./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2321695874 <...> Warning: Permanently added '10.128.1.70' (ED25519) to the list of known hosts. execve("./syz-executor2321695874", ["./syz-executor2321695874"], 0x7ffc505229b0 /* 10 vars */) = 0 brk(NULL) = 0x555556cf5000 brk(0x555556cf5d40) = 0x555556cf5d40 arch_prctl(ARCH_SET_FS, 0x555556cf53c0) = 0 set_tid_address(0x555556cf5690) = 5019 set_robust_list(0x555556cf56a0, 24) = 0 rseq(0x555556cf5ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2321695874", 4096) = 28 getrandom("\x15\x41\xfe\xfa\x0d\xc8\x69\x2a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556cf5d40 brk(0x555556d16d40) = 0x555556d16d40 brk(0x555556d17000) = 0x555556d17000 mprotect(0x7fa5d9053000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.RgmA3p", 0700) = 0 chmod("./syzkaller.RgmA3p", 0777) = 0 chdir("./syzkaller.RgmA3p") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5021 ./strace-static-x86_64: Process 5021 attached [pid 5021] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5021] chdir("./0") = 0 [pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5021] setpgid(0, 0) = 0 [pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5021] write(3, "1000", 4) = 4 [pid 5021] close(3) = 0 [pid 5021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5021] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5021] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0} => {parent_tid=[5022]}, 88) = 5022 [pid 5021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5021] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5022 attached [pid 5022] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5022] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5022] memfd_create("syzkaller", 0) = 3 [pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [ 42.083032][ T5022] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5022 'syz-executor232' [pid 5022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5022] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5022] close(3) = 0 [pid 5022] mkdir("./file0", 0777) = 0 [ 42.196519][ T5022] loop0: detected capacity change from 0 to 32768 [ 42.207905][ T5022] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5022) [ 42.226227][ T5022] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 42.234793][ T5022] BTRFS info (device loop0): enabling ssd optimizations [pid 5022] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5022] chdir("./file0") = 0 [pid 5022] ioctl(4, LOOP_CLR_FD) = 0 [pid 5022] close(4) = 0 [pid 5022] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] open("./file0", O_RDONLY) = 4 [pid 5022] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 42.241782][ T5022] BTRFS info (device loop0): using spread ssd allocation scheme [ 42.249634][ T5022] BTRFS info (device loop0): turning on sync discard [ 42.256314][ T5022] BTRFS info (device loop0): using free space tree [ 42.305997][ T5022] BTRFS info (device loop0): balance: start -f -s [ 42.313607][ T5022] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 42.321268][ T5022] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 42.329961][ T5022] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 42.343599][ T5022] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5022] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5021] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5021] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d1b46000 [pid 5021] mprotect(0x7fa5d1b47000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d1b66990, parent_tid=0x7fa5d1b66990, exit_signal=0, stack=0x7fa5d1b46000, stack_size=0x20300, tls=0x7fa5d1b666c0} => {parent_tid=[5039]}, 88) = 5039 [pid 5021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5021] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5039 attached [pid 5039] rseq(0x7fa5d1b66fe0, 0x20, 0, 0x53053053) = 0 [pid 5039] set_robust_list(0x7fa5d1b669a0, 24) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] open(".", O_RDONLY) = 5 [pid 5039] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... futex resumed>) = 1 [ 42.352554][ T5022] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 42.360248][ T5022] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 42.367949][ T5022] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 42.375776][ T5022] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [pid 5039] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5039] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5039] open("./file0", O_RDONLY [pid 5021] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... open resumed>) = 6 [pid 5039] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5039] open("./file0", O_RDONLY [pid 5021] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... open resumed>) = 7 [pid 5021] <... futex resumed>) = 0 [pid 5039] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... futex resumed>) = 0 [pid 5021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5021] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] mkdir("./bus", 0777 [pid 5021] <... futex resumed>) = 0 [ 42.408298][ T5022] BTRFS info (device loop0): relocating block group 1048576 flags system [ 42.439201][ T3751] BTRFS info (device loop0): space_info DATA+METADATA has 712704 free, is not full [ 42.448654][ T3751] BTRFS info (device loop0): space_info total=3276800, used=65536, pinned=0, reserved=12288, may_use=2486272, readonly=0 zone_unusable=0 [ 42.462849][ T3751] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 42.471864][ T3751] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 42.479550][ T3751] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 42.487209][ T3751] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 42.495003][ T3751] BTRFS info (device loop0): delayed_refs_rsv: size 917504 reserved 0 [ 42.504114][ T3751] BTRFS info (device loop0): space_info DATA+METADATA has 712704 free, is not full [ 42.513608][ T3751] BTRFS info (device loop0): space_info total=3276800, used=65536, pinned=0, reserved=16384, may_use=2482176, readonly=0 zone_unusable=0 [ 42.527788][ T3751] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1437696 [ 42.536693][ T3751] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 42.544366][ T3751] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 42.552065][ T3751] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 42.559940][ T3751] BTRFS info (device loop0): delayed_refs_rsv: size 1179648 reserved 0 [ 42.575533][ T3751] BTRFS info (device loop0): space_info DATA+METADATA has 720896 free, is full [ 42.584548][ T3751] BTRFS info (device loop0): space_info total=3276800, used=69632, pinned=0, reserved=12288, may_use=2473984, readonly=0 zone_unusable=0 [ 42.598575][ T3751] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1429504 [ 42.607405][ T3751] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 42.615065][ T3751] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 42.622753][ T3751] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 42.630585][ T3751] BTRFS info (device loop0): delayed_refs_rsv: size 786432 reserved 0 [ 42.639013][ T3751] BTRFS info (device loop0): space_info DATA+METADATA has 720896 free, is full [ 42.647981][ T3751] BTRFS info (device loop0): space_info total=3276800, used=69632, pinned=0, reserved=16384, may_use=2469888, readonly=0 zone_unusable=0 [ 42.662055][ T3751] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1425408 [ 42.670856][ T3751] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 42.678537][ T3751] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 42.686175][ T3751] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 42.694052][ T3751] BTRFS info (device loop0): delayed_refs_rsv: size 1048576 reserved 0 [ 42.705917][ T3751] BTRFS info (device loop0): space_info DATA+METADATA has 720896 free, is full [ 42.715030][ T3751] BTRFS info (device loop0): space_info total=3276800, used=69632, pinned=0, reserved=12288, may_use=2473984, readonly=0 zone_unusable=0 [ 42.729099][ T3751] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1429504 [ 42.737923][ T3751] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 42.745591][ T3751] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 42.753290][ T3751] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 42.761236][ T3751] BTRFS info (device loop0): delayed_refs_rsv: size 786432 reserved 0 [ 42.769782][ T3751] BTRFS info (device loop0): space_info DATA+METADATA has 720896 free, is full [ 42.778763][ T3751] BTRFS info (device loop0): space_info total=3276800, used=69632, pinned=0, reserved=16384, may_use=2469888, readonly=0 zone_unusable=0 [ 42.792832][ T3751] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1425408 [ 42.801632][ T3751] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 42.809328][ T3751] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 