>) = 0 [pid 6441] rt_sigprocmask(SIG_SETMASK, [], [pid 6423] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6441] open(".", O_RDONLY) = 5 [pid 6441] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6441] <... futex resumed>) = 1 [pid 6423] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6423] <... futex resumed>) = 0 [ 167.808418][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 167.822389][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 167.831217][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 167.838867][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 167.846602][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 167.854484][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 167.863185][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 167.872304][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 167.886401][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 167.895199][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 167.902853][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 6423] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 167.910555][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 167.918374][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6441] <... ioctl resumed>) = 0 [pid 6441] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 168.002003][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 168.011808][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 168.025801][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 168.035060][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 168.042788][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 168.050490][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 168.058345][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 168.067043][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 168.076192][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 168.090198][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [pid 6441] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6424] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6424] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6424] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] exit_group(0) = ? [pid 6424] <... futex resumed>) = ? [pid 6424] +++ exited with 0 +++ [ 168.098998][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 168.106694][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 168.114505][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 168.122367][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 168.135889][ T2422] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [pid 6441] <... futex resumed>) = ? [pid 6441] +++ exited with 0 +++ [pid 6423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6423, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6442 attached , child_tidptr=0x5555555e8690) = 6442 [pid 6442] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6442] chdir("./72") = 0 [pid 6442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6442] setpgid(0, 0) = 0 [pid 6442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6442] write(3, "1000", 4) = 4 [pid 6442] close(3) = 0 [pid 6442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6442] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6442] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6442] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6443 attached [pid 6443] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6442] <... clone3 resumed> => {parent_tid=[6443]}, 88) = 6443 [pid 6443] set_robust_list(0x7f665501d9a0, 24 [pid 6442] rt_sigprocmask(SIG_SETMASK, [], [pid 6443] <... set_robust_list resumed>) = 0 [pid 6442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6443] rt_sigprocmask(SIG_SETMASK, [], [pid 6442] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6442] <... futex resumed>) = 0 [pid 6443] memfd_create("syzkaller", 0 [pid 6442] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6443] <... memfd_create resumed>) = 3 [pid 6443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6443] munmap(0x7f664ca00000, 138412032) = 0 [pid 6443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6443] close(3) = 0 [pid 6443] close(4) = 0 [pid 6443] mkdir("./file0", 0777) = 0 [ 168.677287][ T6443] loop0: detected capacity change from 0 to 32768 [ 168.705152][ T6443] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6443) [pid 6443] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6443] chdir("./file0") = 0 [pid 6443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6443] ioctl(4, LOOP_CLR_FD) = 0 [pid 6443] close(4) = 0 [pid 6443] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6442] <... futex resumed>) = 0 [pid 6443] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6442] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] open("./file0", O_RDONLY [pid 6442] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6443] <... open resumed>) = 4 [pid 6443] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... futex resumed>) = 0 [pid 6442] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] <... futex resumed>) = 1 [pid 6442] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6443] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6442] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6442] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6442] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6442] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6443] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6442] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6443] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} [pid 6443] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6460 attached [pid 6443] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6460] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6460] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6442] <... clone3 resumed> => {parent_tid=[6460]}, 88) = 6460 [pid 6460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6442] rt_sigprocmask(SIG_SETMASK, [], [pid 6460] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6442] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6442] <... futex resumed>) = 1 [pid 6442] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] open(".", O_RDONLY) = 5 [pid 6460] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6460] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6442] <... futex resumed>) = 0 [pid 6442] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... futex resumed>) = 0 [pid 6443] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6442] <... futex resumed>) = 1 [pid 6442] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6443] <... ioctl resumed>) = 0 [pid 6443] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] exit_group(0 [pid 6443] <... futex resumed>) = 0 [pid 6442] <... exit_group resumed>) = ? [pid 6443] +++ exited with 0 +++ [pid 6460] <... futex resumed>) = ? [pid 6460] +++ exited with 0 +++ [pid 6442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6442, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6461 attached , child_tidptr=0x5555555e8690) = 6461 [pid 6461] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6461] chdir("./73") = 0 [pid 6461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6461] setpgid(0, 0) = 0 [pid 6461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6461] write(3, "1000", 4) = 4 [pid 6461] close(3) = 0 [pid 6461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6461] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6461] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6461] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6462 attached [pid 6462] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6461] <... clone3 resumed> => {parent_tid=[6462]}, 88) = 6462 [pid 6462] <... rseq resumed>) = 0 [pid 6461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6461] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] set_robust_list(0x7f665501d9a0, 24 [pid 6461] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6462] <... set_robust_list resumed>) = 0 [pid 6462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6462] memfd_create("syzkaller", 0) = 3 [pid 6462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6462] munmap(0x7f664ca00000, 138412032) = 0 [pid 6462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6462] close(3) = 0 [pid 6462] close(4) = 0 [pid 6462] mkdir("./file0", 0777) = 0 [ 169.539740][ T6462] loop0: detected capacity change from 0 to 32768 [ 169.576640][ T6462] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6462) [pid 6462] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6462] chdir("./file0") = 0 [pid 6462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6462] ioctl(4, LOOP_CLR_FD) = 0 [pid 6462] close(4) = 0 [pid 6462] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6462] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6461] <... futex resumed>) = 0 [pid 6461] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... futex resumed>) = 0 [pid 6461] <... futex resumed>) = 1 [pid 6462] open("./file0", O_RDONLY [pid 6461] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6462] <... open resumed>) = 4 [pid 6462] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6461] <... futex resumed>) = 0 [pid 6462] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6461] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6461] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6462] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6461] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 6462] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] <... mprotect resumed>) = 0 [pid 6461] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6462] <... futex resumed>) = 0 [pid 6462] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6461] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6479 attached [pid 6479] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6479] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6479] rt_sigprocmask(SIG_SETMASK, [], [pid 6461] <... clone3 resumed> => {parent_tid=[6479]}, 88) = 6479 [pid 6479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6479] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6461] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6479] <... futex resumed>) = 0 [pid 6461] <... futex resumed>) = 1 [pid 6479] open(".", O_RDONLY [pid 6461] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6479] <... open resumed>) = 5 [pid 6479] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] <... futex resumed>) = 0 [pid 6479] <... futex resumed>) = 1 [pid 6461] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6479] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] <... futex resumed>) = 0 [pid 6461] <... futex resumed>) = 1 [pid 6462] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6461] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6462] <... ioctl resumed>) = 0 [pid 6462] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] exit_group(0 [pid 6462] <... futex resumed>) = 0 [pid 6479] <... futex resumed>) = ? [pid 6461] <... exit_group resumed>) = ? [pid 6479] +++ exited with 0 +++ [pid 6462] +++ exited with 0 +++ [pid 6461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6461, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6480 attached , child_tidptr=0x5555555e8690) = 6480 [pid 6480] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6480] chdir("./74") = 0 [pid 6480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6480] setpgid(0, 0) = 0 [pid 6480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6480] write(3, "1000", 4) = 4 [pid 6480] close(3) = 0 [pid 6480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6480] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6480] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6481 attached [pid 6481] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6480] <... clone3 resumed> => {parent_tid=[6481]}, 88) = 6481 [pid 6481] set_robust_list(0x7f665501d9a0, 24 [pid 6480] rt_sigprocmask(SIG_SETMASK, [], [pid 6481] <... set_robust_list resumed>) = 0 [pid 6481] rt_sigprocmask(SIG_SETMASK, [], [pid 6480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6481] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6480] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] memfd_create("syzkaller", 0 [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6481] <... memfd_create resumed>) = 3 [pid 6481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6481] munmap(0x7f664ca00000, 138412032) = 0 [pid 6481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6481] close(3) = 0 [pid 6481] close(4) = 0 [pid 6481] mkdir("./file0", 0777) = 0 [pid 6481] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 170.439760][ T6481] loop0: detected capacity change from 0 to 32768 [ 170.464503][ T6481] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6481) [pid 6481] chdir("./file0") = 0 [pid 6481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6481] ioctl(4, LOOP_CLR_FD) = 0 [pid 6481] close(4) = 0 [pid 6481] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6481] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] <... futex resumed>) = 0 [pid 6480] <... futex resumed>) = 1 [pid 6481] open("./file0", O_RDONLY [pid 6480] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] <... open resumed>) = 4 [pid 6481] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6480] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6480] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6498 attached [pid 6498] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6481] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6480] <... clone3 resumed> => {parent_tid=[6498]}, 88) = 6498 [pid 6498] set_robust_list(0x7f6654ffc9a0, 24 [pid 6480] rt_sigprocmask(SIG_SETMASK, [], [pid 6498] <... set_robust_list resumed>) = 0 [pid 6480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6498] rt_sigprocmask(SIG_SETMASK, [], [pid 6480] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6480] <... futex resumed>) = 0 [pid 6498] open(".", O_RDONLY [pid 6480] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6481] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] <... open resumed>) = 5 [pid 6498] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... futex resumed>) = 0 [pid 6498] <... futex resumed>) = 1 [pid 6480] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] <... futex resumed>) = 1 [pid 6481] <... futex resumed>) = 0 [pid 6480] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6480] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6481] <... ioctl resumed>) = 0 [pid 6481] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] exit_group(0 [pid 6498] <... futex resumed>) = ? [pid 6480] <... exit_group resumed>) = ? [pid 6498] +++ exited with 0 +++ [pid 6481] <... futex resumed>) = ? [pid 6481] +++ exited with 0 +++ [pid 6480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6480, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6499 attached , child_tidptr=0x5555555e8690) = 6499 [pid 6499] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6499] chdir("./75") = 0 [pid 6499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6499] setpgid(0, 0) = 0 [pid 6499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6499] write(3, "1000", 4) = 4 [pid 6499] close(3) = 0 [pid 6499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6499] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6499] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6500 attached [pid 6500] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6500] set_robust_list(0x7f665501d9a0, 24 [pid 6499] <... clone3 resumed> => {parent_tid=[6500]}, 88) = 6500 [pid 6500] <... set_robust_list resumed>) = 0 [pid 6499] rt_sigprocmask(SIG_SETMASK, [], [pid 6500] rt_sigprocmask(SIG_SETMASK, [], [pid 6499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6499] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6500] memfd_create("syzkaller", 0 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6500] <... memfd_create resumed>) = 3 [pid 6500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6500] munmap(0x7f664ca00000, 138412032) = 0 [pid 6500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6500] close(3) = 0 [pid 6500] close(4) = 0 [pid 6500] mkdir("./file0", 0777) = 0 [ 171.302321][ T6500] loop0: detected capacity change from 0 to 32768 [ 171.328634][ T6500] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6500) [pid 6500] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6500] chdir("./file0") = 0 [ 171.354761][ T6500] _btrfs_printk: 175 callbacks suppressed [ 171.354782][ T6500] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 171.373498][ T6500] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 171.382750][ T6500] BTRFS info (device loop0): using free-space-tree [pid 6500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6500] ioctl(4, LOOP_CLR_FD) = 0 [pid 6500] close(4) = 0 [pid 6500] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6500] open("./file0", O_RDONLY) = 4 [pid 6500] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6500] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6499] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6499] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6500] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6499] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 171.504158][ T6500] BTRFS info (device loop0): balance: start -f -s [ 171.511721][ T6500] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 171.518812][ T6500] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 171.527245][ T6500] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 171.540881][ T6500] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6499] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6517 attached => {parent_tid=[6517]}, 88) = 6517 [pid 6517] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6517] <... rseq resumed>) = 0 [pid 6499] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6499] <... futex resumed>) = 0 [pid 6517] rt_sigprocmask(SIG_SETMASK, [], [pid 6499] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6517] open(".", O_RDONLY) = 5 [ 171.550100][ T6500] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 171.558654][ T6500] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 171.566840][ T6500] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 171.574751][ T6500] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 171.594338][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6517] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6517] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6499] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 171.603736][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 171.618989][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 171.627909][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 171.635637][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 171.643351][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 171.651219][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 171.660010][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 171.669089][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 171.683157][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 171.691987][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 6499] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 171.699632][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 171.707310][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 171.715232][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6517] <... ioctl resumed>) = 0 [pid 6517] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 171.798146][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 171.807491][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 171.821580][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 171.830508][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 171.838164][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 171.845853][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 171.853726][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 171.862474][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 171.871591][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 171.885577][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 171.894399][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 171.902118][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 171.909790][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 171.917677][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 171.932112][ T2435] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 171.940609][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 171.949670][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 171.963372][ T2435] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 171.970986][ T6500] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 171.980266][ T6500] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 171.993991][ T6500] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 172.002822][ T6500] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 172.010509][ T6500] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 172.018155][ T6500] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 172.026050][ T6500] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 172.034473][ T6500] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6517] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6500] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6500] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] exit_group(0 [pid 6500] <... futex resumed>) = ? [pid 6499] <... exit_group resumed>) = ? [pid 6517] <... futex resumed>) = ? [pid 6517] +++ exited with 0 +++ [pid 6500] +++ exited with 0 +++ [pid 6499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6499, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 [ 172.064255][ T6500] BTRFS info (device loop0): balance: ended with status: 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 172.126924][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6518 attached , child_tidptr=0x5555555e8690) = 6518 [pid 6518] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6518] chdir("./76") = 0 [pid 6518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6518] setpgid(0, 0) = 0 [pid 6518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6518] write(3, "1000", 4) = 4 [pid 6518] close(3) = 0 [pid 6518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6518] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6518] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6518] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6518] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6518] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6519 attached => {parent_tid=[6519]}, 88) = 6519 [pid 6519] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6519] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6518] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] rt_sigprocmask(SIG_SETMASK, [], [pid 6518] <... futex resumed>) = 0 [pid 6519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6519] memfd_create("syzkaller", 0 [pid 6518] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6519] <... memfd_create resumed>) = 3 [pid 6519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6519] munmap(0x7f664ca00000, 138412032) = 0 [pid 6519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6519] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6519] close(3) = 0 [pid 6519] close(4) = 0 [pid 6519] mkdir("./file0", 0777) = 0 [ 172.530706][ T6519] loop0: detected capacity change from 0 to 32768 [ 172.567030][ T6519] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6519) [pid 6519] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 172.591829][ T6519] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 172.602565][ T6519] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 172.611741][ T6519] BTRFS info (device loop0): using free-space-tree [pid 6519] chdir("./file0") = 0 [pid 6519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6519] ioctl(4, LOOP_CLR_FD) = 0 [pid 6519] close(4) = 0 [pid 6519] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6519] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6518] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6518] <... futex resumed>) = 0 [pid 6519] open("./file0", O_RDONLY [pid 6518] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6519] <... open resumed>) = 4 [pid 6519] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6519] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6518] <... futex resumed>) = 0 [pid 6518] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] <... futex resumed>) = 0 [pid 6518] <... futex resumed>) = 1 [pid 6519] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6518] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6518] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [ 172.737278][ T6519] BTRFS info (device loop0): balance: start -f -s [ 172.744279][ T6519] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 172.752239][ T6519] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 172.760585][ T6519] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 172.774343][ T6519] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6518] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6518] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6518] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6536 attached [pid 6536] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6518] <... clone3 resumed> => {parent_tid=[6536]}, 88) = 6536 [pid 6536] <... rseq resumed>) = 0 [pid 6536] set_robust_list(0x7f6654ffc9a0, 24 [pid 6518] rt_sigprocmask(SIG_SETMASK, [], [pid 6536] <... set_robust_list resumed>) = 0 [pid 6536] rt_sigprocmask(SIG_SETMASK, [], [pid 6518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6518] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6536] open(".", O_RDONLY [pid 6518] <... futex resumed>) = 0 [pid 6518] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6536] <... open resumed>) = 5 [pid 6536] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6536] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6518] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6518] <... futex resumed>) = 0 [pid 6536] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 172.783246][ T6519] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 172.791030][ T6519] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 172.798695][ T6519] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 172.806585][ T6519] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 172.854232][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1740800 free, is full [ 172.863350][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=36864, may_use=1437696, readonly=0 zone_unusable=0 [ 172.877404][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 172.886275][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 172.893938][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 6518] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 172.901595][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 172.909412][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 172.918146][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 172.927638][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 172.941828][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 172.950655][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 172.958317][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 172.965969][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 172.973818][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6536] <... ioctl resumed>) = 0 [pid 6536] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 173.056176][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 173.065311][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 173.079814][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 173.088942][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 173.096687][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 173.104496][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 173.112404][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 173.121279][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 173.130389][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 173.144374][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 173.153215][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 173.160959][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 173.168646][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 173.176523][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 173.190166][ T2435] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 173.198558][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 173.207716][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 173.221466][ T2435] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 173.229079][ T6519] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 173.238315][ T6519] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 6536] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6519] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6519] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6518] exit_group(0 [pid 6519] <... futex resumed>) = ? [pid 6518] <... exit_group resumed>) = ? [pid 6536] <... futex resumed>) = ? [pid 6536] +++ exited with 0 +++ [pid 6519] +++ exited with 0 +++ [pid 6518] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6518, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6537 attached , child_tidptr=0x5555555e8690) = 6537 [pid 6537] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6537] chdir("./77") = 0 [pid 6537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6537] setpgid(0, 0) = 0 [pid 6537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6537] write(3, "1000", 4) = 4 [pid 6537] close(3) = 0 [pid 6537] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6537] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6537] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6537] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6538 attached [pid 6538] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6538] set_robust_list(0x7f665501d9a0, 24 [pid 6537] <... clone3 resumed> => {parent_tid=[6538]}, 88) = 6538 [pid 6538] <... set_robust_list resumed>) = 0 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], [pid 6538] rt_sigprocmask(SIG_SETMASK, [], [pid 6537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6537] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] memfd_create("syzkaller", 0 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6538] <... memfd_create resumed>) = 3 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6538] munmap(0x7f664ca00000, 138412032) = 0 [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6538] close(3) = 0 [pid 6538] close(4) = 0 [pid 6538] mkdir("./file0", 0777) = 0 [ 173.905523][ T6538] loop0: detected capacity change from 0 to 32768 [ 173.945214][ T6538] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6538) [pid 6538] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6538] chdir("./file0") = 0 [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6538] ioctl(4, LOOP_CLR_FD) = 0 [pid 6538] close(4) = 0 [pid 6538] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6538] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6537] <... futex resumed>) = 0 [pid 6538] open("./file0", O_RDONLY [pid 6537] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] <... open resumed>) = 4 [pid 6538] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6537] <... futex resumed>) = 0 [pid 6537] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6537] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6537] <... futex resumed>) = 0 [pid 6538] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... mmap resumed>) = 0x7f6654fdc000 [pid 6538] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6537] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6537] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6555 attached [pid 6555] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6555] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6537] <... clone3 resumed> => {parent_tid=[6555]}, 88) = 6555 [pid 6555] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6537] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6537] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6555] open(".", O_RDONLY) = 5 [pid 6555] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6537] <... futex resumed>) = 0 [pid 6555] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... futex resumed>) = 0 [pid 6537] <... futex resumed>) = 1 [pid 6538] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6537] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6538] <... ioctl resumed>) = 0 [pid 6538] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] exit_group(0) = ? [pid 6555] <... futex resumed>) = ? [pid 6538] <... futex resumed>) = ? [pid 6555] +++ exited with 0 +++ [pid 6538] +++ exited with 0 +++ [pid 6537] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6537, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6556 attached [pid 6556] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 6556 [pid 6556] <... set_robust_list resumed>) = 0 [pid 6556] chdir("./78") = 0 [pid 6556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6556] setpgid(0, 0) = 0 [pid 6556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6556] write(3, "1000", 4) = 4 [pid 6556] close(3) = 0 [pid 6556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6556] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6556] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6556] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6557 attached => {parent_tid=[6557]}, 88) = 6557 [pid 6557] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6556] rt_sigprocmask(SIG_SETMASK, [], [pid 6557] <... rseq resumed>) = 0 [pid 6556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6557] set_robust_list(0x7f665501d9a0, 24 [pid 6556] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] <... set_robust_list resumed>) = 0 [pid 6556] <... futex resumed>) = 0 [pid 6557] rt_sigprocmask(SIG_SETMASK, [], [pid 6556] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6557] memfd_create("syzkaller", 0) = 3 [pid 6557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6557] munmap(0x7f664ca00000, 138412032) = 0 [pid 6557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6557] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6557] close(3) = 0 [pid 6557] close(4) = 0 [pid 6557] mkdir("./file0", 0777) = 0 [ 174.764820][ T6557] loop0: detected capacity change from 0 to 32768 [ 174.792989][ T6557] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6557) [pid 6557] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6557] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6557] chdir("./file0") = 0 [pid 6557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6557] ioctl(4, LOOP_CLR_FD) = 0 [pid 6557] close(4) = 0 [pid 6557] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6556] <... futex resumed>) = 0 [pid 6556] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] <... futex resumed>) = 0 [pid 6556] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6557] open("./file0", O_RDONLY) = 4 [pid 6557] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6556] <... futex resumed>) = 0 [pid 6556] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6556] <... futex resumed>) = 0 [pid 6556] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6556] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6556] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6574 attached => {parent_tid=[6574]}, 88) = 6574 [pid 6556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6556] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6574] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6574] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6574] open(".", O_RDONLY) = 5 [pid 6574] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6556] <... futex resumed>) = 0 [pid 6574] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6556] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6556] <... futex resumed>) = 0 [pid 6574] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6556] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6574] <... ioctl resumed>) = 0 [pid 6557] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6557] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6574] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] exit_group(0 [pid 6557] <... futex resumed>) = ? [pid 6556] <... exit_group resumed>) = ? [pid 6557] +++ exited with 0 +++ [pid 6574] +++ exited with 0 +++ [pid 6556] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6556, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6575 attached , child_tidptr=0x5555555e8690) = 6575 [pid 6575] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6575] chdir("./79") = 0 [pid 6575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6575] setpgid(0, 0) = 0 [pid 6575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6575] write(3, "1000", 4) = 4 [pid 6575] close(3) = 0 [pid 6575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6575] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6575] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6576 attached [pid 6576] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6575] <... clone3 resumed> => {parent_tid=[6576]}, 88) = 6576 [pid 6576] set_robust_list(0x7f665501d9a0, 24 [pid 6575] rt_sigprocmask(SIG_SETMASK, [], [pid 6576] <... set_robust_list resumed>) = 0 [pid 6575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6576] rt_sigprocmask(SIG_SETMASK, [], [pid 6575] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6576] memfd_create("syzkaller", 0) = 3 [pid 6576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6576] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6576] munmap(0x7f664ca00000, 138412032) = 0 [pid 6576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6576] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6576] close(3) = 0 [pid 6576] close(4) = 0 [pid 6576] mkdir("./file0", 0777) = 0 [pid 6576] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [ 175.632431][ T6576] loop0: detected capacity change from 0 to 32768 [ 175.661882][ T6576] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6576) [pid 6576] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6576] chdir("./file0") = 0 [pid 6576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6576] ioctl(4, LOOP_CLR_FD) = 0 [pid 6576] close(4) = 0 [pid 6576] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] <... futex resumed>) = 0 [pid 6575] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] open("./file0", O_RDONLY) = 4 [pid 6576] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6576] <... futex resumed>) = 1 [pid 6575] <... futex resumed>) = 0 [pid 6576] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6575] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6575] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6576] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] <... mmap resumed>) = 0x7f6654fdc000 [pid 6575] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6593 attached [pid 6593] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6575] <... clone3 resumed> => {parent_tid=[6593]}, 88) = 6593 [pid 6593] <... rseq resumed>) = 0 [pid 6575] rt_sigprocmask(SIG_SETMASK, [], [pid 6593] set_robust_list(0x7f6654ffc9a0, 24 [pid 6575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6593] <... set_robust_list resumed>) = 0 [pid 6575] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6593] rt_sigprocmask(SIG_SETMASK, [], [pid 6575] <... futex resumed>) = 0 [pid 6593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6575] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6593] open(".", O_RDONLY) = 5 [pid 6593] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6593] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6575] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] <... futex resumed>) = 0 [pid 6576] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6575] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6576] <... ioctl resumed>) = 0 [pid 6576] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6576] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] exit_group(0 [pid 6593] <... futex resumed>) = ? [pid 6576] <... futex resumed>) = ? [pid 6575] <... exit_group resumed>) = ? [pid 6593] +++ exited with 0 +++ [pid 6576] +++ exited with 0 +++ [pid 6575] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6575, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6594 attached , child_tidptr=0x5555555e8690) = 6594 [pid 6594] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6594] chdir("./80") = 0 [pid 6594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6594] setpgid(0, 0) = 0 [pid 6594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6594] write(3, "1000", 4) = 4 [pid 6594] close(3) = 0 [pid 6594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6594] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6594] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6595 attached [pid 6595] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6595] set_robust_list(0x7f665501d9a0, 24 [pid 6594] <... clone3 resumed> => {parent_tid=[6595]}, 88) = 6595 [pid 6595] <... set_robust_list resumed>) = 0 [pid 6594] rt_sigprocmask(SIG_SETMASK, [], [pid 6595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6595] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6594] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6594] <... futex resumed>) = 0 [pid 6595] memfd_create("syzkaller", 0 [pid 6594] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6595] <... memfd_create resumed>) = 3 [pid 6595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6595] munmap(0x7f664ca00000, 138412032) = 0 [pid 6595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6595] close(3) = 0 [pid 6595] close(4) = 0 [pid 6595] mkdir("./file0", 0777) = 0 [ 176.559666][ T6595] loop0: detected capacity change from 0 to 32768 [ 176.576179][ T6595] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6595) [ 176.593238][ T6595] _btrfs_printk: 170 callbacks suppressed [ 176.593269][ T6595] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [pid 6595] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 176.610180][ T6595] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 176.619186][ T6595] BTRFS info (device loop0): using free-space-tree [pid 6595] chdir("./file0") = 0 [pid 6595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6595] ioctl(4, LOOP_CLR_FD) = 0 [pid 6595] close(4) = 0 [pid 6595] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6595] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6594] <... futex resumed>) = 0 [pid 6594] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6594] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] <... futex resumed>) = 0 [pid 6595] open("./file0", O_RDONLY) = 4 [pid 6595] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6594] <... futex resumed>) = 0 [pid 6595] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6594] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 176.749469][ T6595] BTRFS info (device loop0): balance: start -f -s [ 176.756879][ T6595] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 176.764338][ T6595] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 176.772781][ T6595] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 176.786466][ T6595] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6594] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6594] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6594] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 176.795277][ T6595] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 176.802960][ T6595] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 176.810647][ T6595] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 176.818479][ T6595] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 176.836364][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6612 attached => {parent_tid=[6612]}, 88) = 6612 [pid 6612] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6594] rt_sigprocmask(SIG_SETMASK, [], [pid 6612] set_robust_list(0x7f6654ffc9a0, 24 [pid 6594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6612] <... set_robust_list resumed>) = 0 [pid 6594] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] rt_sigprocmask(SIG_SETMASK, [], [pid 6594] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6612] open(".", O_RDONLY) = 5 [pid 6612] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6594] <... futex resumed>) = 0 [pid 6594] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6594] <... futex resumed>) = 0 [ 176.845480][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 176.859478][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 176.868353][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 176.876081][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 176.883810][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 176.891708][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 176.901579][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 176.910721][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 176.924679][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 176.933563][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 176.941238][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 6594] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 176.948905][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 176.956737][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6612] <... ioctl resumed>) = 0 [pid 6612] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 177.039815][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 177.049192][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 177.063167][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 177.072001][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 177.079665][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 177.087358][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 177.095201][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 177.104113][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 177.113238][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 177.127311][ T2435] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 177.136214][ T2435] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 177.143939][ T2435] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 177.151634][ T2435] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 177.159488][ T2435] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 177.173420][ T2435] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 177.181920][ T2435] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 177.191036][ T2435] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 177.204738][ T2435] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 177.212368][ T6595] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 177.221497][ T6595] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 177.235186][ T6595] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 177.244000][ T6595] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 177.251681][ T6595] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 177.259331][ T6595] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 177.267206][ T6595] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 177.275623][ T6595] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6612] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6595] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6595] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6595] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6594] exit_group(0 [pid 6595] <... futex resumed>) = ? [pid 6594] <... exit_group resumed>) = ? [pid 6595] +++ exited with 0 +++ [pid 6612] <... futex resumed>) = ? [pid 6612] +++ exited with 0 +++ [pid 6594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6594, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=51 /* 0.51 s */} --- [ 177.304645][ T6595] BTRFS info (device loop0): balance: ended with status: 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 177.468697][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6613 attached , child_tidptr=0x5555555e8690) = 6613 [pid 6613] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6613] chdir("./81") = 0 [pid 6613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6613] setpgid(0, 0) = 0 [pid 6613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6613] write(3, "1000", 4) = 4 [pid 6613] close(3) = 0 [pid 6613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6613] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6613] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6613] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6613] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6614 attached [pid 6614] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6613] <... clone3 resumed> => {parent_tid=[6614]}, 88) = 6614 [pid 6614] <... rseq resumed>) = 0 [pid 6614] set_robust_list(0x7f665501d9a0, 24 [pid 6613] rt_sigprocmask(SIG_SETMASK, [], [pid 6614] <... set_robust_list resumed>) = 0 [pid 6613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6614] rt_sigprocmask(SIG_SETMASK, [], [pid 6613] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6613] <... futex resumed>) = 0 [pid 6614] memfd_create("syzkaller", 0 [pid 6613] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6614] <... memfd_create resumed>) = 3 [pid 6614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6614] munmap(0x7f664ca00000, 138412032) = 0 [pid 6614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6614] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6614] close(3) = 0 [pid 6614] close(4) = 0 [pid 6614] mkdir("./file0", 0777) = 0 [ 177.898258][ T6614] loop0: detected capacity change from 0 to 32768 [ 177.927070][ T6614] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6614) [ 177.952636][ T6614] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 177.963050][ T6614] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 177.972937][ T6614] BTRFS info (device loop0): using free-space-tree [pid 6614] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6614] chdir("./file0") = 0 [pid 6614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6614] ioctl(4, LOOP_CLR_FD) = 0 [pid 6614] close(4) = 0 [pid 6614] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6613] <... futex resumed>) = 0 [pid 6614] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6613] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6613] <... futex resumed>) = 0 [pid 6614] open("./file0", O_RDONLY [pid 6613] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6614] <... open resumed>) = 4 [pid 6614] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] <... futex resumed>) = 0 [pid 6613] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6614] <... futex resumed>) = 1 [pid 6613] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6614] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6613] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6613] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [ 178.081119][ T6614] BTRFS info (device loop0): balance: start -f -s [ 178.088099][ T6614] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 178.095972][ T6614] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 178.104417][ T6614] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 178.118073][ T6614] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6613] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6613] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6631 attached => {parent_tid=[6631]}, 88) = 6631 [pid 6631] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6631] <... rseq resumed>) = 0 [pid 6613] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] set_robust_list(0x7f6654ffc9a0, 24 [pid 6613] <... futex resumed>) = 0 [pid 6631] <... set_robust_list resumed>) = 0 [pid 6613] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 178.127016][ T6614] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 178.134764][ T6614] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 178.142552][ T6614] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 178.150431][ T6614] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 178.168153][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6631] open(".", O_RDONLY) = 5 [pid 6631] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6613] <... futex resumed>) = 0 [pid 6613] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] <... futex resumed>) = 0 [pid 6613] <... futex resumed>) = 1 [pid 6631] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 178.177378][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 178.191366][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 178.200197][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 178.207898][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 178.215587][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 178.223439][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [pid 6613] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6613] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 178.233665][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 