42.817030][ T3751] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 42.824841][ T3751] BTRFS info (device loop0): delayed_refs_rsv: size 1048576 reserved 0 [ 42.836564][ T3751] BTRFS info (device loop0): cannot satisfy tickets, dumping space info [ 42.845166][ T3751] BTRFS info (device loop0): space_info DATA+METADATA has 720896 free, is full [ 42.854255][ T3751] BTRFS info (device loop0): space_info total=3276800, used=69632, pinned=0, reserved=0, may_use=2486272, readonly=0 zone_unusable=0 [ 42.867970][ T3751] BTRFS info (device loop0): failing ticket with 987136 bytes [ 42.875545][ T5039] BTRFS info (device loop0): space_info DATA+METADATA has 651264 free, is full [ 42.884708][ T5039] BTRFS info (device loop0): space_info total=3276800, used=69632, pinned=0, reserved=0, may_use=2555904, readonly=0 zone_unusable=0 [ 42.898377][ T5039] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5021] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5039] <... mkdir resumed>) = -1 ENOSPC (No space left on device) [pid 5039] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 ENOENT (No such file or directory) [pid 5039] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... futex resumed>) = 1 [pid 5039] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"}) = 0 [pid 5039] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [ 42.907321][ T5039] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 42.914941][ T5039] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 42.922715][ T5039] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 42.930550][ T5039] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 42.940518][ T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5039] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5022] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] exit_group(0 [pid 5039] <... futex resumed>) = ? [pid 5022] <... futex resumed>) = ? [pid 5021] <... exit_group resumed>) = ? [pid 5039] +++ exited with 0 +++ [pid 5022] +++ exited with 0 +++ [pid 5021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 42.989549][ T5022] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5045 ./strace-static-x86_64: Process 5045 attached [pid 5045] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5045] chdir("./1") = 0 [pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5045] setpgid(0, 0) = 0 [pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5045] write(3, "1000", 4) = 4 [pid 5045] close(3) = 0 [pid 5045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5045] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5045] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0}./strace-static-x86_64: Process 5046 attached => {parent_tid=[5046]}, 88) = 5046 [pid 5046] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5046] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5046] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] <... futex resumed>) = 0 [pid 5045] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5046] memfd_create("syzkaller", 0) = 3 [pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5046] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5046] close(3) = 0 [pid 5046] mkdir("./file0", 0777) = 0 [ 43.219256][ T5046] loop0: detected capacity change from 0 to 32768 [ 43.229403][ T5046] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5046) [ 43.245682][ T5046] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 43.254263][ T5046] BTRFS info (device loop0): enabling ssd optimizations [ 43.261354][ T5046] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5046] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5046] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5046] chdir("./file0") = 0 [pid 5046] ioctl(4, LOOP_CLR_FD) = 0 [pid 5046] close(4) = 0 [pid 5046] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] open("./file0", O_RDONLY) = 4 [pid 5046] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5045] <... futex resumed>) = 0 [ 43.269253][ T5046] BTRFS info (device loop0): turning on sync discard [ 43.276078][ T5046] BTRFS info (device loop0): using free space tree [ 43.327895][ T5046] BTRFS info (device loop0): balance: start -f -s [ 43.334449][ T5046] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 43.341891][ T5046] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 43.350404][ T5046] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 43.364140][ T5046] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5045] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5045] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d1b46000 [pid 5045] mprotect(0x7fa5d1b47000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d1b66990, parent_tid=0x7fa5d1b66990, exit_signal=0, stack=0x7fa5d1b46000, stack_size=0x20300, tls=0x7fa5d1b666c0} => {parent_tid=[5063]}, 88) = 5063 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5063 attached [pid 5063] rseq(0x7fa5d1b66fe0, 0x20, 0, 0x53053053) = 0 [pid 5063] set_robust_list(0x7fa5d1b669a0, 24) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] open(".", O_RDONLY) = 5 [pid 5063] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 1 [pid 5063] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5063] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 1 [pid 5063] open("./file0", O_RDONLY) = 6 [pid 5063] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 1 [pid 5063] open("./file0", O_RDONLY) = 7 [pid 5063] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 1 [ 43.373049][ T5046] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 43.380726][ T5046] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 43.388522][ T5046] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 43.396350][ T5046] BTRFS info (device loop0): delayed_refs_rsv: size 655360 reserved 122880 [ 43.411285][ T5046] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5063] mkdir("./bus", 0777) = 0 [pid 5063] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5063] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 1 [pid 5063] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"}) = 0 [pid 5063] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5063] <... futex resumed>) = 1 [ 43.450591][ T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5063] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5046] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] exit_group(0 [pid 5046] <... futex resumed>) = ? [pid 5045] <... exit_group resumed>) = ? [pid 5063] <... futex resumed>) = ? [pid 5063] +++ exited with 0 +++ [pid 5046] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 43.499774][ T5046] BTRFS info (device loop0): balance: ended with status: 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5064 ./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5064] chdir("./2") = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5064] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5064] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0} => {parent_tid=[5065]}, 88) = 5065 ./strace-static-x86_64: Process 5065 attached [pid 5065] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5065] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5064] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5065] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file0", 0777) = 0 [ 43.740587][ T5065] loop0: detected capacity change from 0 to 32768 [ 43.750592][ T5065] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5065) [ 43.766003][ T5065] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 43.774743][ T5065] BTRFS info (device loop0): enabling ssd optimizations [ 43.781747][ T5065] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5065] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file0") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] open("./file0", O_RDONLY [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... open resumed>) = 4 [pid 5065] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 43.789421][ T5065] BTRFS info (device loop0): turning on sync discard [ 43.796091][ T5065] BTRFS info (device loop0): using free space tree [ 43.835553][ T5065] BTRFS info (device loop0): balance: start -f -s [ 43.842214][ T5065] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 43.849362][ T5065] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 43.857672][ T5065] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 43.871543][ T5065] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5065] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5064] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5064] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d1b46000 [pid 5064] mprotect(0x7fa5d1b47000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d1b66990, parent_tid=0x7fa5d1b66990, exit_signal=0, stack=0x7fa5d1b46000, stack_size=0x20300, tls=0x7fa5d1b666c0} => {parent_tid=[5082]}, 