178.242797][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 178.256813][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 178.265650][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 178.273349][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 178.281099][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 178.288966][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6631] <... ioctl resumed>) = 0 [pid 6631] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 178.372991][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 178.382177][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 178.396550][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 178.405461][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 178.413170][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 178.420865][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 178.428701][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 178.437388][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 178.446502][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 178.460496][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 178.469297][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 178.476990][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 178.484739][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 178.492628][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 178.506313][ T59] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 178.514745][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 178.523868][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 178.538429][ T59] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 178.546100][ T6614] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 178.555221][ T6614] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 6631] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6614] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6614] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6614] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6613] exit_group(0) = ? [pid 6631] <... futex resumed>) = ? [pid 6614] <... futex resumed>) = ? [pid 6614] +++ exited with 0 +++ [pid 6631] +++ exited with 0 +++ [pid 6613] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6613, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=42 /* 0.42 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6632 attached , child_tidptr=0x5555555e8690) = 6632 [pid 6632] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6632] chdir("./82") = 0 [pid 6632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6632] setpgid(0, 0) = 0 [pid 6632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6632] write(3, "1000", 4) = 4 [pid 6632] close(3) = 0 [pid 6632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6632] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6632] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6633 attached => {parent_tid=[6633]}, 88) = 6633 [pid 6633] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6633] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6633] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6632] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = 0 [pid 6632] <... futex resumed>) = 1 [pid 6632] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6633] memfd_create("syzkaller", 0) = 3 [pid 6633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6633] munmap(0x7f664ca00000, 138412032) = 0 [pid 6633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6633] close(3) = 0 [pid 6633] close(4) = 0 [pid 6633] mkdir("./file0", 0777) = 0 [ 179.125900][ T6633] loop0: detected capacity change from 0 to 32768 [ 179.152226][ T6633] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6633) [pid 6633] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6633] chdir("./file0") = 0 [pid 6633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6633] ioctl(4, LOOP_CLR_FD) = 0 [pid 6633] close(4) = 0 [pid 6633] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] <... futex resumed>) = 0 [pid 6633] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = 0 [pid 6632] <... futex resumed>) = 1 [pid 6633] open("./file0", O_RDONLY [pid 6632] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... open resumed>) = 4 [pid 6633] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = 0 [pid 6633] <... futex resumed>) = 1 [pid 6632] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6632] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6633] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6633] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 6633] <... futex resumed>) = 0 [pid 6633] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] <... mprotect resumed>) = 0 [pid 6632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6650 attached [pid 6650] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6632] <... clone3 resumed> => {parent_tid=[6650]}, 88) = 6650 [pid 6650] set_robust_list(0x7f6654ffc9a0, 24 [pid 6632] rt_sigprocmask(SIG_SETMASK, [], [pid 6650] <... set_robust_list resumed>) = 0 [pid 6632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6650] rt_sigprocmask(SIG_SETMASK, [], [pid 6632] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6632] <... futex resumed>) = 0 [pid 6650] open(".", O_RDONLY [pid 6632] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6650] <... open resumed>) = 5 [pid 6650] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] <... futex resumed>) = 0 [pid 6650] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = 0 [pid 6632] <... futex resumed>) = 1 [pid 6633] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6632] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6633] <... ioctl resumed>) = 0 [pid 6633] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6633] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] exit_group(0 [pid 6633] <... futex resumed>) = ? [pid 6650] <... futex resumed>) = ? [pid 6632] <... exit_group resumed>) = ? [pid 6650] +++ exited with 0 +++ [pid 6633] +++ exited with 0 +++ [pid 6632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6632, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6651 attached , child_tidptr=0x5555555e8690) = 6651 [pid 6651] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6651] chdir("./83") = 0 [pid 6651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6651] setpgid(0, 0) = 0 [pid 6651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6651] write(3, "1000", 4) = 4 [pid 6651] close(3) = 0 [pid 6651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6651] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6651] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6651] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6651] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6652 attached [pid 6652] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6651] <... clone3 resumed> => {parent_tid=[6652]}, 88) = 6652 [pid 6652] set_robust_list(0x7f665501d9a0, 24 [pid 6651] rt_sigprocmask(SIG_SETMASK, [], [pid 6652] <... set_robust_list resumed>) = 0 [pid 6651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6652] rt_sigprocmask(SIG_SETMASK, [], [pid 6651] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6651] <... futex resumed>) = 0 [pid 6652] memfd_create("syzkaller", 0 [pid 6651] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6652] <... memfd_create resumed>) = 3 [pid 6652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6652] munmap(0x7f664ca00000, 138412032) = 0 [pid 6652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6652] close(3) = 0 [pid 6652] close(4) = 0 [pid 6652] mkdir("./file0", 0777) = 0 [ 179.932432][ T6652] loop0: detected capacity change from 0 to 32768 [ 179.970015][ T6652] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6652) [pid 6652] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6652] chdir("./file0") = 0 [pid 6652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6652] ioctl(4, LOOP_CLR_FD) = 0 [pid 6652] close(4) = 0 [pid 6652] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6652] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6651] <... futex resumed>) = 0 [pid 6652] open("./file0", O_RDONLY [pid 6651] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6652] <... open resumed>) = 4 [pid 6652] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6652] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6651] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6651] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6651] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6651] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6652] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6652] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6669 attached [pid 6669] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6651] <... clone3 resumed> => {parent_tid=[6669]}, 88) = 6669 [pid 6669] <... rseq resumed>) = 0 [pid 6651] rt_sigprocmask(SIG_SETMASK, [], [pid 6669] set_robust_list(0x7f6654ffc9a0, 24 [pid 6651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6669] <... set_robust_list resumed>) = 0 [pid 6651] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] rt_sigprocmask(SIG_SETMASK, [], [pid 6651] <... futex resumed>) = 0 [pid 6669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6651] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6669] open(".", O_RDONLY) = 5 [pid 6652] <... futex resumed>) = 0 [pid 6669] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] <... futex resumed>) = 1 [pid 6669] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6651] <... futex resumed>) = 0 [pid 6651] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] <... futex resumed>) = 0 [pid 6652] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6651] <... futex resumed>) = 1 [pid 6651] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6651] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6652] <... ioctl resumed>) = 0 [pid 6652] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] exit_group(0 [pid 6652] <... futex resumed>) = ? [pid 6651] <... exit_group resumed>) = ? [pid 6669] <... futex resumed>) = ? [pid 6652] +++ exited with 0 +++ [pid 6669] +++ exited with 0 +++ [pid 6651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6651, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6670 attached , child_tidptr=0x5555555e8690) = 6670 [pid 6670] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6670] chdir("./84") = 0 [pid 6670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6670] setpgid(0, 0) = 0 [pid 6670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6670] write(3, "1000", 4) = 4 [pid 6670] close(3) = 0 [pid 6670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6670] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6670] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6670] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6670] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6670] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6671 attached [pid 6671] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6670] <... clone3 resumed> => {parent_tid=[6671]}, 88) = 6671 [pid 6671] set_robust_list(0x7f665501d9a0, 24 [pid 6670] rt_sigprocmask(SIG_SETMASK, [], [pid 6671] <... set_robust_list resumed>) = 0 [pid 6671] rt_sigprocmask(SIG_SETMASK, [], [pid 6670] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6670] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6671] memfd_create("syzkaller", 0 [pid 6670] <... futex resumed>) = 0 [pid 6671] <... memfd_create resumed>) = 3 [pid 6671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6670] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6671] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6671] munmap(0x7f664ca00000, 138412032) = 0 [pid 6671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6671] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6671] close(3) = 0 [pid 6671] close(4) = 0 [pid 6671] mkdir("./file0", 0777) = 0 [pid 6671] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [ 180.847869][ T6671] loop0: detected capacity change from 0 to 32768 [ 180.874907][ T6671] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6671) [pid 6671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6671] chdir("./file0") = 0 [pid 6671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6671] ioctl(4, LOOP_CLR_FD) = 0 [pid 6671] close(4) = 0 [pid 6671] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6670] <... futex resumed>) = 0 [pid 6670] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6671] open("./file0", O_RDONLY [pid 6670] <... futex resumed>) = 0 [pid 6671] <... open resumed>) = 4 [pid 6670] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6671] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] <... futex resumed>) = 0 [pid 6670] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6671] <... futex resumed>) = 1 [pid 6671] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6670] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6670] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6670] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6670] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6670] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6688 attached => {parent_tid=[6688]}, 88) = 6688 [pid 6670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6670] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6671] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6688] <... rseq resumed>) = 0 [pid 6671] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] set_robust_list(0x7f6654ffc9a0, 24 [pid 6671] <... futex resumed>) = 0 [pid 6688] <... set_robust_list resumed>) = 0 [pid 6671] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6688] open(".", O_RDONLY) = 5 [pid 6688] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6670] <... futex resumed>) = 0 [pid 6670] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6671] <... futex resumed>) = 0 [pid 6670] <... futex resumed>) = 1 [pid 6671] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6670] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6671] <... ioctl resumed>) = 0 [pid 6671] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6671] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6670] exit_group(0 [pid 6688] <... futex resumed>) = ? [pid 6671] <... futex resumed>) = ? [pid 6688] +++ exited with 0 +++ [pid 6671] +++ exited with 0 +++ [pid 6670] <... exit_group resumed>) = ? [pid 6670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6670, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6689 attached , child_tidptr=0x5555555e8690) = 6689 [pid 6689] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6689] chdir("./85") = 0 [pid 6689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6689] setpgid(0, 0) = 0 [pid 6689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6689] write(3, "1000", 4) = 4 [pid 6689] close(3) = 0 [pid 6689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6689] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6689] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6690 attached [pid 6690] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6690] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6689] <... clone3 resumed> => {parent_tid=[6690]}, 88) = 6690 [pid 6690] rt_sigprocmask(SIG_SETMASK, [], [pid 6689] rt_sigprocmask(SIG_SETMASK, [], [pid 6690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6690] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6689] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6689] <... futex resumed>) = 0 [pid 6690] memfd_create("syzkaller", 0 [pid 6689] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6690] <... memfd_create resumed>) = 3 [pid 6690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6690] munmap(0x7f664ca00000, 138412032) = 0 [pid 6690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6690] close(3) = 0 [pid 6690] close(4) = 0 [pid 6690] mkdir("./file0", 0777) = 0 [ 181.757242][ T6690] loop0: detected capacity change from 0 to 32768 [ 181.788405][ T6690] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6690) [ 181.811621][ T6690] _btrfs_printk: 170 callbacks suppressed [ 181.811643][ T6690] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 181.828114][ T6690] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 181.837231][ T6690] BTRFS info (device loop0): using free-space-tree [pid 6690] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6690] chdir("./file0") = 0 [pid 6690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6690] ioctl(4, LOOP_CLR_FD) = 0 [pid 6690] close(4) = 0 [pid 6690] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6689] <... futex resumed>) = 0 [pid 6689] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6690] <... futex resumed>) = 0 [pid 6690] open("./file0", O_RDONLY) = 4 [pid 6690] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6689] <... futex resumed>) = 0 [pid 6690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6689] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6689] <... futex resumed>) = 0 [ 181.960417][ T6690] BTRFS info (device loop0): balance: start -f -s [ 181.967360][ T6690] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 181.974799][ T6690] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 181.983286][ T6690] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 181.996913][ T6690] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6689] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6689] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6689] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[6707]}, 88) = 6707 ./strace-static-x86_64: Process 6707 attached [pid 6689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6707] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6689] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... rseq resumed>) = 0 [pid 6707] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6689] <... futex resumed>) = 0 [pid 6707] rt_sigprocmask(SIG_SETMASK, [], [pid 6689] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6707] open(".", O_RDONLY) = 5 [ 182.005765][ T6690] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 182.013456][ T6690] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 182.021153][ T6690] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 182.029253][ T6690] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 182.049147][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6707] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6689] <... futex resumed>) = 0 [pid 6689] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... futex resumed>) = 0 [pid 6689] <... futex resumed>) = 1 [pid 6707] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 182.058809][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 182.073217][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 182.082056][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 182.089725][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 182.097544][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 182.105436][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 182.116034][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1765376 free, is full [ 182.125152][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=16384, may_use=1433600, readonly=0 zone_unusable=0 [ 182.139202][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 182.147987][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 6689] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 182.155664][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 182.163320][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 182.171153][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6707] <... ioctl resumed>) = 0 [pid 6707] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 182.255827][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 182.265001][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 182.279731][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 182.288661][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 182.296374][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 182.304078][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 182.311948][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 182.320524][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 182.329573][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 182.343547][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 182.353291][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 182.360989][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 182.368649][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 182.376526][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 182.390336][ T59] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 182.398696][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 182.407843][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 182.421553][ T59] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 182.429129][ T6690] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 182.438222][ T6690] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 182.451950][ T6690] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 182.460805][ T6690] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 182.468562][ T6690] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 182.476263][ T6690] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 182.484460][ T6690] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 182.492816][ T6690] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6707] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6690] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6690] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6689] exit_group(0 [pid 6690] <... futex resumed>) = ? [pid 6689] <... exit_group resumed>) = ? [pid 6707] <... futex resumed>) = ? [pid 6690] +++ exited with 0 +++ [pid 6707] +++ exited with 0 +++ [pid 6689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6689, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=43 /* 0.43 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 182.522938][ T6690] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 [ 182.618745][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6708 attached , child_tidptr=0x5555555e8690) = 6708 [pid 6708] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6708] chdir("./86") = 0 [pid 6708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6708] setpgid(0, 0) = 0 [pid 6708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6708] write(3, "1000", 4) = 4 [pid 6708] close(3) = 0 [pid 6708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6708] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6708] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6709 attached [pid 6709] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6708] <... clone3 resumed> => {parent_tid=[6709]}, 88) = 6709 [pid 6709] <... rseq resumed>) = 0 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], [pid 6709] set_robust_list(0x7f665501d9a0, 24 [pid 6708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6708] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6709] <... set_robust_list resumed>) = 0 [pid 6709] rt_sigprocmask(SIG_SETMASK, [], [pid 6708] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6709] memfd_create("syzkaller", 0) = 3 [pid 6709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6709] munmap(0x7f664ca00000, 138412032) = 0 [pid 6709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6709] close(3) = 0 [pid 6709] close(4) = 0 [pid 6709] mkdir("./file0", 0777) = 0 [ 183.063897][ T6709] loop0: detected capacity change from 0 to 32768 [ 183.101202][ T6709] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6709) [ 183.122433][ T6709] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 183.133184][ T6709] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 183.142216][ T6709] BTRFS info (device loop0): using free-space-tree [pid 6709] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6709] chdir("./file0") = 0 [pid 6709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6709] ioctl(4, LOOP_CLR_FD) = 0 [pid 6709] close(4) = 0 [pid 6709] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6709] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] <... futex resumed>) = 0 [pid 6708] <... futex resumed>) = 1 [pid 6709] open("./file0", O_RDONLY [pid 6708] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] <... open resumed>) = 4 [pid 6709] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6709] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] <... futex resumed>) = 0 [pid 6708] <... futex resumed>) = 1 [pid 6709] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 183.289237][ T6709] BTRFS info (device loop0): balance: start -f -s [ 183.296000][ T6709] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 183.303599][ T6709] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 183.311949][ T6709] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 183.325720][ T6709] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6708] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6708] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6708] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6726 attached => {parent_tid=[6726]}, 88) = 6726 [pid 6726] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], [pid 6726] <... rseq resumed>) = 0 [pid 6708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6708] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] set_robust_list(0x7f6654ffc9a0, 24 [pid 6708] <... futex resumed>) = 0 [pid 6726] <... set_robust_list resumed>) = 0 [pid 6708] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6726] open(".", O_RDONLY) = 5 [pid 6726] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 183.334555][ T6709] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 183.342231][ T6709] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 183.350199][ T6709] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 183.358801][ T6709] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 183.377968][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6726] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] <... futex resumed>) = 0 [pid 6708] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6726] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 183.388559][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 183.402645][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 183.411490][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 183.419161][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 183.426875][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 183.434748][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 183.443472][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1761280 free, is full [ 183.452593][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=20480, may_use=1433600, readonly=0 zone_unusable=0 [ 183.466614][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 183.475410][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 6708] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 183.483062][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 183.490777][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 183.498591][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6726] <... ioctl resumed>) = 0 [pid 6726] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 183.584742][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 183.594276][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 183.608242][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 183.617086][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 183.624786][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 183.632466][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 183.640343][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 183.648905][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 183.657992][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 183.671960][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 183.680805][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 183.688501][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 183.696210][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 183.704094][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 183.717681][ T59] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 183.726098][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6726] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6709] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6709] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6709] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6708] exit_group(0 [pid 6726] <... futex resumed>) = ? [pid 6709] <... futex resumed>) = ? [pid 6708] <... exit_group resumed>) = ? [ 183.735244][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 183.748956][ T59] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 183.756631][ T6709] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 183.765753][ T6709] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 6726] +++ exited with 0 +++ [pid 6709] +++ exited with 0 +++ [pid 6708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6708, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=42 /* 0.42 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6727 attached , child_tidptr=0x5555555e8690) = 6727 [pid 6727] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6727] chdir("./87") = 0 [pid 6727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6727] setpgid(0, 0) = 0 [pid 6727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6727] write(3, "1000", 4) = 4 [pid 6727] close(3) = 0 [pid 6727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6727] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6727] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6727] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6727] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6727] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6728 attached [pid 6728] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6727] <... clone3 resumed> => {parent_tid=[6728]}, 88) = 6728 [pid 6728] set_robust_list(0x7f665501d9a0, 24 [pid 6727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6727] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6727] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6728] <... set_robust_list resumed>) = 0 [pid 6728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6728] memfd_create("syzkaller", 0) = 3 [pid 6728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6728] munmap(0x7f664ca00000, 138412032) = 0 [pid 6728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6728] close(3) = 0 [pid 6728] close(4) = 0 [pid 6728] mkdir("./file0", 0777) = 0 [ 184.373598][ T6728] loop0: detected capacity change from 0 to 32768 [ 184.409024][ T6728] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6728) [pid 6728] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6728] chdir("./file0") = 0 [pid 6728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6728] ioctl(4, LOOP_CLR_FD) = 0 [pid 6728] close(4) = 0 [pid 6728] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6728] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6727] <... futex resumed>) = 0 [pid 6727] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6727] <... futex resumed>) = 1 [pid 6728] open("./file0", O_RDONLY [pid 6727] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] <... open resumed>) = 4 [pid 6728] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6727] <... futex resumed>) = 0 [pid 6727] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6727] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6728] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6727] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = 0 [pid 6728] <... futex resumed>) = 0 [pid 6727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6728] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6727] <... mmap resumed>) = 0x7f6654fdc000 [pid 6727] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6727] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6745 attached [pid 6745] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6727] <... clone3 resumed> => {parent_tid=[6745]}, 88) = 6745 [pid 6745] set_robust_list(0x7f6654ffc9a0, 24 [pid 6727] rt_sigprocmask(SIG_SETMASK, [], [pid 6745] <... set_robust_list resumed>) = 0 [pid 6727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6745] rt_sigprocmask(SIG_SETMASK, [], [pid 6727] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6745] open(".", O_RDONLY [pid 6727] <... futex resumed>) = 0 [pid 6745] <... open resumed>) = 5 [pid 6727] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6727] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6727] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] <... futex resumed>) = 0 [pid 6745] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6728] <... futex resumed>) = 0 [pid 6728] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6727] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6728] <... ioctl resumed>) = 0 [pid 6728] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6727] exit_group(0 [pid 6745] <... futex resumed>) = ? [pid 6728] <... futex resumed>) = ? [pid 6727] <... exit_group resumed>) = ? [pid 6745] +++ exited with 0 +++ [pid 6728] +++ exited with 0 +++ [pid 6727] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6727, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6746 attached , child_tidptr=0x5555555e8690) = 6746 [pid 6746] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6746] chdir("./88") = 0 [pid 6746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6746] setpgid(0, 0) = 0 [pid 6746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6746] write(3, "1000", 4) = 4 [pid 6746] close(3) = 0 [pid 6746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6746] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6746] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6746] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6746] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6747 attached [pid 6747] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 6746] <... clone3 resumed> => {parent_tid=[6747]}, 88) = 6747 [pid 6747] <... rseq resumed>) = 0 [pid 6746] rt_sigprocmask(SIG_SETMASK, [], [pid 6747] set_robust_list(0x7f665501d9a0, 24 [pid 6746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6747] <... set_robust_list resumed>) = 0 [pid 6746] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6746] <... futex resumed>) = 0 [pid 6747] memfd_create("syzkaller", 0 [pid 6746] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6747] <... memfd_create resumed>) = 3 [pid 6747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6747] munmap(0x7f664ca00000, 138412032) = 0 [pid 6747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6747] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6747] close(3) = 0 [pid 6747] close(4) = 0 [pid 6747] mkdir("./file0", 0777) = 0 [ 185.280469][ T6747] loop0: detected capacity change from 0 to 32768 [ 185.308563][ T6747] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6747) [pid 6747] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6747] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6747] chdir("./file0") = 0 [pid 6747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6747] ioctl(4, LOOP_CLR_FD) = 0 [pid 6747] close(4) = 0 [pid 6747] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6746] <... futex resumed>) = 0 [pid 6747] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6746] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] open("./file0", O_RDONLY) = 4 [pid 6747] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = 0 [pid 6747] <... futex resumed>) = 1 [pid 6746] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6746] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6746] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 6747] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6746] <... mprotect resumed>) = 0 [pid 6747] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6746] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6764 attached [pid 6764] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6746] <... clone3 resumed> => {parent_tid=[6764]}, 88) = 6764 [pid 6764] <... rseq resumed>) = 0 [pid 6746] rt_sigprocmask(SIG_SETMASK, [], [pid 6764] set_robust_list(0x7f6654ffc9a0, 24 [pid 6746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6764] <... set_robust_list resumed>) = 0 [pid 6746] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] rt_sigprocmask(SIG_SETMASK, [], [pid 6746] <... futex resumed>) = 0 [pid 6764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6746] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6764] open(".", O_RDONLY) = 5 [pid 6764] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6746] <... futex resumed>) = 0 [pid 6764] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6746] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = 0 [pid 6746] <... futex resumed>) = 1 [pid 6747] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6746] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6747] <... ioctl resumed>) = 0 [pid 6747] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] exit_group(0 [pid 6764] <... futex resumed>) = ? [pid 6764] +++ exited with 0 +++ [pid 6747] <... futex resumed>) = ? [pid 6746] <... exit_group resumed>) = ? [pid 6747] +++ exited with 0 +++ [pid 6746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6746, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6765 attached [pid 6765] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 6765 [pid 6765] <... set_robust_list resumed>) = 0 [pid 6765] chdir("./89") = 0 [pid 6765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6765] setpgid(0, 0) = 0 [pid 6765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6765] write(3, "1000", 4) = 4 [pid 6765] close(3) = 0 [pid 6765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6765] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6765] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6765] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6766 attached [pid 6766] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6765] <... clone3 resumed> => {parent_tid=[6766]}, 88) = 6766 [pid 6766] set_robust_list(0x7f665501d9a0, 24 [pid 6765] rt_sigprocmask(SIG_SETMASK, [], [pid 6766] <... set_robust_list resumed>) = 0 [pid 6766] rt_sigprocmask(SIG_SETMASK, [], [pid 6765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6765] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] memfd_create("syzkaller", 0 [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6766] <... memfd_create resumed>) = 3 [pid 6766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6766] munmap(0x7f664ca00000, 138412032) = 0 [pid 6766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6766] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6766] close(3) = 0 [pid 6766] close(4) = 0 [pid 6766] mkdir("./file0", 0777) = 0 [ 186.159842][ T6766] loop0: detected capacity change from 0 to 32768 [ 186.187735][ T6766] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6766) [pid 6766] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6766] chdir("./file0") = 0 [pid 6766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6766] ioctl(4, LOOP_CLR_FD) = 0 [pid 6766] close(4) = 0 [pid 6766] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] <... futex resumed>) = 0 [pid 6766] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6765] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6766] open("./file0", O_RDONLY) = 4 [pid 6766] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6766] <... futex resumed>) = 1 [pid 6765] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6765] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6765] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6765] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[6783]}, 88) = 6783 [pid 6765] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6783 attached NULL, 8) = 0 [pid 6783] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6765] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... rseq resumed>) = 0 [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6783] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6783] open(".", O_RDONLY) = 5 [pid 6766] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6783] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6783] <... futex resumed>) = 1 [pid 6766] <... futex resumed>) = 0 [pid 6765] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6766] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6765] <... futex resumed>) = 0 [pid 6765] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6766] <... ioctl resumed>) = 0 [pid 6766] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6766] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6765] exit_group(0 [pid 6783] <... futex resumed>) = ? [pid 6766] <... futex resumed>) = ? [pid 6783] +++ exited with 0 +++ [pid 6766] +++ exited with 0 +++ [pid 6765] <... exit_group resumed>) = ? [pid 6765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6765, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6784 attached [pid 6784] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 6784 [pid 6784] <... set_robust_list resumed>) = 0 [pid 6784] chdir("./90") = 0 [pid 6784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6784] setpgid(0, 0) = 0 [pid 6784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6784] write(3, "1000", 4) = 4 [pid 6784] close(3) = 0 [pid 6784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6784] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6784] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6785 attached [pid 6785] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6784] <... clone3 resumed> => {parent_tid=[6785]}, 88) = 6785 [pid 6785] set_robust_list(0x7f665501d9a0, 24 [pid 6784] rt_sigprocmask(SIG_SETMASK, [], [pid 6785] <... set_robust_list resumed>) = 0 [pid 6785] rt_sigprocmask(SIG_SETMASK, [], [pid 6784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6784] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] memfd_create("syzkaller", 0 [pid 6784] <... futex resumed>) = 0 [pid 6785] <... memfd_create resumed>) = 3 [pid 6785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6784] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6785] munmap(0x7f664ca00000, 138412032) = 0 [pid 6785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6785] close(3) = 0 [pid 6785] close(4) = 0 [pid 6785] mkdir("./file0", 0777) = 0 [ 186.976975][ T6785] loop0: detected capacity change from 0 to 32768 [ 187.005012][ T6785] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6785) [ 187.025098][ T6785] _btrfs_printk: 170 callbacks suppressed [ 187.025134][ T6785] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 187.041472][ T6785] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 187.050208][ T6785] BTRFS info (device loop0): using free-space-tree [pid 6785] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6785] chdir("./file0") = 0 [pid 6785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6785] ioctl(4, LOOP_CLR_FD) = 0 [pid 6785] close(4) = 0 [pid 6785] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6785] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6785] <... futex resumed>) = 0 [pid 6784] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6785] open("./file0", O_RDONLY) = 4 [pid 6785] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6784] <... futex resumed>) = 0 [pid 6785] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6784] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 187.204969][ T6785] BTRFS info (device loop0): balance: start -f -s [ 187.211635][ T6785] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 187.218704][ T6785] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 187.227322][ T6785] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 187.241027][ T6785] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6784] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6784] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6784] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6802 attached => {parent_tid=[6802]}, 88) = 6802 [pid 6784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6784] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6802] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6802] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6802] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6802] open(".", O_RDONLY) = 5 [pid 6802] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 187.249821][ T6785] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 187.257510][ T6785] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 187.265221][ T6785] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 187.273090][ T6785] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 187.291896][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6802] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6784] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 187.301203][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 187.315210][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 187.324050][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 187.331758][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 187.339433][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 187.347319][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 187.355986][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1761280 free, is full [ 187.365089][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=20480, may_use=1433600, readonly=0 zone_unusable=0 [ 187.379113][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 187.387908][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 187.395689][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 187.403352][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 187.411215][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6802] <... ioctl resumed>) = 0 [pid 6802] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 187.494847][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 187.504025][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 187.518823][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 187.527753][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 187.535481][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 187.543189][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 187.551084][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 187.559745][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 187.568960][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 187.583868][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 187.592703][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 187.600492][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 187.608138][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 187.616005][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 187.629873][ T2422] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 187.638331][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 187.647504][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 187.661233][ T2422] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 187.668841][ T6785] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 187.677982][ T6785] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 187.691736][ T6785] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 187.700587][ T6785] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 187.708280][ T6785] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 187.716281][ T6785] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 187.724189][ T6785] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 187.732599][ T6785] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6802] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6785] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6785] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6785] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6784] exit_group(0 [pid 6802] <... futex resumed>) = ? [pid 6785] <... futex resumed>) = ? [pid 6784] <... exit_group resumed>) = ? [pid 6802] +++ exited with 0 +++ [pid 6785] +++ exited with 0 +++ [pid 6784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6784, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 187.761747][ T6785] BTRFS info (device loop0): balance: ended with status: 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 [ 187.902013][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6803 attached , child_tidptr=0x5555555e8690) = 6803 [pid 6803] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6803] chdir("./91") = 0 [pid 6803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6803] setpgid(0, 0) = 0 [pid 6803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6803] write(3, "1000", 4) = 4 [pid 6803] close(3) = 0 [pid 6803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6803] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6803] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6803] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6803] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6804 attached [pid 6804] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6803] <... clone3 resumed> => {parent_tid=[6804]}, 88) = 6804 [pid 6804] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6803] rt_sigprocmask(SIG_SETMASK, [], [pid 6804] rt_sigprocmask(SIG_SETMASK, [], [pid 6803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6803] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] memfd_create("syzkaller", 0 [pid 6803] <... futex resumed>) = 0 [pid 6803] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6804] <... memfd_create resumed>) = 3 [pid 6804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6804] munmap(0x7f664ca00000, 138412032) = 0 [pid 6804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6804] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6804] close(3) = 0 [pid 6804] close(4) = 0 [pid 6804] mkdir("./file0", 0777) = 0 [ 188.384841][ T6804] loop0: detected capacity change from 0 to 32768 [ 188.402480][ T6804] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6804) [ 188.421167][ T6804] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [pid 6804] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [ 188.431637][ T6804] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 188.440995][ T6804] BTRFS info (device loop0): using free-space-tree [pid 6804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6804] chdir("./file0") = 0 [pid 6804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6804] ioctl(4, LOOP_CLR_FD) = 0 [pid 6804] close(4) = 0 [pid 6804] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6803] <... futex resumed>) = 0 [pid 6803] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] open("./file0", O_RDONLY [pid 6803] <... futex resumed>) = 0 [pid 6803] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6804] <... open resumed>) = 4 [pid 6804] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6803] <... futex resumed>) = 0 [pid 6804] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6803] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6803] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6804] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6803] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6803] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6803] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[6821]}, 88) = 6821 [pid 6803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6803] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 188.591505][ T6804] BTRFS info (device loop0): balance: start -f -s [ 188.598109][ T6804] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 188.605313][ T6804] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 188.613760][ T6804] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 188.627396][ T6804] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6803] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6821 attached [pid 6821] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6821] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6821] open(".", O_RDONLY) = 5 [pid 6821] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6803] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6803] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [ 188.637627][ T6804] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 188.645425][ T6804] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 188.653135][ T6804] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 188.661486][ T6804] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 188.679516][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6803] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6821] <... futex resumed>) = 1 [pid 6821] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6803] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6803] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 188.688782][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 188.702874][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 188.711715][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 188.719382][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 188.727095][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 188.734987][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 188.744082][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 