88) = 5082 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5082 attached [pid 5082] rseq(0x7fa5d1b66fe0, 0x20, 0, 0x53053053) = 0 [pid 5082] set_robust_list(0x7fa5d1b669a0, 24) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5082] open(".", O_RDONLY) = 5 [pid 5082] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5064] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5064] futex(0x7fa5d905972c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d1b25000 [pid 5064] mprotect(0x7fa5d1b26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d1b45990, parent_tid=0x7fa5d1b45990, exit_signal=0, stack=0x7fa5d1b25000, stack_size=0x20300, tls=0x7fa5d1b456c0} => {parent_tid=[5083]}, 88) = 5083 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] futex(0x7fa5d9059728, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7fa5d905972c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5083 attached [pid 5083] rseq(0x7fa5d1b45fe0, 0x20, 0, 0x53053053) = 0 [pid 5083] set_robust_list(0x7fa5d1b459a0, 24) = 0 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5083] open("./file0", O_RDONLY) = 6 [pid 5083] futex(0x7fa5d905972c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7fa5d9059728, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7fa5d905972c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] open("./file0", O_RDONLY) = 7 [pid 5083] futex(0x7fa5d905972c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7fa5d9059728, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7fa5d905972c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] mkdir("./bus", 0777) = 0 [ 43.880566][ T5065] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 43.888433][ T5065] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 43.896080][ T5065] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [pid 5083] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5083] futex(0x7fa5d905972c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5064] futex(0x7fa5d9059728, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7fa5d905972c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"} [pid 5082] <... ioctl resumed>) = 0 [pid 5082] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... ioctl resumed>) = 0 [pid 5083] futex(0x7fa5d905972c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5083] futex(0x7fa5d9059728, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5065] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] exit_group(0 [pid 5082] <... futex resumed>) = ? [pid 5064] <... exit_group resumed>) = ? [pid 5083] <... futex resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5065] <... futex resumed>) = ? [pid 5083] +++ exited with 0 +++ [pid 5065] +++ exited with 0 +++ [pid 5064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5084] chdir("./3") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5084] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0} => {parent_tid=[5085]}, 88) = 5085 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5085] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5085] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5085] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file0", 0777) = 0 [pid 5085] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file0") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5085] open("./file0", O_RDONLY [pid 5084] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... open resumed>) = 4 [pid 5085] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5085] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... futex resumed>) = 0 [pid 5085] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 44.217972][ T5085] loop0: detected capacity change from 0 to 32768 [ 44.237204][ T5085] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5085) [pid 5084] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5085] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5085] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5085] open(".", O_RDONLY [pid 5084] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... open resumed>) = 5 [pid 5085] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 0 [pid 5085] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5085] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5085] open("./file0", O_RDONLY) = 6 [pid 5084] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] open("./file0", O_RDONLY [pid 5084] <... futex resumed>) = 0 [pid 5085] <... open resumed>) = 7 [pid 5084] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] mkdir("./bus", 0777) = 0 [pid 5085] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5085] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5085] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"} [pid 5084] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... ioctl resumed>) = 0 [pid 5085] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] exit_group(0) = ? [pid 5085] <... futex resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5103] chdir("./4") = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] <... clone resumed>, child_tidptr=0x555556cf5690) = 5103 [pid 5103] <... openat resumed>) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5103] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0} => {parent_tid=[5104]}, 88) = 5104 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5103] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5104 attached [pid 5104] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5104] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5104] memfd_create("syzkaller", 0) = 3 [pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5104] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5104] close(3) = 0 [pid 5104] mkdir("./file0", 0777) = 0 [pid 5104] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5104] chdir("./file0") = 0 [pid 5104] ioctl(4, LOOP_CLR_FD) = 0 [pid 5104] close(4) = 0 [pid 5104] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5104] open("./file0", O_RDONLY [pid 5103] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... open resumed>) = 4 [pid 5103] <... futex resumed>) = 0 [pid 5104] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 0 [pid 5103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5103] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 44.603548][ T5104] loop0: detected capacity change from 0 to 32768 [ 44.613373][ T5104] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5104) [pid 5103] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5104] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] open(".", O_RDONLY) = 5 [pid 5104] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5104] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] open("./file0", O_RDONLY) = 6 [pid 5104] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] open("./file0", O_RDONLY) = 7 [pid 5104] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] mkdir("./bus", 0777) = 0 [pid 5104] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5104] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... futex resumed>) = 1 [pid 5104] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"}) = 0 [pid 5104] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] <... futex resumed>) = 0 [pid 5104] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] exit_group(0 [pid 5104] <... futex resumed>) = ? [pid 5103] <... exit_group resumed>) = ? [pid 5104] +++ exited with 0 +++ [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5121 ./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5121] chdir("./5") = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5121] setpgid(0, 0) = 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5121] write(3, "1000", 4) = 4 [pid 5121] close(3) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5121] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5121] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0}./strace-static-x86_64: Process 5122 attached => {parent_tid=[5122]}, 88) = 5122 [pid 5122] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5122] set_robust_list(0x7fa5d8f879a0, 24 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], [pid 5122] <... set_robust_list resumed>) = 0 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5121] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5121] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5122] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] mkdir("./file0", 0777) = 0 [pid 5122] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./file0") = 0 [pid 5122] ioctl(4, LOOP_CLR_FD) = 0 [pid 5122] close(4) = 0 [pid 5122] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] open("./file0", O_RDONLY [pid 5121] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... open resumed>) = 4 [pid 5122] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5121] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 