188.753222][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 188.767314][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 188.776123][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 188.783800][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 188.791493][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 188.799312][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6821] <... ioctl resumed>) = 0 [pid 6821] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 188.886590][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 188.895711][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 188.909689][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 188.918546][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 188.926236][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 188.934006][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 188.941872][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 188.950462][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 188.959524][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 188.973500][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 188.982314][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 188.990017][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 188.997684][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 189.005554][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 189.018947][ T2422] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 189.027368][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 6821] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6804] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6804] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6803] exit_group(0 [pid 6821] <... futex resumed>) = ? [pid 6804] <... futex resumed>) = ? [pid 6803] <... exit_group resumed>) = ? [pid 6821] +++ exited with 0 +++ [pid 6804] +++ exited with 0 +++ [pid 6803] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6803, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 189.036642][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 189.050379][ T2422] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 189.058009][ T6804] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 189.067130][ T6804] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 6822 ./strace-static-x86_64: Process 6822 attached [pid 6822] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6822] chdir("./92") = 0 [pid 6822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6822] setpgid(0, 0) = 0 [pid 6822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6822] write(3, "1000", 4) = 4 [pid 6822] close(3) = 0 [pid 6822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6822] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6822] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6822] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6823 attached [pid 6823] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6822] <... clone3 resumed> => {parent_tid=[6823]}, 88) = 6823 [pid 6823] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6823] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6822] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6823] <... futex resumed>) = 0 [pid 6823] memfd_create("syzkaller", 0) = 3 [pid 6823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6823] munmap(0x7f664ca00000, 138412032) = 0 [pid 6823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6823] close(3) = 0 [pid 6823] close(4) = 0 [pid 6823] mkdir("./file0", 0777) = 0 [ 189.678670][ T6823] loop0: detected capacity change from 0 to 32768 [ 189.708116][ T6823] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6823) [pid 6823] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6823] chdir("./file0") = 0 [pid 6823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6823] ioctl(4, LOOP_CLR_FD) = 0 [pid 6823] close(4) = 0 [pid 6823] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6823] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6823] <... futex resumed>) = 0 [pid 6822] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] open("./file0", O_RDONLY) = 4 [pid 6823] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6822] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6822] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6823] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6822] <... mmap resumed>) = 0x7f6654fdc000 [pid 6823] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 6823] <... futex resumed>) = 0 [pid 6822] <... mprotect resumed>) = 0 [pid 6823] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6840 attached [pid 6840] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6822] <... clone3 resumed> => {parent_tid=[6840]}, 88) = 6840 [pid 6840] <... rseq resumed>) = 0 [pid 6822] rt_sigprocmask(SIG_SETMASK, [], [pid 6840] set_robust_list(0x7f6654ffc9a0, 24 [pid 6822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6840] <... set_robust_list resumed>) = 0 [pid 6822] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6822] <... futex resumed>) = 0 [pid 6840] open(".", O_RDONLY [pid 6822] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6840] <... open resumed>) = 5 [pid 6840] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... futex resumed>) = 0 [pid 6840] <... futex resumed>) = 1 [pid 6822] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6823] <... futex resumed>) = 0 [pid 6822] <... futex resumed>) = 1 [pid 6823] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6822] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6823] <... ioctl resumed>) = 0 [pid 6823] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6823] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] exit_group(0) = ? [pid 6840] <... futex resumed>) = ? [pid 6823] <... futex resumed>) = ? [pid 6840] +++ exited with 0 +++ [pid 6823] +++ exited with 0 +++ [pid 6822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6822, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6841 attached , child_tidptr=0x5555555e8690) = 6841 [pid 6841] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6841] chdir("./93") = 0 [pid 6841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6841] setpgid(0, 0) = 0 [pid 6841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6841] write(3, "1000", 4) = 4 [pid 6841] close(3) = 0 [pid 6841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6841] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6841] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6841] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6841] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6842 attached [pid 6842] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6841] <... clone3 resumed> => {parent_tid=[6842]}, 88) = 6842 [pid 6842] set_robust_list(0x7f665501d9a0, 24 [pid 6841] rt_sigprocmask(SIG_SETMASK, [], [pid 6842] <... set_robust_list resumed>) = 0 [pid 6841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6842] rt_sigprocmask(SIG_SETMASK, [], [pid 6841] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6841] <... futex resumed>) = 0 [pid 6841] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6842] memfd_create("syzkaller", 0) = 3 [pid 6842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6842] munmap(0x7f664ca00000, 138412032) = 0 [pid 6842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6842] close(3) = 0 [pid 6842] close(4) = 0 [pid 6842] mkdir("./file0", 0777) = 0 [ 190.603266][ T6842] loop0: detected capacity change from 0 to 32768 [ 190.637127][ T6842] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6842) [pid 6842] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6842] chdir("./file0") = 0 [pid 6842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6842] ioctl(4, LOOP_CLR_FD) = 0 [pid 6842] close(4) = 0 [pid 6842] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6842] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6841] <... futex resumed>) = 0 [pid 6841] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6842] <... futex resumed>) = 0 [pid 6842] open("./file0", O_RDONLY [pid 6841] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] <... open resumed>) = 4 [pid 6842] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6841] <... futex resumed>) = 0 [pid 6842] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6841] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6841] <... futex resumed>) = 0 [pid 6841] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6841] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6841] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6841] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6842] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6842] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6841] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6859 attached => {parent_tid=[6859]}, 88) = 6859 [pid 6841] rt_sigprocmask(SIG_SETMASK, [], [pid 6859] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6859] <... rseq resumed>) = 0 [pid 6841] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6841] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6859] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6859] open(".", O_RDONLY) = 5 [pid 6859] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6841] <... futex resumed>) = 0 [pid 6859] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6841] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = 0 [pid 6842] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6841] <... futex resumed>) = 1 [pid 6841] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6842] <... ioctl resumed>) = 0 [pid 6842] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] exit_group(0 [pid 6859] <... futex resumed>) = ? [pid 6842] <... futex resumed>) = ? [pid 6841] <... exit_group resumed>) = ? [pid 6842] +++ exited with 0 +++ [pid 6859] +++ exited with 0 +++ [pid 6841] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6841, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6860 attached , child_tidptr=0x5555555e8690) = 6860 [pid 6860] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6860] chdir("./94") = 0 [pid 6860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6860] setpgid(0, 0) = 0 [pid 6860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6860] write(3, "1000", 4) = 4 [pid 6860] close(3) = 0 [pid 6860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6860] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6860] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6860] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6860] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6860] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6861 attached => {parent_tid=[6861]}, 88) = 6861 [pid 6861] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6860] rt_sigprocmask(SIG_SETMASK, [], [pid 6861] set_robust_list(0x7f665501d9a0, 24 [pid 6860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6861] <... set_robust_list resumed>) = 0 [pid 6860] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] rt_sigprocmask(SIG_SETMASK, [], [pid 6860] <... futex resumed>) = 0 [pid 6861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6860] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6861] memfd_create("syzkaller", 0) = 3 [pid 6861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6861] munmap(0x7f664ca00000, 138412032) = 0 [pid 6861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6861] close(3) = 0 [pid 6861] close(4) = 0 [pid 6861] mkdir("./file0", 0777) = 0 [ 191.523464][ T6861] loop0: detected capacity change from 0 to 32768 [ 191.560754][ T6861] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6861) [pid 6861] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6861] chdir("./file0") = 0 [pid 6861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6861] ioctl(4, LOOP_CLR_FD) = 0 [pid 6861] close(4) = 0 [pid 6861] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6860] <... futex resumed>) = 0 [pid 6861] open("./file0", O_RDONLY [pid 6860] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] <... open resumed>) = 4 [pid 6860] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6861] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... futex resumed>) = 0 [pid 6860] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] <... futex resumed>) = 1 [pid 6860] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6861] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6860] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6860] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6860] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6860] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6861] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6861] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6861] <... futex resumed>) = 0 [pid 6860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} [pid 6861] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6878 attached [pid 6878] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6860] <... clone3 resumed> => {parent_tid=[6878]}, 88) = 6878 [pid 6878] <... rseq resumed>) = 0 [pid 6878] set_robust_list(0x7f6654ffc9a0, 24 [pid 6860] rt_sigprocmask(SIG_SETMASK, [], [pid 6878] <... set_robust_list resumed>) = 0 [pid 6860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6878] rt_sigprocmask(SIG_SETMASK, [], [pid 6860] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6860] <... futex resumed>) = 0 [pid 6860] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6878] open(".", O_RDONLY) = 5 [pid 6878] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6860] <... futex resumed>) = 0 [pid 6878] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6860] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] <... futex resumed>) = 0 [pid 6860] <... futex resumed>) = 1 [pid 6861] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6860] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6861] <... ioctl resumed>) = 0 [pid 6861] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6860] exit_group(0 [pid 6878] <... futex resumed>) = ? [pid 6861] <... futex resumed>) = ? [pid 6860] <... exit_group resumed>) = ? [pid 6861] +++ exited with 0 +++ [pid 6878] +++ exited with 0 +++ [pid 6860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6860, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6879 attached , child_tidptr=0x5555555e8690) = 6879 [pid 6879] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6879] chdir("./95") = 0 [pid 6879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6879] setpgid(0, 0) = 0 [pid 6879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6879] write(3, "1000", 4) = 4 [pid 6879] close(3) = 0 [pid 6879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6879] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6879] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6879] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6879] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6880 attached [pid 6880] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6879] <... clone3 resumed> => {parent_tid=[6880]}, 88) = 6880 [pid 6880] set_robust_list(0x7f665501d9a0, 24 [pid 6879] rt_sigprocmask(SIG_SETMASK, [], [pid 6880] <... set_robust_list resumed>) = 0 [pid 6879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6880] rt_sigprocmask(SIG_SETMASK, [], [pid 6879] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6879] <... futex resumed>) = 0 [pid 6879] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6880] memfd_create("syzkaller", 0) = 3 [pid 6880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6880] munmap(0x7f664ca00000, 138412032) = 0 [pid 6880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6880] close(3) = 0 [pid 6880] close(4) = 0 [pid 6880] mkdir("./file0", 0777) = 0 [ 192.373477][ T6880] loop0: detected capacity change from 0 to 32768 [ 192.407019][ T6880] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6880) [ 192.433010][ T6880] _btrfs_printk: 170 callbacks suppressed [ 192.433029][ T6880] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 192.449486][ T6880] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 192.458708][ T6880] BTRFS info (device loop0): using free-space-tree [pid 6880] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6880] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6880] chdir("./file0") = 0 [pid 6880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6880] ioctl(4, LOOP_CLR_FD) = 0 [pid 6880] close(4) = 0 [pid 6880] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6879] <... futex resumed>) = 0 [pid 6879] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6880] <... futex resumed>) = 0 [pid 6879] <... futex resumed>) = 1 [pid 6880] open("./file0", O_RDONLY [pid 6879] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6880] <... open resumed>) = 4 [pid 6880] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6879] <... futex resumed>) = 0 [pid 6879] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6880] <... futex resumed>) = 0 [pid 6879] <... futex resumed>) = 1 [pid 6880] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 192.654120][ T6880] BTRFS info (device loop0): balance: start -f -s [ 192.660982][ T6880] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 192.668347][ T6880] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 192.676722][ T6880] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 192.690366][ T6880] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6879] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6879] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6879] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6879] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6879] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[6898]}, 88) = 6898 [pid 6879] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6898 attached NULL, 8) = 0 [pid 6879] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6898] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6879] <... futex resumed>) = 0 [pid 6879] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] open(".", O_RDONLY) = 5 [pid 6898] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] <... futex resumed>) = 0 [pid 6898] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6879] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 192.699214][ T6880] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 192.706938][ T6880] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 192.714662][ T6880] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 192.722565][ T6880] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [pid 6879] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 192.811522][ T59] BTRFS info (device loop0): left=0, need=98304, flags=5 [ 192.819180][ T59] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 192.827561][ T59] BTRFS info (device loop0): space_info total=12451840, used=4096, pinned=0, reserved=8253440, may_use=0, readonly=4194304 zone_unusable=0 [ 192.842424][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 192.851588][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 192.859299][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 192.866995][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 192.874865][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 192.883431][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 192.892551][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [pid 6898] <... ioctl resumed>) = 0 [pid 6898] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 192.906567][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 192.915390][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 192.923076][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 192.930750][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 192.938575][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 192.947403][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 192.956517][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 192.970607][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 192.979429][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 192.987125][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 192.994820][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 193.002670][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 193.019138][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 193.028445][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 193.042441][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 193.051300][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 193.058971][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 193.066686][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 193.074575][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 193.083548][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 193.092657][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 193.106663][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 193.115486][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 193.123184][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 193.130874][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 193.138728][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 193.152137][ T59] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 193.160602][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 193.169642][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 193.183389][ T59] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 193.191053][ T6880] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 193.200183][ T6880] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 193.213909][ T6880] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 193.222922][ T6880] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 193.230634][ T6880] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 193.238290][ T6880] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 193.246219][ T6880] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 193.254556][ T6880] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6898] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6880] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6880] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6880] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6879] exit_group(0 [pid 6880] <... futex resumed>) = ? [pid 6880] +++ exited with 0 +++ [pid 6879] <... exit_group resumed>) = ? [pid 6898] <... futex resumed>) = ? [pid 6898] +++ exited with 0 +++ [pid 6879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6879, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 193.284179][ T6880] BTRFS info (device loop0): balance: ended with status: 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 193.444858][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6899 attached [pid 6899] set_robust_list(0x5555555e86a0, 24 [pid 5056] <... clone resumed>, child_tidptr=0x5555555e8690) = 6899 [pid 6899] <... set_robust_list resumed>) = 0 [pid 6899] chdir("./96") = 0 [pid 6899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6899] setpgid(0, 0) = 0 [pid 6899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6899] write(3, "1000", 4) = 4 [pid 6899] close(3) = 0 [pid 6899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6899] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6899] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6899] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6899] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6900 attached [pid 6900] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6899] <... clone3 resumed> => {parent_tid=[6900]}, 88) = 6900 [pid 6900] set_robust_list(0x7f665501d9a0, 24 [pid 6899] rt_sigprocmask(SIG_SETMASK, [], [pid 6900] <... set_robust_list resumed>) = 0 [pid 6899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6900] rt_sigprocmask(SIG_SETMASK, [], [pid 6899] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6899] <... futex resumed>) = 0 [pid 6900] memfd_create("syzkaller", 0 [pid 6899] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6900] <... memfd_create resumed>) = 3 [pid 6900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6900] munmap(0x7f664ca00000, 138412032) = 0 [pid 6900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6900] close(3) = 0 [pid 6900] close(4) = 0 [pid 6900] mkdir("./file0", 0777) = 0 [ 193.870753][ T6900] loop0: detected capacity change from 0 to 32768 [ 193.908829][ T6900] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6900) [ 193.929393][ T6900] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 193.940506][ T6900] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 193.949194][ T6900] BTRFS info (device loop0): using free-space-tree [pid 6900] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6900] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6900] chdir("./file0") = 0 [pid 6900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6900] ioctl(4, LOOP_CLR_FD) = 0 [pid 6900] close(4) = 0 [pid 6900] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6899] <... futex resumed>) = 0 [pid 6899] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6900] open("./file0", O_RDONLY [pid 6899] <... futex resumed>) = 0 [pid 6900] <... open resumed>) = 4 [pid 6899] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6900] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... futex resumed>) = 0 [pid 6899] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6900] <... futex resumed>) = 1 [pid 6899] <... futex resumed>) = 0 [pid 6900] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 194.095367][ T6900] BTRFS info (device loop0): balance: start -f -s [ 194.102164][ T6900] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 194.109219][ T6900] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 194.117702][ T6900] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 194.131347][ T6900] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6899] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6899] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6899] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6899] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[6917]}, 88) = 6917 [pid 6899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6899] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6917 attached [pid 6917] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6917] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6917] open(".", O_RDONLY) = 5 [pid 6917] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... futex resumed>) = 0 [pid 6917] <... futex resumed>) = 1 [pid 6899] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6899] <... futex resumed>) = 0 [ 194.140187][ T6900] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 194.147879][ T6900] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 194.155605][ T6900] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 194.163540][ T6900] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 194.210685][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1732608 free, is full [ 194.219828][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=45056, may_use=1437696, readonly=0 zone_unusable=0 [ 194.234036][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 194.242830][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 194.250495][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 6899] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 194.258136][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 194.265964][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 194.277044][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 278528 free, is full [ 194.286120][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1503232, may_use=1433600, readonly=0 zone_unusable=0 [ 194.300401][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 194.309180][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 194.316901][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 194.324573][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 194.332431][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6917] <... ioctl resumed>) = 0 [pid 6917] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 194.405641][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 194.415121][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 194.429211][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 194.438044][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 194.445720][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 194.453411][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 194.461356][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 194.470059][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 194.479108][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 194.493547][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [pid 6917] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6900] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6900] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6900] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6899] exit_group(0 [pid 6900] <... futex resumed>) = ? [pid 6899] <... exit_group resumed>) = ? [pid 6900] +++ exited with 0 +++ [pid 6917] <... futex resumed>) = ? [ 194.502765][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 194.510934][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 6917] +++ exited with 0 +++ [pid 6899] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6899, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6918 attached , child_tidptr=0x5555555e8690) = 6918 [pid 6918] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6918] chdir("./97") = 0 [pid 6918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6918] setpgid(0, 0) = 0 [pid 6918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6918] write(3, "1000", 4) = 4 [pid 6918] close(3) = 0 [pid 6918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6918] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6918] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6919 attached [pid 6919] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6918] <... clone3 resumed> => {parent_tid=[6919]}, 88) = 6919 [pid 6919] set_robust_list(0x7f665501d9a0, 24 [pid 6918] rt_sigprocmask(SIG_SETMASK, [], [pid 6919] <... set_robust_list resumed>) = 0 [pid 6918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6919] rt_sigprocmask(SIG_SETMASK, [], [pid 6918] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6918] <... futex resumed>) = 0 [pid 6919] memfd_create("syzkaller", 0 [pid 6918] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6919] <... memfd_create resumed>) = 3 [pid 6919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6919] munmap(0x7f664ca00000, 138412032) = 0 [pid 6919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6919] close(3) = 0 [pid 6919] close(4) = 0 [pid 6919] mkdir("./file0", 0777) = 0 [ 195.044570][ T6919] loop0: detected capacity change from 0 to 32768 [ 195.082374][ T6919] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6919) [pid 6919] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6919] chdir("./file0") = 0 [pid 6919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6919] ioctl(4, LOOP_CLR_FD) = 0 [pid 6919] close(4) = 0 [pid 6919] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6919] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6918] <... futex resumed>) = 0 [pid 6919] open("./file0", O_RDONLY [pid 6918] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6919] <... open resumed>) = 4 [pid 6919] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6919] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6918] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6918] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6918] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[6936]}, 88) = 6936 [pid 6918] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6936 attached NULL, 8) = 0 [pid 6936] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6918] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... rseq resumed>) = 0 [pid 6919] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6918] <... futex resumed>) = 0 [pid 6936] set_robust_list(0x7f6654ffc9a0, 24 [pid 6918] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... set_robust_list resumed>) = 0 [pid 6919] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6919] <... futex resumed>) = 0 [pid 6936] open(".", O_RDONLY [pid 6919] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6936] <... open resumed>) = 5 [pid 6936] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6918] <... futex resumed>) = 0 [pid 6936] <... futex resumed>) = 1 [pid 6918] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6919] <... futex resumed>) = 0 [pid 6918] <... futex resumed>) = 1 [pid 6919] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6918] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6919] <... ioctl resumed>) = 0 [pid 6919] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6919] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] exit_group(0) = ? [pid 6936] <... futex resumed>) = ? [pid 6919] <... futex resumed>) = ? [pid 6936] +++ exited with 0 +++ [pid 6919] +++ exited with 0 +++ [pid 6918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6918, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6937 attached , child_tidptr=0x5555555e8690) = 6937 [pid 6937] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6937] chdir("./98") = 0 [pid 6937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6937] setpgid(0, 0) = 0 [pid 6937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6937] write(3, "1000", 4) = 4 [pid 6937] close(3) = 0 [pid 6937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6937] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6937] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6937] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6937] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6938 attached [pid 6938] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6937] <... clone3 resumed> => {parent_tid=[6938]}, 88) = 6938 [pid 6938] set_robust_list(0x7f665501d9a0, 24 [pid 6937] rt_sigprocmask(SIG_SETMASK, [], [pid 6938] <... set_robust_list resumed>) = 0 [pid 6937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6938] rt_sigprocmask(SIG_SETMASK, [], [pid 6937] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6937] <... futex resumed>) = 0 [pid 6938] memfd_create("syzkaller", 0 [pid 6937] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6938] <... memfd_create resumed>) = 3 [pid 6938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6938] munmap(0x7f664ca00000, 138412032) = 0 [pid 6938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6938] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6938] close(3) = 0 [pid 6938] close(4) = 0 [pid 6938] mkdir("./file0", 0777) = 0 [ 195.943863][ T6938] loop0: detected capacity change from 0 to 32768 [ 195.971272][ T6938] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6938) [pid 6938] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6938] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6938] chdir("./file0") = 0 [pid 6938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6938] ioctl(4, LOOP_CLR_FD) = 0 [pid 6938] close(4) = 0 [pid 6938] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6937] <... futex resumed>) = 0 [pid 6937] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6938] open("./file0", O_RDONLY) = 4 [pid 6937] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6938] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6937] <... futex resumed>) = 0 [pid 6937] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6938] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6937] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6937] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6937] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6937] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6955 attached => {parent_tid=[6955]}, 88) = 6955 [pid 6937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6937] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6955] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6955] open(".", O_RDONLY) = 5 [pid 6955] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6955] <... futex resumed>) = 1 [pid 6938] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] <... futex resumed>) = 0 [pid 6955] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6938] <... futex resumed>) = 0 [pid 6937] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6937] <... futex resumed>) = 0 [pid 6937] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6938] <... ioctl resumed>) = 0 [pid 6938] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6938] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6937] exit_group(0 [pid 6955] <... futex resumed>) = ? [pid 6938] <... futex resumed>) = ? [pid 6955] +++ exited with 0 +++ [pid 6938] +++ exited with 0 +++ [pid 6937] <... exit_group resumed>) = ? [pid 6937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6937, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6956 attached , child_tidptr=0x5555555e8690) = 6956 [pid 6956] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6956] chdir("./99") = 0 [pid 6956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6956] setpgid(0, 0) = 0 [pid 6956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6956] write(3, "1000", 4) = 4 [pid 6956] close(3) = 0 [pid 6956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6956] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6956] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6956] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6957 attached [pid 6957] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6956] <... clone3 resumed> => {parent_tid=[6957]}, 88) = 6957 [pid 6957] set_robust_list(0x7f665501d9a0, 24 [pid 6956] rt_sigprocmask(SIG_SETMASK, [], [pid 6957] <... set_robust_list resumed>) = 0 [pid 6956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6957] rt_sigprocmask(SIG_SETMASK, [], [pid 6956] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6957] memfd_create("syzkaller", 0 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6957] <... memfd_create resumed>) = 3 [pid 6957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6957] munmap(0x7f664ca00000, 138412032) = 0 [pid 6957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6957] close(3) = 0 [pid 6957] close(4) = 0 [pid 6957] mkdir("./file0", 0777) = 0 [ 196.794782][ T6957] loop0: detected capacity change from 0 to 32768 [ 196.821639][ T6957] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6957) [pid 6957] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6957] chdir("./file0") = 0 [pid 6957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6957] ioctl(4, LOOP_CLR_FD) = 0 [pid 6957] close(4) = 0 [pid 6957] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6956] <... futex resumed>) = 0 [pid 6957] open("./file0", O_RDONLY [pid 6956] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] <... open resumed>) = 4 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6957] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6957] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6956] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6956] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6956] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6956] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6974 attached => {parent_tid=[6974]}, 88) = 6974 [pid 6956] rt_sigprocmask(SIG_SETMASK, [], [pid 6974] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6974] <... rseq resumed>) = 0 [pid 6956] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] set_robust_list(0x7f6654ffc9a0, 24 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] <... set_robust_list resumed>) = 0 [pid 6974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6974] open(".", O_RDONLY) = 5 [pid 6974] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6957] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6956] <... futex resumed>) = 0 [pid 6957] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... futex resumed>) = 0 [pid 6957] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6956] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6974] <... ioctl resumed>) = 0 [pid 6974] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6956] exit_group(0 [pid 6974] <... futex resumed>) = ? [pid 6957] <... futex resumed>) = ? [pid 6956] <... exit_group resumed>) = ? [pid 6974] +++ exited with 0 +++ [pid 6957] +++ exited with 0 +++ [pid 6956] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6956, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6975 attached , child_tidptr=0x5555555e8690) = 6975 [pid 6975] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6975] chdir("./100") = 0 [pid 6975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6975] setpgid(0, 0) = 0 [pid 6975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6975] write(3, "1000", 4) = 4 [pid 6975] close(3) = 0 [pid 6975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6975] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6975] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6975] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6975] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6975] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6975] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6976 attached => {parent_tid=[6976]}, 88) = 6976 [pid 6976] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6976] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 6976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6975] rt_sigprocmask(SIG_SETMASK, [], [pid 6976] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6975] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] <... futex resumed>) = 0 [pid 6975] <... futex resumed>) = 1 [pid 6976] memfd_create("syzkaller", 0 [pid 6975] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6976] <... memfd_create resumed>) = 3 [pid 6976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6976] munmap(0x7f664ca00000, 138412032) = 0 [pid 6976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6976] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6976] close(3) = 0 [pid 6976] close(4) = 0 [pid 6976] mkdir("./file0", 0777) = 0 [ 197.703909][ T6976] loop0: detected capacity change from 0 to 32768 [ 197.735494][ T6976] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6976) [pid 6976] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6976] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6976] chdir("./file0") = 0 [pid 6976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6976] ioctl(4, LOOP_CLR_FD) = 0 [pid 6976] close(4) = 0 [ 197.760911][ T6976] _btrfs_printk: 178 callbacks suppressed [ 197.760933][ T6976] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 197.778316][ T6976] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 197.787578][ T6976] BTRFS info (device loop0): using free-space-tree [pid 6976] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6975] <... futex resumed>) = 0 [pid 6976] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6975] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] <... futex resumed>) = 0 [pid 6975] <... futex resumed>) = 1 [pid 6976] open("./file0", O_RDONLY [pid 6975] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6976] <... open resumed>) = 4 [pid 6976] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6976] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6975] <... futex resumed>) = 0 [pid 6975] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6975] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6976] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6975] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6975] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 6975] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [ 197.895610][ T6976] BTRFS info (device loop0): balance: start -f -s [ 197.903141][ T6976] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 197.910810][ T6976] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 197.919198][ T6976] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 197.932931][ T6976] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6975] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6975] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 6993 attached [pid 6993] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 6993] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 6975] <... clone3 resumed> => {parent_tid=[6993]}, 88) = 6993 [pid 6993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6975] rt_sigprocmask(SIG_SETMASK, [], [pid 6993] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6975] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6993] <... futex resumed>) = 0 [pid 6975] <... futex resumed>) = 1 [pid 6993] open(".", O_RDONLY [pid 6975] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6993] <... open resumed>) = 5 [pid 6993] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6975] <... futex resumed>) = 0 [pid 6975] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6993] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [ 197.941992][ T6976] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 197.949685][ T6976] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 197.957377][ T6976] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 197.965248][ T6976] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 198.020407][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 155648 free, is full [ 198.029473][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=1622016, may_use=1437696, readonly=0 zone_unusable=0 [ 198.044046][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 198.052849][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 198.060528][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 198.068261][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 198.076093][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 198.084809][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 198.093955][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 198.107973][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [pid 6975] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 198.116824][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 198.124539][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 198.132257][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 198.140168][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 6993] <... ioctl resumed>) = 0 [pid 6993] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 198.169761][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 198.178879][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 198.193211][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 198.202040][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 198.209706][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 198.217432][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 198.225313][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 198.233951][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 198.243042][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 198.257345][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 198.266223][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 198.273938][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 198.281650][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 198.289494][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 198.302871][ T3065] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 198.311406][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 198.320480][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 198.334187][ T3065] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 198.341799][ T6976] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 198.350901][ T6976] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 198.364601][ T6976] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 198.373442][ T6976] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 198.381157][ T6976] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 198.388822][ T6976] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 198.396721][ T6976] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 198.405243][ T6976] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 6993] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6976] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6976] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6976] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6975] exit_group(0 [pid 6976] <... futex resumed>) = ? [pid 6975] <... exit_group resumed>) = ? [pid 6993] <... futex resumed>) = ? [pid 6976] +++ exited with 0 +++ [pid 6993] +++ exited with 0 +++ [pid 6975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6975, si_uid=0, si_status=0, si_utime=0, si_stime=52 /* 0.52 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 198.434762][ T6976] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 198.522569][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6994 attached , child_tidptr=0x5555555e8690) = 6994 [pid 6994] set_robust_list(0x5555555e86a0, 24) = 0 [pid 6994] chdir("./101") = 0 [pid 6994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6994] setpgid(0, 0) = 0 [pid 6994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6994] write(3, "1000", 4) = 4 [pid 6994] close(3) = 0 [pid 6994] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6994] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6994] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 6994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 6994] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 6995 attached [pid 6995] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 6994] <... clone3 resumed> => {parent_tid=[6995]}, 88) = 6995 [pid 6995] set_robust_list(0x7f665501d9a0, 24 [pid 6994] rt_sigprocmask(SIG_SETMASK, [], [pid 6995] <... set_robust_list resumed>) = 0 [pid 6994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6995] rt_sigprocmask(SIG_SETMASK, [], [pid 6994] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6995] memfd_create("syzkaller", 0 [pid 6994] <... futex resumed>) = 0 [pid 6994] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6995] <... memfd_create resumed>) = 3 [pid 6995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 6995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6995] munmap(0x7f664ca00000, 138412032) = 0 [pid 6995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6995] close(3) = 0 [pid 6995] close(4) = 0 [pid 6995] mkdir("./file0", 0777) = 0 [ 198.975703][ T6995] loop0: detected capacity change from 0 to 32768 [ 199.009770][ T6995] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (6995) [ 199.031962][ T6995] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 199.042722][ T6995] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 199.051554][ T6995] BTRFS info (device loop0): using free-space-tree [pid 6995] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 6995] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6995] chdir("./file0") = 0 [pid 6995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6995] ioctl(4, LOOP_CLR_FD) = 0 [pid 6995] close(4) = 0 [pid 6995] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6995] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6994] <... futex resumed>) = 0 [pid 6994] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6994] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6995] <... futex resumed>) = 0 [pid 6995] open("./file0", O_RDONLY) = 4 [pid 6995] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6994] <... futex resumed>) = 0 [pid 6995] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6994] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6995] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6994] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6994] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [ 199.189641][ T6995] BTRFS info (device loop0): balance: start -f -s [ 199.196452][ T6995] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 199.203773][ T6995] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 199.212391][ T6995] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 199.226070][ T6995] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 6994] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 7012 attached [pid 7012] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 6994] <... clone3 resumed> => {parent_tid=[7012]}, 88) = 7012 [pid 7012] <... rseq resumed>) = 0 [pid 6994] rt_sigprocmask(SIG_SETMASK, [], [pid 7012] set_robust_list(0x7f6654ffc9a0, 24 [pid 6994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7012] <... set_robust_list resumed>) = 0 [pid 6994] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] rt_sigprocmask(SIG_SETMASK, [], [pid 6994] <... futex resumed>) = 0 [pid 7012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7012] open(".", O_RDONLY [pid 6994] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] <... open resumed>) = 5 [ 199.235189][ T6995] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 199.243166][ T6995] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 199.251461][ T6995] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 199.259295][ T6995] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 199.277875][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 7012] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6994] <... futex resumed>) = 0 [pid 7012] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 