44.973046][ T5122] loop0: detected capacity change from 0 to 32768 [ 44.982997][ T5122] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5122) [pid 5121] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5122] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 1 [pid 5122] open(".", O_RDONLY) = 5 [pid 5122] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 1 [pid 5122] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5122] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] open("./file0", O_RDONLY [pid 5121] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... open resumed>) = 6 [pid 5121] <... futex resumed>) = 0 [pid 5122] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] open("./file0", O_RDONLY [pid 5121] <... futex resumed>) = 0 [pid 5122] <... open resumed>) = 7 [pid 5121] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5122] mkdir("./bus", 0777 [pid 5121] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] <... mkdir resumed>) = 0 [pid 5121] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5122] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5122] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5121] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"} [pid 5121] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... ioctl resumed>) = 0 [pid 5122] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5121] exit_group(0) = ? [pid 5122] <... futex resumed>) = ? [pid 5122] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5141 ./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5141] chdir("./6") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5141] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0}./strace-static-x86_64: Process 5142 attached => {parent_tid=[5142]}, 88) = 5142 [pid 5142] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], [pid 5142] <... rseq resumed>) = 0 [pid 5141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5141] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5141] <... futex resumed>) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], [pid 5141] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5142] memfd_create("syzkaller", 0) = 3 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5142] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5142] close(3) = 0 [pid 5142] mkdir("./file0", 0777) = 0 [pid 5142] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5142] chdir("./file0") = 0 [pid 5142] ioctl(4, LOOP_CLR_FD) = 0 [pid 5142] close(4) = 0 [pid 5142] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] open("./file0", O_RDONLY) = 4 [pid 5142] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 45.360348][ T5142] loop0: detected capacity change from 0 to 32768 [ 45.372260][ T5142] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5142) [pid 5142] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5142] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [pid 5141] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] open(".", O_RDONLY [pid 5141] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... open resumed>) = 5 [pid 5142] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5142] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5141] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... ioctl resumed>) = 0 [pid 5142] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] open("./file0", O_RDONLY) = 6 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] open("./file0", O_RDONLY [pid 5141] <... futex resumed>) = 0 [pid 5142] <... open resumed>) = 7 [pid 5141] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] mkdir("./bus", 0777 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5142] <... mkdir resumed>) = 0 [pid 5142] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5142] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"}) = 0 [pid 5142] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] exit_group(0) = ? [pid 5142] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5159 ./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5159] chdir("./7") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5159] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0}./strace-static-x86_64: Process 5160 attached => {parent_tid=[5160]}, 88) = 5160 [pid 5160] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5160] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], [pid 5160] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5160] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5159] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5160] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] mkdir("./file0", 0777) = 0 [pid 5160] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./file0") = 0 [pid 5160] ioctl(4, LOOP_CLR_FD) = 0 [pid 5160] close(4) = 0 [pid 5160] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 1 [pid 5160] open("./file0", O_RDONLY) = 4 [pid 5160] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 1 [ 45.704437][ T5160] loop0: detected capacity change from 0 to 32768 [ 45.715973][ T5160] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5160) [pid 5160] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5160] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] open(".", O_RDONLY [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... open resumed>) = 5 [pid 5160] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5160] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5159] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... ioctl resumed>) = 0 [pid 5160] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5160] open("./file0", O_RDONLY [pid 5159] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... open resumed>) = 6 [pid 5160] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] open("./file0", O_RDONLY) = 7 [pid 5159] <... futex resumed>) = 0 [pid 5160] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5160] mkdir("./bus", 0777) = 0 [pid 5160] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5160] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"}) = 0 [pid 5160] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5159] exit_group(0) = ? [pid 5160] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5183 ./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5183] chdir("./8") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5183] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0}./strace-static-x86_64: Process 5184 attached [pid 5184] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053 [pid 5183] <... clone3 resumed> => {parent_tid=[5184]}, 88) = 5184 [pid 5184] <... rseq resumed>) = 0 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] set_robust_list(0x7fa5d8f879a0, 24 [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5184] <... set_robust_list resumed>) = 0 [pid 5183] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] <... futex resumed>) = 0 [pid 5184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5184] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] mkdir("./file0", 0777) = 0 [pid 5184] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./file0") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [pid 5184] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] open("./file0", O_RDONLY) = 4 [pid 5184] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [ 46.056177][ T5184] loop0: detected capacity change from 0 to 32768 [ 46.065776][ T5184] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5184) [pid 5184] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5184] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5184] <... futex resumed>) = 1 [pid 5183] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] open(".", O_RDONLY [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... open resumed>) = 5 [pid 5184] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5184] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] open("./file0", O_RDONLY) = 6 [pid 5184] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] open("./file0", O_RDONLY) = 7 [pid 5184] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] mkdir("./bus", 0777) = 0 [pid 5184] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5184] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"}) = 0 [pid 5184] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] exit_group(0) = ? [pid 5184] <... futex resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5201 ./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5201] chdir("./9") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5201] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0}./strace-static-x86_64: Process 5202 attached => {parent_tid=[5202]}, 88) = 5202 [pid 5202] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5202] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5201] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 0 [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5202] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./file0", 0777) = 0 [pid 5202] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./file0") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] open("./file0", O_RDONLY) = 4 [pid 5202] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5201] <... futex resumed>) = 0 [ 46.404638][ T5202] loop0: detected capacity change from 0 to 32768 [ 46.414078][ T5202] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5202) [pid 5201] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5202] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] open(".", O_RDONLY [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = 5 [pid 5202] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5202] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] open("./file0", O_RDONLY) = 6 [pid 5202] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] open("./file0", O_RDONLY) = 7 [pid 5202] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] mkdir("./bus", 0777) = 0 [pid 5202] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5202] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"}) = 0 [pid 5202] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5201] exit_group(0) = ? [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5219 ./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5219] chdir("./10") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5219] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0} => {parent_tid=[5220]}, 88) = 5220 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5219] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5220 attached [pid 5220] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5220] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5220] memfd_create("syzkaller", 0) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5220] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] mkdir("./file0", 0777) = 0 [pid 5220] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./file0") = 0 [pid 5220] ioctl(4, LOOP_CLR_FD) = 0 [pid 5220] close(4) = 0 [pid 5220] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] open("./file0", O_RDONLY [pid 5219] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... open resumed>) = 4 [pid 5220] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 46.769859][ T5220] loop0: detected capacity change from 0 to 32768 [ 46.779366][ T5220] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5220) [pid 5220] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5220] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5219] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] open(".", O_RDONLY) = 5 [pid 5220] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5220] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 1 [pid 5220] open("./file0", O_RDONLY) = 6 [pid 5220] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 1 [pid 5220] open("./file0", O_RDONLY) = 7 [pid 5220] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 1 [pid 5220] mkdir("./bus", 0777) = 0 [pid 5220] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5220] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 1 [pid 5220] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"}) = 0 [pid 5220] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] exit_group(0) = ? [pid 5220] <... futex resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5237 ./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5237] chdir("./11") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5237] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0}./strace-static-x86_64: Process 5238 attached => {parent_tid=[5238]}, 88) = 5238 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5238] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5238] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5237] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5238] memfd_create("syzkaller", 0) = 3 [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5238] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5238] close(3) = 0 [pid 5238] mkdir("./file0", 0777) = 0 [pid 5238] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5238] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5238] chdir("./file0") = 0 [pid 5238] ioctl(4, LOOP_CLR_FD) = 0 [pid 5238] close(4) = 0 [pid 5238] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] open("./file0", O_RDONLY) = 4 [pid 5238] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 47.137930][ T5238] loop0: detected capacity change from 0 to 32768 [ 47.148605][ T5238] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5238) [pid 5238] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5238] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] open(".", O_RDONLY [pid 5237] <... futex resumed>) = 0 [pid 5238] <... open resumed>) = 5 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5238] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5238] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] open("./file0", O_RDONLY [pid 5237] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] <... open resumed>) = 6 [pid 5238] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] <... futex resumed>) = 0 [pid 5238] open("./file0", O_RDONLY [pid 5237] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... open resumed>) = 7 [pid 5238] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] mkdir("./bus", 0777 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5238] <... mkdir resumed>) = 0 [pid 5238] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5238] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"}) = 0 [pid 5238] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5237] <... futex resumed>) = 0 [pid 5238] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] exit_group(0) = ? [pid 5238] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 47.273491][ T75] _btrfs_printk: 156 callbacks suppressed [ 47.273507][ T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5255 ./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5255] chdir("./12") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5255] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0} => {parent_tid=[5256]}, 88) = 5256 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5256 attached [pid 5256] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5256] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5256] memfd_create("syzkaller", 0) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5256] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] mkdir("./file0", 0777) = 0 [ 47.514066][ T5256] loop0: detected capacity change from 0 to 32768 [ 47.524422][ T5256] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5256) [ 47.540796][ T5256] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 47.549324][ T5256] BTRFS info (device loop0): enabling ssd optimizations [ 47.556267][ T5256] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5256] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5256] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./file0") = 0 [pid 5256] ioctl(4, LOOP_CLR_FD) = 0 [pid 5256] close(4) = 0 [pid 5256] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] open("./file0", O_RDONLY) = 4 [pid 5256] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 47.564111][ T5256] BTRFS info (device loop0): turning on sync discard [ 47.571127][ T5256] BTRFS info (device loop0): using free space tree [ 47.608875][ T5256] BTRFS info (device loop0): balance: start -f -s [ 47.615560][ T5256] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 47.622984][ T5256] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 47.631307][ T5256] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 47.644910][ T5256] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5256] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5255] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5255] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d1b46000 [pid 5255] mprotect(0x7fa5d1b47000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d1b66990, parent_tid=0x7fa5d1b66990, exit_signal=0, stack=0x7fa5d1b46000, stack_size=0x20300, tls=0x7fa5d1b666c0} => {parent_tid=[5272]}, 88) = 5272 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5272 attached [pid 5272] rseq(0x7fa5d1b66fe0, 0x20, 0, 0x53053053) = 0 [pid 5272] set_robust_list(0x7fa5d1b669a0, 24) = 0 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5272] open(".", O_RDONLY) = 5 [pid 5272] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... futex resumed>) = 1 [pid 5272] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5272] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] open("./file0", O_RDONLY) = 6 [pid 5272] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] open("./file0", O_RDONLY) = 7 [pid 5272] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5272] mkdir("./bus", 0777) = 0 [pid 5272] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5272] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... futex resumed>) = 1 [ 47.653717][ T5256] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 47.661413][ T5256] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 47.669138][ T5256] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 47.677008][ T5256] BTRFS info (device loop0): delayed_refs_rsv: size 655360 reserved 122880 [ 47.688328][ T5256] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5272] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"} [pid 5255] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5272] <... ioctl resumed>) = 0 [pid 5272] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5256] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] exit_group(0) = ? [pid 5272] <... futex resumed>) = ? [pid 5256] <... futex resumed>) = ? [pid 5272] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 47.782445][ T5256] BTRFS info (device loop0): balance: ended with status: 0 [ 47.790696][ T3751] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5274 ./strace-static-x86_64: Process 5274 attached [pid 5274] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5274] chdir("./13") = 0 [pid 5274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5274] setpgid(0, 0) = 0 [pid 5274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5274] write(3, "1000", 4) = 4 [pid 5274] close(3) = 0 [pid 5274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5274] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5274] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5274] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0}./strace-static-x86_64: Process 5275 attached [pid 5275] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053 [pid 5274] <... clone3 resumed> => {parent_tid=[5275]}, 88) = 5275 [pid 5275] <... rseq resumed>) = 0 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] set_robust_list(0x7fa5d8f879a0, 24 [pid 5274] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] <... set_robust_list resumed>) = 0 [pid 5274] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] memfd_create("syzkaller", 0) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5275] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] mkdir("./file0", 0777) = 0 [ 48.050106][ T5275] loop0: detected capacity change from 0 to 32768 [ 48.062492][ T5275] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5275) [ 48.077931][ T5275] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 48.086413][ T5275] BTRFS info (device loop0): enabling ssd optimizations [pid 5275] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./file0") = 0 [pid 5275] ioctl(4, LOOP_CLR_FD) = 0 [pid 5275] close(4) = 0 [pid 5275] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] open("./file0", O_RDONLY) = 4 [pid 5275] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 48.093599][ T5275] BTRFS info (device loop0): using spread ssd allocation scheme [ 48.101530][ T5275] BTRFS info (device loop0): turning on sync discard [ 48.108307][ T5275] BTRFS info (device loop0): using free space tree [ 48.148455][ T5275] BTRFS info (device loop0): balance: start -f -s [ 48.155098][ T5275] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 48.162300][ T5275] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 48.170674][ T5275] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 48.184352][ T5275] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5275] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5274] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5274] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d1b46000 [pid 5274] mprotect(0x7fa5d1b47000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d1b66990, parent_tid=0x7fa5d1b66990, exit_signal=0, stack=0x7fa5d1b46000, stack_size=0x20300, tls=0x7fa5d1b666c0} => {parent_tid=[5292]}, 88) = 5292 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5292 attached [pid 5292] rseq(0x7fa5d1b66fe0, 0x20, 0, 0x53053053) = 0 [pid 5292] set_robust_list(0x7fa5d1b669a0, 24) = 0 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5292] open(".", O_RDONLY) = 5 [pid 5292] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5292] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5292] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... ioctl resumed>) = 0 [pid 5292] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 48.193203][ T5275] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 48.200960][ T5275] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 48.208690][ T5275] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 48.216536][ T5275] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 48.232268][ T5275] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5292] open("./file0", O_RDONLY) = 6 [pid 5292] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] open("./file0", O_RDONLY) = 7 [pid 5292] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5292] mkdir("./bus", 0777) = 0 [pid 5292] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5292] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5292] <... futex resumed>) = 1 [pid 5292] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"}) = 0 [pid 5292] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5292] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5275] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] exit_group(0) = ? [pid 5292] <... futex resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5275] <... futex resumed>) = ? [pid 5275] +++ exited with 0 +++ [pid 5274] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5274, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 48.304858][ T5275] BTRFS info (device loop0): balance: ended with status: 0 [ 48.308160][ T75] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5293 ./strace-static-x86_64: Process 5293 attached [pid 5293] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5293] chdir("./14") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5293] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0}./strace-static-x86_64: Process 5294 attached => {parent_tid=[5294]}, 88) = 5294 [pid 5294] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5294] set_robust_list(0x7fa5d8f879a0, 24 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5294] <... set_robust_list resumed>) = 0 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5293] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5294] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] mkdir("./file0", 0777) = 0 [ 48.539874][ T5294] loop0: detected capacity change from 0 to 32768 [ 48.550652][ T5294] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5294) [ 48.567297][ T5294] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 48.575754][ T5294] BTRFS info (device loop0): enabling ssd optimizations [ 48.582725][ T5294] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5294] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./file0") = 0 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = 1 [pid 5294] open("./file0", O_RDONLY [pid 5293] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... open resumed>) = 4 [pid 5294] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] <... futex resumed>) = 0 [pid 5294] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 0 [ 48.590580][ T5294] BTRFS info (device loop0): turning on sync discard [ 48.597319][ T5294] BTRFS info (device loop0): using free space tree [ 48.634041][ T5294] BTRFS info (device loop0): balance: start -f -s [ 48.640837][ T5294] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 48.647971][ T5294] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 48.656270][ T5294] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 48.669999][ T5294] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [pid 5294] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5293] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5293] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d1b46000 [pid 5293] mprotect(0x7fa5d1b47000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d1b66990, parent_tid=0x7fa5d1b66990, exit_signal=0, stack=0x7fa5d1b46000, stack_size=0x20300, tls=0x7fa5d1b666c0} => {parent_tid=[5311]}, 88) = 5311 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5293] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5311 attached [pid 5311] rseq(0x7fa5d1b66fe0, 0x20, 0, 0x53053053) = 0 [pid 5311] set_robust_list(0x7fa5d1b669a0, 24) = 0 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5311] open(".", O_RDONLY) = 5 [pid 5311] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5311] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5293] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] <... ioctl resumed>) = 