6994] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 199.286993][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 199.302812][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 199.311675][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 199.319354][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 199.327088][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 199.334979][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 199.343985][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1761280 free, is full [ 199.353086][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=20480, may_use=1433600, readonly=0 zone_unusable=0 [ 199.367155][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 199.375948][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 6994] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 199.383612][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 199.391279][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 199.399100][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 7012] <... ioctl resumed>) = 0 [pid 7012] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 199.482757][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 199.491902][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 199.506166][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 199.515035][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 199.522754][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 199.530442][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 199.538314][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 199.547054][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 199.556141][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 199.570913][ T59] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 199.579706][ T59] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 199.587433][ T59] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 199.595163][ T59] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 199.603057][ T59] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 199.616852][ T59] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [pid 7012] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6995] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [ 199.625306][ T59] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 199.634447][ T59] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 199.648197][ T59] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 199.655858][ T6995] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 199.665018][ T6995] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [pid 6995] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6995] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6994] exit_group(0 [pid 7012] <... futex resumed>) = ? [pid 6995] <... futex resumed>) = ? [pid 6994] <... exit_group resumed>) = ? [pid 7012] +++ exited with 0 +++ [pid 6995] +++ exited with 0 +++ [pid 6994] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6994, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7013 attached , child_tidptr=0x5555555e8690) = 7013 [pid 7013] set_robust_list(0x5555555e86a0, 24) = 0 [pid 7013] chdir("./102") = 0 [pid 7013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7013] setpgid(0, 0) = 0 [pid 7013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7013] write(3, "1000", 4) = 4 [pid 7013] close(3) = 0 [pid 7013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7013] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7013] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 7013] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 7013] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7013] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7013] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 7014 attached => {parent_tid=[7014]}, 88) = 7014 [pid 7014] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 7013] rt_sigprocmask(SIG_SETMASK, [], [pid 7014] <... rseq resumed>) = 0 [pid 7013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7014] set_robust_list(0x7f665501d9a0, 24 [pid 7013] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7014] <... set_robust_list resumed>) = 0 [pid 7014] rt_sigprocmask(SIG_SETMASK, [], [pid 7013] <... futex resumed>) = 0 [pid 7014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7014] memfd_create("syzkaller", 0 [pid 7013] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7014] <... memfd_create resumed>) = 3 [pid 7014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 7014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7014] munmap(0x7f664ca00000, 138412032) = 0 [pid 7014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7014] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7014] close(3) = 0 [pid 7014] close(4) = 0 [pid 7014] mkdir("./file0", 0777) = 0 [ 200.157583][ T7014] loop0: detected capacity change from 0 to 32768 [ 200.193695][ T7014] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (7014) [pid 7014] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 7014] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7014] chdir("./file0") = 0 [pid 7014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7014] ioctl(4, LOOP_CLR_FD) = 0 [pid 7014] close(4) = 0 [pid 7014] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7013] <... futex resumed>) = 0 [pid 7014] open("./file0", O_RDONLY [pid 7013] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7014] <... open resumed>) = 4 [pid 7013] <... futex resumed>) = 0 [pid 7013] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7014] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7013] <... futex resumed>) = 0 [pid 7014] <... futex resumed>) = 1 [pid 7013] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7013] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7014] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7013] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7013] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 7013] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7013] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7014] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7014] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7013] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} [pid 7014] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7031 attached [pid 7014] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7031] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 7013] <... clone3 resumed> => {parent_tid=[7031]}, 88) = 7031 [pid 7031] set_robust_list(0x7f6654ffc9a0, 24 [pid 7013] rt_sigprocmask(SIG_SETMASK, [], [pid 7031] <... set_robust_list resumed>) = 0 [pid 7013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7031] rt_sigprocmask(SIG_SETMASK, [], [pid 7013] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7013] <... futex resumed>) = 0 [pid 7031] open(".", O_RDONLY [pid 7013] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7031] <... open resumed>) = 5 [pid 7031] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7013] <... futex resumed>) = 0 [pid 7013] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7031] <... futex resumed>) = 1 [pid 7013] <... futex resumed>) = 1 [pid 7031] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7014] <... futex resumed>) = 0 [pid 7013] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7014] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 7013] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7014] <... ioctl resumed>) = 0 [pid 7014] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7013] exit_group(0 [pid 7031] <... futex resumed>) = ? [pid 7014] <... futex resumed>) = ? [pid 7013] <... exit_group resumed>) = ? [pid 7014] +++ exited with 0 +++ [pid 7031] +++ exited with 0 +++ [pid 7013] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7013, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7032 attached , child_tidptr=0x5555555e8690) = 7032 [pid 7032] set_robust_list(0x5555555e86a0, 24) = 0 [pid 7032] chdir("./103") = 0 [pid 7032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7032] setpgid(0, 0) = 0 [pid 7032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7032] write(3, "1000", 4) = 4 [pid 7032] close(3) = 0 [pid 7032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7032] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7032] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 7032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 7032] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 7033 attached => {parent_tid=[7033]}, 88) = 7033 [pid 7033] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 7033] set_robust_list(0x7f665501d9a0, 24) = 0 [pid 7033] rt_sigprocmask(SIG_SETMASK, [], [pid 7032] rt_sigprocmask(SIG_SETMASK, [], [pid 7033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7033] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7032] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7032] <... futex resumed>) = 0 [pid 7033] memfd_create("syzkaller", 0 [pid 7032] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7033] <... memfd_create resumed>) = 3 [pid 7033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 7033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7033] munmap(0x7f664ca00000, 138412032) = 0 [pid 7033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7033] close(3) = 0 [pid 7033] close(4) = 0 [pid 7033] mkdir("./file0", 0777) = 0 [ 201.026439][ T7033] loop0: detected capacity change from 0 to 32768 [ 201.060202][ T7033] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (7033) [pid 7033] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 7033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7033] chdir("./file0") = 0 [pid 7033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7033] ioctl(4, LOOP_CLR_FD) = 0 [pid 7033] close(4) = 0 [pid 7033] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7033] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7032] <... futex resumed>) = 0 [pid 7032] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7032] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7033] <... futex resumed>) = 0 [pid 7033] open("./file0", O_RDONLY) = 4 [pid 7033] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7032] <... futex resumed>) = 0 [pid 7033] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7032] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7032] <... futex resumed>) = 0 [pid 7032] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7033] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7032] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7033] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7033] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7033] <... futex resumed>) = 0 [pid 7032] <... futex resumed>) = 0 [pid 7033] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 7032] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 7050 attached [pid 7050] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 7050] set_robust_list(0x7f6654ffc9a0, 24 [pid 7032] <... clone3 resumed> => {parent_tid=[7050]}, 88) = 7050 [pid 7050] <... set_robust_list resumed>) = 0 [pid 7050] rt_sigprocmask(SIG_SETMASK, [], [pid 7032] rt_sigprocmask(SIG_SETMASK, [], [pid 7050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7050] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7032] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] open(".", O_RDONLY [pid 7032] <... futex resumed>) = 0 [pid 7050] <... open resumed>) = 5 [pid 7032] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7050] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] <... futex resumed>) = 0 [pid 7050] <... futex resumed>) = 1 [pid 7032] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7033] <... futex resumed>) = 0 [pid 7032] <... futex resumed>) = 1 [pid 7033] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 7032] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7033] <... ioctl resumed>) = 0 [pid 7033] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7032] exit_group(0 [pid 7033] <... futex resumed>) = ? [pid 7032] <... exit_group resumed>) = ? [pid 7050] <... futex resumed>) = ? [pid 7050] +++ exited with 0 +++ [pid 7033] +++ exited with 0 +++ [pid 7032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7032, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7051 attached , child_tidptr=0x5555555e8690) = 7051 [pid 7051] set_robust_list(0x5555555e86a0, 24) = 0 [pid 7051] chdir("./104") = 0 [pid 7051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7051] setpgid(0, 0) = 0 [pid 7051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7051] write(3, "1000", 4) = 4 [pid 7051] close(3) = 0 [pid 7051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7051] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7051] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 7051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 7051] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 7052 attached [pid 7052] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 7051] <... clone3 resumed> => {parent_tid=[7052]}, 88) = 7052 [pid 7052] set_robust_list(0x7f665501d9a0, 24 [pid 7051] rt_sigprocmask(SIG_SETMASK, [], [pid 7052] <... set_robust_list resumed>) = 0 [pid 7052] rt_sigprocmask(SIG_SETMASK, [], [pid 7051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7051] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7052] memfd_create("syzkaller", 0 [pid 7051] <... futex resumed>) = 0 [pid 7051] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7052] <... memfd_create resumed>) = 3 [pid 7052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 7052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7052] munmap(0x7f664ca00000, 138412032) = 0 [pid 7052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7052] close(3) = 0 [pid 7052] close(4) = 0 [pid 7052] mkdir("./file0", 0777) = 0 [ 201.993996][ T7052] loop0: detected capacity change from 0 to 32768 [ 202.028850][ T7052] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (7052) [pid 7052] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 7052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7052] chdir("./file0") = 0 [pid 7052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7052] ioctl(4, LOOP_CLR_FD) = 0 [pid 7052] close(4) = 0 [pid 7052] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7051] <... futex resumed>) = 0 [pid 7052] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7051] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7051] <... futex resumed>) = 0 [pid 7052] open("./file0", O_RDONLY [pid 7051] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7052] <... open resumed>) = 4 [pid 7052] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7051] <... futex resumed>) = 0 [pid 7051] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7052] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7051] <... futex resumed>) = 0 [pid 7051] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7051] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 7051] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 7052] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7052] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7051] <... mprotect resumed>) = 0 [pid 7052] <... futex resumed>) = 0 [pid 7052] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 7069 attached [pid 7069] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 7051] <... clone3 resumed> => {parent_tid=[7069]}, 88) = 7069 [pid 7069] set_robust_list(0x7f6654ffc9a0, 24 [pid 7051] rt_sigprocmask(SIG_SETMASK, [], [pid 7069] <... set_robust_list resumed>) = 0 [pid 7051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7069] rt_sigprocmask(SIG_SETMASK, [], [pid 7051] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7051] <... futex resumed>) = 0 [pid 7069] open(".", O_RDONLY [pid 7051] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7069] <... open resumed>) = 5 [pid 7069] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7051] <... futex resumed>) = 0 [pid 7069] <... futex resumed>) = 1 [pid 7051] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7069] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7052] <... futex resumed>) = 0 [pid 7051] <... futex resumed>) = 1 [pid 7052] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 7051] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7052] <... ioctl resumed>) = 0 [pid 7052] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7052] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7051] exit_group(0 [pid 7069] <... futex resumed>) = ? [pid 7052] <... futex resumed>) = ? [pid 7051] <... exit_group resumed>) = ? [pid 7052] +++ exited with 0 +++ [pid 7069] +++ exited with 0 +++ [pid 7051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7051, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7070 attached , child_tidptr=0x5555555e8690) = 7070 [pid 7070] set_robust_list(0x5555555e86a0, 24) = 0 [pid 7070] chdir("./105") = 0 [pid 7070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7070] setpgid(0, 0) = 0 [pid 7070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7070] write(3, "1000", 4) = 4 [pid 7070] close(3) = 0 [pid 7070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7070] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7070] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 7070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 7070] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 7071 attached [pid 7071] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 7070] <... clone3 resumed> => {parent_tid=[7071]}, 88) = 7071 [pid 7071] set_robust_list(0x7f665501d9a0, 24 [pid 7070] rt_sigprocmask(SIG_SETMASK, [], [pid 7071] <... set_robust_list resumed>) = 0 [pid 7071] rt_sigprocmask(SIG_SETMASK, [], [pid 7070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7070] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] memfd_create("syzkaller", 0 [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7071] <... memfd_create resumed>) = 3 [pid 7071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 7071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7071] munmap(0x7f664ca00000, 138412032) = 0 [pid 7071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7071] close(3) = 0 [pid 7071] close(4) = 0 [pid 7071] mkdir("./file0", 0777) = 0 [ 202.980212][ T7071] loop0: detected capacity change from 0 to 32768 [ 203.009162][ T7071] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (7071) [ 203.036977][ T7071] _btrfs_printk: 170 callbacks suppressed [ 203.036999][ T7071] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 203.054075][ T7071] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 203.063132][ T7071] BTRFS info (device loop0): using free-space-tree [pid 7071] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 7071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7071] chdir("./file0") = 0 [pid 7071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7071] ioctl(4, LOOP_CLR_FD) = 0 [pid 7071] close(4) = 0 [pid 7071] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7070] <... futex resumed>) = 0 [pid 7071] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7070] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7070] <... futex resumed>) = 0 [pid 7071] open("./file0", O_RDONLY [pid 7070] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7071] <... open resumed>) = 4 [pid 7071] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7070] <... futex resumed>) = 0 [ 203.202668][ T7071] BTRFS info (device loop0): balance: start -f -s [ 203.209525][ T7071] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 203.217495][ T7071] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 203.225857][ T7071] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 203.239590][ T7071] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 7070] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7070] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 7070] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0} => {parent_tid=[7088]}, 88) = 7088 [pid 7070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7070] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7070] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7088 attached [pid 7088] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 7088] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 7088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7088] open(".", O_RDONLY) = 5 [pid 7088] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] <... futex resumed>) = 0 [pid 7070] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7070] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7088] <... futex resumed>) = 1 [pid 7088] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 7070] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 203.248428][ T7071] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 203.256120][ T7071] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 203.263833][ T7071] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 203.271706][ T7071] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 203.331993][ T2422] BTRFS info (device loop0): left=0, need=98304, flags=5 [ 203.339315][ T2422] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 203.347665][ T2422] BTRFS info (device loop0): space_info total=12451840, used=4096, pinned=0, reserved=8253440, may_use=0, readonly=4194304 zone_unusable=0 [ 203.361920][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 203.370744][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 7088] <... ioctl resumed>) = 0 [pid 7088] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 203.378413][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 203.386116][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 203.393985][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 203.402921][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 203.412494][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 203.427629][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 203.436521][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 203.444224][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 203.451913][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 203.459752][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 203.468424][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 203.477527][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 203.492043][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 203.501318][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 203.508977][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 203.516692][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 203.524627][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 203.538927][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 203.548064][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 203.562643][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 203.571497][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 203.579169][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 203.586941][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 203.594807][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 203.603464][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 203.612583][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 203.626582][ T2422] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 203.635598][ T2422] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 203.643301][ T2422] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 203.651027][ T2422] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 203.658859][ T2422] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [ 203.672410][ T2422] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 203.680943][ T2422] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 203.690021][ T2422] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 203.703769][ T2422] BTRFS info (device loop0): failing ticket with 2228224 bytes [ 203.711427][ T7071] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 203.720535][ T7071] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0 [ 203.734329][ T7071] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 203.743170][ T7071] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 203.750854][ T7071] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 203.758514][ T7071] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 203.766404][ T7071] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 203.774693][ T7071] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 7088] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7071] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7071] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7071] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7070] exit_group(0 [pid 7088] <... futex resumed>) = ? [pid 7070] <... exit_group resumed>) = ? [pid 7088] +++ exited with 0 +++ [pid 7071] <... futex resumed>) = ? [pid 7071] +++ exited with 0 +++ [pid 7070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7070, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 203.804309][ T7071] BTRFS info (device loop0): balance: ended with status: 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 203.932029][ T5056] BTRFS info (device loop0): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7089 attached , child_tidptr=0x5555555e8690) = 7089 [pid 7089] set_robust_list(0x5555555e86a0, 24) = 0 [pid 7089] chdir("./106") = 0 [pid 7089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7089] setpgid(0, 0) = 0 [pid 7089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7089] write(3, "1000", 4) = 4 [pid 7089] close(3) = 0 [pid 7089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7089] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7089] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 7089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 7089] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 7090 attached [pid 7090] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 7089] <... clone3 resumed> => {parent_tid=[7090]}, 88) = 7090 [pid 7090] set_robust_list(0x7f665501d9a0, 24 [pid 7089] rt_sigprocmask(SIG_SETMASK, [], [pid 7090] <... set_robust_list resumed>) = 0 [pid 7089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7090] rt_sigprocmask(SIG_SETMASK, [], [pid 7089] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7090] memfd_create("syzkaller", 0 [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7090] <... memfd_create resumed>) = 3 [pid 7090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 7090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7090] munmap(0x7f664ca00000, 138412032) = 0 [pid 7090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7090] close(3) = 0 [pid 7090] close(4) = 0 [pid 7090] mkdir("./file0", 0777) = 0 [ 204.387875][ T7090] loop0: detected capacity change from 0 to 32768 [ 204.415572][ T7090] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (7090) [ 204.441474][ T7090] BTRFS info (device loop0): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928 [ 204.460582][ T7090] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 204.469595][ T7090] BTRFS info (device loop0): using free-space-tree [pid 7090] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 7090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7090] chdir("./file0") = 0 [pid 7090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7090] ioctl(4, LOOP_CLR_FD) = 0 [pid 7090] close(4) = 0 [pid 7090] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] open("./file0", O_RDONLY [pid 7089] <... futex resumed>) = 0 [pid 7090] <... open resumed>) = 4 [pid 7089] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] <... futex resumed>) = 0 [pid 7090] <... futex resumed>) = 1 [pid 7089] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7089] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7089] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 204.586436][ T7090] BTRFS info (device loop0): balance: start -f -s [ 204.593432][ T7090] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 204.600839][ T7090] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 204.609164][ T7090] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 204.622857][ T7090] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 7089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 7089] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 7107 attached => {parent_tid=[7107]}, 88) = 7107 [pid 7107] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 7089] rt_sigprocmask(SIG_SETMASK, [], [pid 7107] <... rseq resumed>) = 0 [pid 7089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7107] set_robust_list(0x7f6654ffc9a0, 24 [pid 7089] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... set_robust_list resumed>) = 0 [pid 7089] <... futex resumed>) = 0 [pid 7107] rt_sigprocmask(SIG_SETMASK, [], [pid 7089] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7107] open(".", O_RDONLY) = 5 [ 204.631701][ T7090] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 204.639790][ T7090] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 204.647531][ T7090] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 204.657357][ T7090] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 204.676707][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [pid 7107] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7107] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7107] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 7089] <... futex resumed>) = 0 [ 204.686003][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 204.701234][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 204.710124][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 204.717815][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 204.725590][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 204.733490][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 204.742399][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1761280 free, is full [ 204.751526][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=20480, may_use=1433600, readonly=0 zone_unusable=0 [ 204.765596][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 204.774471][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 7089] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 204.782144][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 204.789795][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 204.797693][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 524288 reserved 0 [pid 7107] <... ioctl resumed>) = 0 [pid 7107] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 204.882677][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 204.891978][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0 [ 204.906026][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 204.914847][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 204.922650][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 204.930374][ T3065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 204.938222][ T3065] BTRFS info (device loop0): delayed_refs_rsv: size 262144 reserved 0 [ 204.946994][ T3065] BTRFS info (device loop0): space_info DATA+METADATA has 1773568 free, is full [ 204.956149][ T3065] BTRFS info (device loop0): space_info total=3276800, used=61440, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0 [ 204.970140][ T3065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [pid 7107] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7090] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7090] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7089] exit_group(0 [pid 7090] <... futex resumed>) = ? [pid 7089] <... exit_group resumed>) = ? [pid 7090] +++ exited with 0 +++ [pid 7107] <... futex resumed>) = ? [ 204.978946][ T3065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 204.986645][ T3065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 7107] +++ exited with 0 +++ [pid 7089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7089, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 7108 ./strace-static-x86_64: Process 7108 attached [pid 7108] set_robust_list(0x5555555e86a0, 24) = 0 [pid 7108] chdir("./107") = 0 [pid 7108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7108] setpgid(0, 0) = 0 [pid 7108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7108] write(3, "1000", 4) = 4 [pid 7108] close(3) = 0 [pid 7108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7108] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 7108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 7108] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 7109 attached [pid 7109] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053) = 0 [pid 7108] <... clone3 resumed> => {parent_tid=[7109]}, 88) = 7109 [pid 7109] set_robust_list(0x7f665501d9a0, 24 [pid 7108] rt_sigprocmask(SIG_SETMASK, [], [pid 7109] <... set_robust_list resumed>) = 0 [pid 7109] rt_sigprocmask(SIG_SETMASK, [], [pid 7108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7108] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] memfd_create("syzkaller", 0 [pid 7108] <... futex resumed>) = 0 [pid 7108] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7109] <... memfd_create resumed>) = 3 [pid 7109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 7109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7109] munmap(0x7f664ca00000, 138412032) = 0 [pid 7109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7109] close(3) = 0 [pid 7109] close(4) = 0 [pid 7109] mkdir("./file0", 0777) = 0 [pid 7109] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 7109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7109] chdir("./file0") = 0 [pid 7109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7109] ioctl(4, LOOP_CLR_FD) = 0 [ 205.497912][ T7109] loop0: detected capacity change from 0 to 32768 [ 205.513490][ T7109] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (7109) [pid 7109] close(4) = 0 [pid 7109] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7108] <... futex resumed>) = 0 [pid 7109] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7108] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7108] <... futex resumed>) = 0 [pid 7109] open("./file0", O_RDONLY [pid 7108] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7109] <... open resumed>) = 4 [pid 7109] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7108] <... futex resumed>) = 0 [pid 7109] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7108] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7108] <... futex resumed>) = 0 [pid 7109] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7108] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7108] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 7108] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 7109] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7109] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7108] <... mprotect resumed>) = 0 [pid 7109] <... futex resumed>) = 0 [pid 7109] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 7125 attached [pid 7125] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 7125] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 7108] <... clone3 resumed> => {parent_tid=[7125]}, 88) = 7125 [pid 7125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7108] rt_sigprocmask(SIG_SETMASK, [], [pid 7125] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7108] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7125] <... futex resumed>) = 0 [pid 7125] open(".", O_RDONLY [pid 7108] <... futex resumed>) = 1 [pid 7125] <... open resumed>) = 5 [pid 7108] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7125] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7108] <... futex resumed>) = 0 [pid 7125] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7108] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] <... futex resumed>) = 0 [pid 7108] <... futex resumed>) = 1 [pid 7109] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 7108] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7109] <... ioctl resumed>) = 0 [pid 7109] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7108] exit_group(0 [pid 7109] <... futex resumed>) = ? [pid 7108] <... exit_group resumed>) = ? [pid 7109] +++ exited with 0 +++ [pid 7125] <... futex resumed>) = ? [pid 7125] +++ exited with 0 +++ [pid 7108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7108, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7126 attached , child_tidptr=0x5555555e8690) = 7126 [pid 7126] set_robust_list(0x5555555e86a0, 24) = 0 [pid 7126] chdir("./108") = 0 [pid 7126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7126] setpgid(0, 0) = 0 [pid 7126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7126] write(3, "1000", 4) = 4 [pid 7126] close(3) = 0 [pid 7126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7126] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 7126] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 7126] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 7127 attached [pid 7127] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 7126] <... clone3 resumed> => {parent_tid=[7127]}, 88) = 7127 [pid 7127] <... rseq resumed>) = 0 [pid 7126] rt_sigprocmask(SIG_SETMASK, [], [pid 7127] set_robust_list(0x7f665501d9a0, 24 [pid 7126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7127] <... set_robust_list resumed>) = 0 [pid 7126] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7126] <... futex resumed>) = 0 [pid 7127] memfd_create("syzkaller", 0 [pid 7126] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7127] <... memfd_create resumed>) = 3 [pid 7127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 7127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7127] munmap(0x7f664ca00000, 138412032) = 0 [pid 7127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7127] close(3) = 0 [pid 7127] close(4) = 0 [pid 7127] mkdir("./file0", 0777) = 0 [ 206.224770][ T7127] loop0: detected capacity change from 0 to 32768 [ 206.261319][ T7127] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (7127) [pid 7127] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 7127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7127] chdir("./file0") = 0 [pid 7127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7127] ioctl(4, LOOP_CLR_FD) = 0 [pid 7127] close(4) = 0 [pid 7127] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7127] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7126] <... futex resumed>) = 0 [pid 7126] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7127] <... futex resumed>) = 0 [pid 7126] <... futex resumed>) = 1 [pid 7126] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7127] open("./file0", O_RDONLY) = 4 [pid 7127] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7126] <... futex resumed>) = 0 [pid 7127] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7126] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7126] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 7126] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE [pid 7127] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 7126] <... mprotect resumed>) = 0 [pid 7127] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7127] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 7144 attached [pid 7144] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053 [pid 7126] <... clone3 resumed> => {parent_tid=[7144]}, 88) = 7144 [pid 7126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7144] <... rseq resumed>) = 0 [pid 7144] set_robust_list(0x7f6654ffc9a0, 24 [pid 7126] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7144] <... set_robust_list resumed>) = 0 [pid 7126] <... futex resumed>) = 0 [pid 7144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7126] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7144] open(".", O_RDONLY) = 5 [pid 7144] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7126] <... futex resumed>) = 0 [pid 7144] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7126] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7127] <... futex resumed>) = 0 [pid 7126] <... futex resumed>) = 1 [pid 7127] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 7126] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7127] <... ioctl resumed>) = 0 [pid 7127] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] exit_group(0 [pid 7144] <... futex resumed>) = ? [pid 7127] <... futex resumed>) = ? [pid 7144] +++ exited with 0 +++ [pid 7127] +++ exited with 0 +++ [pid 7126] <... exit_group resumed>) = ? [pid 7126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7126, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555555e9730 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555555f1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555555f1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7145 attached , child_tidptr=0x5555555e8690) = 7145 [pid 7145] set_robust_list(0x5555555e86a0, 24) = 0 [pid 7145] chdir("./109") = 0 [pid 7145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7145] setpgid(0, 0) = 0 [pid 7145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7145] write(3, "1000", 4) = 4 [pid 7145] close(3) = 0 [pid 7145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7145] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7145] rt_sigaction(SIGRT_1, {sa_handler=0x7f6655087370, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6655078520}, NULL, 8) = 0 [pid 7145] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654ffd000 [pid 7145] mprotect(0x7f6654ffe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f665501d990, parent_tid=0x7f665501d990, exit_signal=0, stack=0x7f6654ffd000, stack_size=0x20300, tls=0x7f665501d6c0}./strace-static-x86_64: Process 7146 attached [pid 7146] rseq(0x7f665501dfe0, 0x20, 0, 0x53053053 [pid 7145] <... clone3 resumed> => {parent_tid=[7146]}, 88) = 7146 [pid 7146] <... rseq resumed>) = 0 [pid 7145] rt_sigprocmask(SIG_SETMASK, [], [pid 7146] set_robust_list(0x7f665501d9a0, 24 [pid 7145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7146] <... set_robust_list resumed>) = 0 [pid 7145] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7145] <... futex resumed>) = 0 [pid 7146] memfd_create("syzkaller", 0 [pid 7145] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7146] <... memfd_create resumed>) = 3 [pid 7146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f664ca00000 [pid 7146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7146] munmap(0x7f664ca00000, 138412032) = 0 [pid 7146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7146] close(3) = 0 [pid 7146] close(4) = 0 [pid 7146] mkdir("./file0", 0777) = 0 [ 207.154043][ T7146] loop0: detected capacity change from 0 to 32768 [ 207.192384][ T7146] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor308 (7146) [pid 7146] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 7146] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 7146] chdir("./file0") = 0 [pid 7146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7146] ioctl(4, LOOP_CLR_FD) = 0 [pid 7146] close(4) = 0 [pid 7146] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7145] <... futex resumed>) = 0 [pid 7145] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] open("./file0", O_RDONLY [pid 7145] <... futex resumed>) = 0 [pid 7146] <... open resumed>) = 4 [pid 7145] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7146] futex(0x7f66550ed6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7145] <... futex resumed>) = 0 [pid 7146] futex(0x7f66550ed6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7145] futex(0x7f66550ed6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7145] futex(0x7f66550ed6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7146] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7145] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7145] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6654fdc000 [pid 7145] mprotect(0x7f6654fdd000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6654ffc990, parent_tid=0x7f6654ffc990, exit_signal=0, stack=0x7f6654fdc000, stack_size=0x20300, tls=0x7f6654ffc6c0}./strace-static-x86_64: Process 7163 attached => {parent_tid=[7163]}, 88) = 7163 [pid 7145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7145] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7145] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7163] rseq(0x7f6654ffcfe0, 0x20, 0, 0x53053053) = 0 [pid 7163] set_robust_list(0x7f6654ffc9a0, 24) = 0 [pid 7163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7163] open(".", O_RDONLY) = 5 [pid 7163] futex(0x7f66550ed6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7163] futex(0x7f66550ed6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7145] <... futex resumed>) = 0 [pid 7145] futex(0x7f66550ed6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7163] <... futex resumed>) = 0 [pid 7145] <... futex resumed>) = 1 [pid 7163] ioctl(5, FITRIM, {start=0, len=4294983680, minlen=0} [pid 7145] futex(0x7f66550ed6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 207.414445][ T7146] BTRFS error (device loop0): allocation failed flags 2, wanted 4096 tree-log 0, relocation: 0 [ 207.426008][ T7146] BTRFS critical (device loop0): entry offset 1048576, bytes 4194304, bitmap no [ 207.435789][ T7146] ------------[ cut here ]------------ [ 207.441681][ T7146] BTRFS: Transaction aborted (error -28) [ 207.449077][ T7146] WARNING: CPU: 1 PID: 7146 at fs/btrfs/volumes.c:3234 btrfs_remove_chunk+0x18d7/0x1b10 [ 207.458976][ T7146] Modules linked in: [ 207.463065][ T7146] CPU: 1 PID: 7146 Comm: syz-executor308 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0 [ 207.473219][ T7146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 207.483343][ T7146] RIP: 0010:btrfs_remove_chunk+0x18d7/0x1b10 [ 207.489400][ T7146] Code: 68 57 fe e9 84 fa ff ff 4c 89 f7 e8 03 68 57 fe e9 35 ff ff ff e8 e9 5f 00 fe 90 48 c7 c7 60 d1 17 8b 89 de e8 0a 56 c6 fd 90 <0f> 0b 90 90 e9 2d ff ff ff 4c 89 f7 e8 d8 67 57 fe e9 9b fe ff ff [ 207.509266][ T7146] RSP: 0018:ffffc9000e4ff818 EFLAGS: 00010282 [ 207.515498][ T7146] RAX: 0000000000000000 RBX: ffffffffffffffe4 RCX: ffffffff814cf119 [ 207.523537][ T7146] RDX: ffff88802c21bb80 RSI: ffffffff814cf126 RDI: 0000000000000001 [ 207.531563][ T7146] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 207.539575][ T7146] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 207.547622][ T7146] R13: ffff88807c968878 R14: ffff888073c372d0 R15: ffff888073c372cc [ 207.555699][ T7146] FS: 00007f665501d6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 207.564717][ T7146] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 207.571356][ T7146] CR2: 000055597dcc64a8 CR3: 000000001e63c000 CR4: 00000000003506f0 [ 207.579357][ T7146] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 207.587405][ T7146] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 207.595468][ T7146] Call Trace: [ 207.598757][ T7146] [ 207.601727][ T7146] ? show_regs+0x8f/0xa0 [ 207.606033][ T7146] ? __warn+0xe6/0x390 [ 207.610176][ T7146] ? preempt_schedule_notrace+0x5f/0xe0 [ 207.615773][ T7146] ? btrfs_remove_chunk+0x18d7/0x1b10 [ 207.621222][ T7146] ? report_bug+0x3bc/0x580 [ 207.625797][ T7146] ? handle_bug+0x3d/0x70 [ 207.630185][ T7146] ? exc_invalid_op+0x17/0x40 [ 207.634935][ T7146] ? asm_exc_invalid_op+0x1a/0x20 [ 207.640032][ T7146] ? __warn_printk+0x199/0x350 [ 207.644856][ T7146] ? __warn_printk+0x1a6/0x350 [ 207.649657][ T7146] ? btrfs_remove_chunk+0x18d7/0x1b10 [ 207.655110][ T7146] ? btrfs_remove_chunk+0x18d6/0x1b10 [ 207.660615][ T7146] ? btrfs_chunk_alloc_add_chunk_item+0x1150/0x1150 [ 207.667285][ T7146] ? btrfs_record_root_in_trans+0x15b/0x1b0 [ 207.673277][ T7146] ? start_transaction+0x2a0/0x1c90 [ 207.678535][ T7146] btrfs_relocate_chunk+0x2b6/0x440 [ 207.683851][ T7146] btrfs_balance+0x20fe/0x3f00 [ 207.688700][ T7146] ? btrfs_relocate_chunk+0x440/0x440 [ 207.694159][ T7146] btrfs_ioctl+0x12e8/0x61e0 [ 207.698802][ T7146] ? rcu_is_watching+0x12/0xb0 [ 207.703635][ T7146] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 207.710108][ T7146] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 207.716060][ T7146] ? do_vfs_ioctl+0x379/0x1920 [ 207.720928][ T7146] ? vfs_fileattr_set+0xbf0/0xbf0 [ 207.726026][ T7146] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460 [ 207.732593][ T7146] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460 [ 207.739142][ T7146] ? selinux_bprm_creds_for_exec+0xc50/0xc50 [ 207.745204][ T7146] ? reacquire_held_locks+0x4c0/0x4c0 [ 207.750652][ T7146] ? lock_release+0x4bf/0x690 [ 207.755365][ T7146] ? selinux_file_ioctl+0x17d/0x270 [ 207.760661][ T7146] ? selinux_file_ioctl+0xb5/0x270 [ 207.765821][ T7146] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 207.772306][ T7146] __x64_sys_ioctl+0x18f/0x210 [ 207.777120][ T7146] do_syscall_64+0xd3/0x250 [ 207.781682][ T7146] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 207.787646][ T7146] RIP: 0033:0x7f6655060f59 [ 207.792199][ T7146] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 207.811895][ T7146] RSP: 002b:00007f665501d218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.820378][ T7146] RAX: ffffffffffffffda RBX: 00007f66550ed6c8 RCX: 00007f6655060f59 [ 207.828392][ T7146] RDX: 0000000020001200 RSI: 00000000c4009420 RDI: 0000000000000004 [ 207.836435][ T7146] RBP: 00007f66550ed6c0 R08: 0000000000000000 R09: 0000000000000000 [ 207.844466][ T7146] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66550ba66c [ 207.852619][ T7146] R13: 0030656c69662f2e R14: 64696c6f76627573 R15: 0000000100004000 [ 207.860702][ T7146] [ 207.863730][ T7146] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 207.871047][ T7146] CPU: 1 PID: 7146 Comm: syz-executor308 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0 [ 207.881126][ T7146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 207.891226][ T7146] Call Trace: [ 207.894529][ T7146] [ 207.897481][ T7146] dump_stack_lvl+0xd9/0x1b0 [ 207.902093][ T7146] panic+0x6dc/0x790 [ 207.906022][ T7146] ? panic_smp_self_stop+0xa0/0xa0 [ 207.911177][ T7146] ? show_trace_log_lvl+0x363/0x4f0 [ 207.916428][ T7146] ? check_panic_on_warn+0x1f/0xb0 [ 207.921602][ T7146] ? btrfs_remove_chunk+0x18d7/0x1b10 [ 207.927004][ T7146] check_panic_on_warn+0xab/0xb0 [ 207.932077][ T7146] __warn+0xf2/0x390 [ 207.935998][ T7146] ? preempt_schedule_notrace+0x5f/0xe0 [ 207.941592][ T7146] ? btrfs_remove_chunk+0x18d7/0x1b10 [ 207.947010][ T7146] report_bug+0x3bc/0x580 [ 207.951377][ T7146] handle_bug+0x3d/0x70 [ 207.955560][ T7146] exc_invalid_op+0x17/0x40 [ 207.960088][ T7146] asm_exc_invalid_op+0x1a/0x20 [ 207.964981][ T7146] RIP: 0010:btrfs_remove_chunk+0x18d7/0x1b10 [ 207.971002][ T7146] Code: 68 57 fe e9 84 fa ff ff 4c 89 f7 e8 03 68 57 fe e9 35 ff ff ff e8 e9 5f 00 fe 90 48 c7 c7 60 d1 17 8b 89 de e8 0a 56 c6 fd 90 <0f> 0b 90 90 e9 2d ff ff ff 4c 89 f7 e8 d8 67 57 fe e9 9b fe ff ff [ 207.990650][ T7146] RSP: 0018:ffffc9000e4ff818 EFLAGS: 00010282 [ 207.996741][ T7146] RAX: 0000000000000000 RBX: ffffffffffffffe4 RCX: ffffffff814cf119 [ 208.004765][ T7146] RDX: ffff88802c21bb80 RSI: ffffffff814cf126 RDI: 0000000000000001 [ 208.012768][ T7146] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 208.020764][ T7146] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 208.028751][ T7146] R13: ffff88807c968878 R14: ffff888073c372d0 R15: ffff888073c372cc [ 208.036743][ T7146] ? __warn_printk+0x199/0x350 [ 208.041540][ T7146] ? __warn_printk+0x1a6/0x350 [ 208.046332][ T7146] ? btrfs_remove_chunk+0x18d6/0x1b10 [ 208.051757][ T7146] ? btrfs_chunk_alloc_add_chunk_item+0x1150/0x1150 [ 208.058403][ T7146] ? btrfs_record_root_in_trans+0x15b/0x1b0 [ 208.064343][ T7146] ? start_transaction+0x2a0/0x1c90 [ 208.069661][ T7146] btrfs_relocate_chunk+0x2b6/0x440 [ 208.074895][ T7146] btrfs_balance+0x20fe/0x3f00 [ 208.079705][ T7146] ? btrfs_relocate_chunk+0x440/0x440 [ 208.085116][ T7146] btrfs_ioctl+0x12e8/0x61e0 [ 208.089731][ T7146] ? rcu_is_watching+0x12/0xb0 [ 208.094607][ T7146] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 208.101050][ T7146] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 208.106974][ T7146] ? do_vfs_ioctl+0x379/0x1920 [ 208.111775][ T7146] ? vfs_fileattr_set+0xbf0/0xbf0 [ 208.116834][ T7146] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x460 [ 208.123366][ T7146] ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x460 [ 208.129937][ T7146] ? selinux_bprm_creds_for_exec+0xc50/0xc50 [ 208.135958][ T7146] ? reacquire_held_locks+0x4c0/0x4c0 [ 208.141368][ T7146] ? lock_release+0x4bf/0x690 [ 208.146103][ T7146] ? selinux_file_ioctl+0x17d/0x270 [ 208.151337][ T7146] ? selinux_file_ioctl+0xb5/0x270 [ 208.156477][ T7146] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 208.162916][ T7146] __x64_sys_ioctl+0x18f/0x210 [ 208.167724][ T7146] do_syscall_64+0xd3/0x250 [ 208.172257][ T7146] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 208.178191][ T7146] RIP: 0033:0x7f6655060f59 [ 208.182656][ T7146] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 208.202317][ T7146] RSP: 002b:00007f665501d218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 208.210752][ T7146] RAX: ffffffffffffffda RBX: 00007f66550ed6c8 RCX: 00007f6655060f59 [ 208.218762][ T7146] RDX: 0000000020001200 RSI: 00000000c4009420 RDI: 0000000000000004 [ 208.226752][ T7146] RBP: 00007f66550ed6c0 R08: 0000000000000000 R09: 0000000000000000 [ 208.234737][ T7146] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66550ba66c [ 208.242727][ T7146] R13: 0030656c69662f2e R14: 64696c6f76627573 R15: 0000000100004000 [ 208.250724][ T7146] [ 208.254066][ T7146] Kernel Offset: disabled [ 208.258397][ T7146] Rebooting in 86400 seconds..