0 [pid 5311] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = 1 [pid 5311] open("./file0", O_RDONLY [pid 5293] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] <... open resumed>) = 6 [pid 5311] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] open("./file0", O_RDONLY) = 7 [pid 5311] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] mkdir("./bus", 0777 [pid 5293] <... futex resumed>) = 0 [ 48.678934][ T5294] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 48.686584][ T5294] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 48.694280][ T5294] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 48.702164][ T5294] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 48.715586][ T5294] BTRFS info (device loop0): relocating block group 1048576 flags system [ 48.741729][ T75] BTRFS info (device loop0): space_info DATA+METADATA has 720896 free, is not full [ 48.751224][ T75] BTRFS info (device loop0): space_info total=3276800, used=65536, pinned=0, reserved=12288, may_use=2478080, readonly=0 zone_unusable=0 [ 48.765303][ T75] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1433600 [ 48.774231][ T75] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 48.781867][ T75] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5293] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5311] <... mkdir resumed>) = 0 [pid 5311] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5311] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5311] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"} [pid 5293] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] <... ioctl resumed>) = 0 [pid 5311] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5311] <... futex resumed>) = 1 [ 48.789530][ T75] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 48.797343][ T75] BTRFS info (device loop0): delayed_refs_rsv: size 917504 reserved 917504 [ 48.829481][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5311] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5294] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5294] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] exit_group(0) = ? [pid 5294] <... futex resumed>) = ? [pid 5294] +++ exited with 0 +++ [pid 5311] <... futex resumed>) = ? [pid 5311] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 48.847837][ T5294] BTRFS info (device loop0): balance: ended with status: 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5312 ./strace-static-x86_64: Process 5312 attached [pid 5312] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5312] chdir("./15") = 0 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5312] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5312] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0}./strace-static-x86_64: Process 5313 attached => {parent_tid=[5313]}, 88) = 5313 [pid 5313] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5313] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5313] <... futex resumed>) = 0 [pid 5312] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5313] memfd_create("syzkaller", 0) = 3 [pid 5313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5313] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5313] close(3) = 0 [pid 5313] mkdir("./file0", 0777) = 0 [ 49.068593][ T5313] loop0: detected capacity change from 0 to 32768 [ 49.078369][ T5313] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5313) [ 49.093659][ T5313] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 49.102205][ T5313] BTRFS info (device loop0): enabling ssd optimizations [ 49.109289][ T5313] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5313] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5313] chdir("./file0") = 0 [pid 5313] ioctl(4, LOOP_CLR_FD) = 0 [pid 5313] close(4) = 0 [pid 5313] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 1 [pid 5313] open("./file0", O_RDONLY) = 4 [pid 5313] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... futex resumed>) = 1 [ 49.116991][ T5313] BTRFS info (device loop0): turning on sync discard [ 49.123805][ T5313] BTRFS info (device loop0): using free space tree [ 49.156451][ T5313] BTRFS info (device loop0): balance: start -f -s [ 49.163640][ T5313] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 49.170840][ T5313] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 49.179221][ T5313] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 49.192800][ T5313] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 49.201663][ T5313] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [ 49.209347][ T5313] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [pid 5313] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5312] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5312] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d1b46000 [pid 5312] mprotect(0x7fa5d1b47000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d1b66990, parent_tid=0x7fa5d1b66990, exit_signal=0, stack=0x7fa5d1b46000, stack_size=0x20300, tls=0x7fa5d1b666c0} => {parent_tid=[5330]}, 88) = 5330 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5330 attached [pid 5330] rseq(0x7fa5d1b66fe0, 0x20, 0, 0x53053053) = 0 [pid 5330] set_robust_list(0x7fa5d1b669a0, 24) = 0 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5330] open(".", O_RDONLY) = 5 [pid 5330] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 0 [pid 5330] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5330] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5330] open("./file0", O_RDONLY [pid 5312] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... open resumed>) = 6 [pid 5330] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] open("./file0", O_RDONLY [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... open resumed>) = 7 [pid 5330] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5330] mkdir("./bus", 0777) = 0 [pid 5330] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5330] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"} [ 49.217048][ T5313] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 49.224868][ T5313] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [ 49.239947][ T5313] BTRFS info (device loop0): relocating block group 1048576 flags system [pid 5312] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5312] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5330] <... ioctl resumed>) = 0 [pid 5330] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 49.300590][ T12] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5330] futex(0x7fa5d9059718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5313] <... ioctl resumed> => {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, state=0, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5313] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5313] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5312] exit_group(0) = ? [pid 5330] <... futex resumed>) = ? [pid 5313] <... futex resumed>) = ? [pid 5330] +++ exited with 0 +++ [pid 5313] +++ exited with 0 +++ [pid 5312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5312, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cf6730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 49.358467][ T5313] BTRFS info (device loop0): balance: ended with status: 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cfe770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cfe770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556cf6730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cf5690) = 5331 ./strace-static-x86_64: Process 5331 attached [pid 5331] set_robust_list(0x555556cf56a0, 24) = 0 [pid 5331] chdir("./16") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] rt_sigaction(SIGRT_1, {sa_handler=0x7fa5d8ff16f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa5d8fe28a0}, NULL, 8) = 0 [pid 5331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d8f67000 [pid 5331] mprotect(0x7fa5d8f68000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d8f87990, parent_tid=0x7fa5d8f87990, exit_signal=0, stack=0x7fa5d8f67000, stack_size=0x20300, tls=0x7fa5d8f876c0} => {parent_tid=[5332]}, 88) = 5332 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5331] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5332 attached [pid 5332] rseq(0x7fa5d8f87fe0, 0x20, 0, 0x53053053) = 0 [pid 5332] set_robust_list(0x7fa5d8f879a0, 24) = 0 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] memfd_create("syzkaller", 0) = 3 [pid 5332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5d0b67000 [pid 5332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5332] munmap(0x7fa5d0b67000, 16777216) = 0 [pid 5332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5332] close(3) = 0 [pid 5332] mkdir("./file0", 0777) = 0 [ 49.572104][ T5332] loop0: detected capacity change from 0 to 32768 [ 49.581634][ T5332] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor232 (5332) [ 49.596961][ T5332] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 49.605395][ T5332] BTRFS info (device loop0): enabling ssd optimizations [ 49.612423][ T5332] BTRFS info (device loop0): using spread ssd allocation scheme [pid 5332] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0 [pid 5332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5332] chdir("./file0") = 0 [pid 5332] ioctl(4, LOOP_CLR_FD) = 0 [pid 5332] close(4) = 0 [pid 5332] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5332] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5332] open("./file0", O_RDONLY) = 4 [pid 5332] futex(0x7fa5d905970c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5332] futex(0x7fa5d9059708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] futex(0x7fa5d9059708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5331] futex(0x7fa5d905970c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 49.620128][ T5332] BTRFS info (device loop0): turning on sync discard [ 49.626925][ T5332] BTRFS info (device loop0): using free space tree [ 49.660416][ T5332] BTRFS info (device loop0): balance: start -f -s [ 49.675439][ T5332] BTRFS info (device loop0): left=0, need=98304, flags=2 [ 49.682767][ T5332] BTRFS info (device loop0): space_info SYSTEM has 0 free, is not full [ 49.691112][ T5332] BTRFS info (device loop0): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0 [ 49.704871][ T5332] BTRFS info (device loop0): global_block_rsv: size 1441792 reserved 1441792 [ 49.713832][ T5332] BTRFS info (device loop0): trans_block_rsv: size 0 reserved 0 [pid 5332] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_SYSTEM|BTRFS_BALANCE_FORCE, sys={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5331] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5331] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa5d1b46000 [pid 5331] mprotect(0x7fa5d1b47000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa5d1b66990, parent_tid=0x7fa5d1b66990, exit_signal=0, stack=0x7fa5d1b46000, stack_size=0x20300, tls=0x7fa5d1b666c0} => {parent_tid=[5349]}, 88) = 5349 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5331] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5349 attached [pid 5349] rseq(0x7fa5d1b66fe0, 0x20, 0, 0x53053053) = 0 [pid 5349] set_robust_list(0x7fa5d1b669a0, 24) = 0 [pid 5349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5349] open(".", O_RDONLY) = 5 [pid 5349] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5331] <... futex resumed>) = 0 [pid 5349] ioctl(5, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5331] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... ioctl resumed>) = 0 [pid 5349] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [pid 5349] open("./file0", O_RDONLY) = 6 [pid 5349] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [pid 5349] open("./file0", O_RDONLY) = 7 [pid 5349] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [pid 5349] mkdir("./bus", 0777) = 0 [ 49.721558][ T5332] BTRFS info (device loop0): chunk_block_rsv: size 0 reserved 0 [ 49.729238][ T5332] BTRFS info (device loop0): delayed_block_rsv: size 0 reserved 0 [ 49.737137][ T5332] BTRFS info (device loop0): delayed_refs_rsv: size 0 reserved 0 [pid 5349] mount(NULL, "./bus", 0x20000180, MS_RDONLY|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_REC|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\xff\xff\xa4\xb3\xc8\x16\xb3\xc7\xe7\x59\xe8\x81\xc6\x9e\x2f\x1e\x3e\x3d\x86\x34\x67\x9d\xa8\xf1\x1a\xfe\xd2\x54\x50\xeb\x78\x6f\xf8\x41\x81\x54\xa5\x1a\xf3\xcc\x43\x62\x79\x45\x20\xc6\x7c\xcd\x83\x79\x6f\x3e\xec\x9d\x17\x4a\xbd\x07\x49\x6c\xce\x02\x02\xc2\x0f\x07") = -1 EINVAL (Invalid argument) [pid 5349] futex(0x7fa5d905971c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 0 [pid 5331] futex(0x7fa5d9059718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5331] futex(0x7fa5d905971c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... futex resumed>) = 1 [ 49.772454][ T5332] BTRFS info (device loop0): relocating block group 1048576 flags system [ 49.801742][ T5349] ------------[ cut here ]------------ [ 49.807839][ T5349] WARNING: CPU: 1 PID: 5349 at fs/btrfs/extent-tree.c:871 lookup_inline_extent_backref+0xc6f/0x1340 [ 49.818681][ T5349] Modules linked in: [pid 5349] ioctl(7, BTRFS_IOC_SNAP_CREATE, {fd=6, name="\x8c\x95\x8b\x1b\xea\xff\xe8\x54\xa9\x10\x9f"} [pid 5331] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 49.822584][ T5349] CPU: 1 PID: 5349 Comm: syz-executor232 Not tainted 6.5.0-rc2-syzkaller #0 [ 49.831323][ T5349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 49.841775][ T5349] RIP: 0010:lookup_inline_extent_backref+0xc6f/0x1340 [ 49.848640][ T5349] Code: 97 19 fe e8 13 9c 19 fe 8b b4 24 40 01 00 00 31 ff e8 75 97 19 fe 8b 84 24 40 01 00 00 85 c0 0f 84 0a 01 00 00 e8 f1 9b 19 fe <0f> 0b 41 bc fb ff ff ff e9 fb fd ff ff e8 df 9b 19 fe 48 83 c3 0d [ 49.868403][ T5349] RSP: 0018:ffffc90005317040 EFLAGS: 00010293 [ 49.874518][ T5349] RAX: 0000000000000000 RBX: ffffed10058a828c RCX: 0000000000000000 [ 49.882585][ T5349] RDX: ffff888028ba5940 RSI: ffffffff836cd58f RDI: 0000000000000005 [ 49.890665][ T5349] RBP: ffff88802c541460 R08: 0000000000000005 R09: 0000000000000000 [ 49.898738][ T5349] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001 [ 49.906744][ T5349] R13: 0000000000000000 R14: ffff888074dd7c78 R15: ffff88802c541420 [ 49.914933][ T5349] FS: 00007fa5d1b666c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 49.923895][ T5349] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.930537][ T5349] CR2: 0000555bd3d0aa20 CR3: 0000000078f53000 CR4: 0000000000350ee0 [ 49.938548][ T5349] Call Trace: [ 49.941824][ T5349] [ 49.944771][ T5349] ? __warn+0xe6/0x380 [ 49.948921][ T5349] ? lookup_inline_extent_backref+0xc6f/0x1340 [ 49.955103][ T5349] ? report_bug+0x3bc/0x580 [ 49.959698][ T5349] ? handle_bug+0x3c/0x70 [ 49.964039][ T5349] ? exc_invalid_op+0x17/0x40 [pid 5331] exit_group(0) = ? [ 49.968774][ T5349] ? asm_exc_invalid_op+0x1a/0x20 [ 49.973835][ T5349] ? lookup_inline_extent_backref+0xc6f/0x1340 [ 49.980057][ T5349] ? lookup_inline_extent_backref+0xc6f/0x1340 [ 49.986257][ T5349] ? hash_extent_data_ref+0xf0/0xf0 [ 49.991579][ T5349] insert_inline_extent_backref+0xc1/0x270 [ 49.997454][ T5349] ? lookup_inline_extent_backref+0x1340/0x1340 [ 50.003697][ T5349] ? kasan_set_track+0x25/0x30 [ 50.009013][ T5349] ? rcu_is_watching+0x12/0xb0 [ 50.013781][ T5349] ? kmem_cache_alloc+0x34e/0x3b0 [ 50.018880][ T5349] __btrfs_inc_extent_ref.isra.0+0xef/0x4b0 [ 50.024824][ T5349] ? insert_extent_data_ref+0x6d0/0x6d0 [ 50.030451][ T5349] ? reacquire_held_locks+0x4b0/0x4b0 [ 50.035845][ T5349] ? btrfs_tree_mod_log_lowest_seq+0x70/0xb0 [ 50.041890][ T5349] ? btrfs_merge_delayed_refs+0x47e/0x570 [ 50.047658][ T5349] __btrfs_run_delayed_refs+0x220e/0x3b80 [ 50.053417][ T5349] ? check_ref_cleanup+0x3e0/0x3e0 [ 50.058623][ T5349] ? spin_bug+0x1d0/0x1d0 [ 50.062968][ T5349] ? preempt_count_sub+0x150/0x150 [ 50.068144][ T5349] btrfs_run_delayed_refs+0x1a1/0x510 [ 50.073533][ T5349] create_pending_snapshot+0x1289/0x2d90 [ 50.079239][ T5349] ? __btrfs_abort_transaction+0x190/0x190 [ 50.085069][ T5349] ? preempt_count_sub+0x150/0x150 [ 50.090261][ T5349] ? rcu_is_watching+0x12/0xb0 [ 50.095063][ T5349] ? trace_contention_end+0xd6/0x100 [ 50.100432][ T5349] ? __mutex_lock+0x25b/0x1340 [ 50.105223][ T5349] ? btrfs_commit_transaction+0xf6f/0x3fd0 [ 50.111104][ T5349] ? lock_sync+0x190/0x190 [ 50.115544][ T5349] create_pending_snapshots+0x17e/0x2d0 [ 50.121150][ T5349] btrfs_commit_transaction+0xf47/0x3fd0 [ 50.126883][ T5349] ? spin_bug+0x1d0/0x1d0 [ 50.131275][ T5349] ? create_pending_snapshots+0x2d0/0x2d0 [ 50.137092][ T5349] ? start_transaction+0x2a5/0x14d0 [ 50.142352][ T5349] btrfs_mksubvol+0xa87/0x12c0 [ 50.147221][ T5349] ? create_subvol+0x15e0/0x15e0 [ 50.152213][ T5349] ? make_vfsuid+0x108/0x160 [ 50.156974][ T5349] btrfs_mksnapshot+0xad/0xf0 [ 50.161672][ T5349] __btrfs_ioctl_snap_create+0x43d/0x4f0 [ 50.167380][ T5349] btrfs_ioctl_snap_create+0x168/0x200 [ 50.172874][ T5349] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 50.178872][ T5349] btrfs_ioctl+0x53b/0x5cf0 [ 50.183419][ T5349] ? tomoyo_path_number_perm+0x190/0x590 [ 50.189172][ T5349] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 50.195001][ T5349] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 50.201520][ T5349] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 50.207467][ T5349] ? do_vfs_ioctl+0x379/0x1910 [ 50.212245][ T5349] ? vfs_fileattr_set+0xbf0/0xbf0 [ 50.217397][ T5349] ? reacquire_held_locks+0x4b0/0x4b0 [ 50.222809][ T5349] ? __fget_files+0x279/0x410 [ 50.227637][ T5349] ? bpf_lsm_file_ioctl+0x9/0x10 [ 50.232588][ T5349] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 50.239075][ T5349] __x64_sys_ioctl+0x18f/0x210 [ 50.243876][ T5349] do_syscall_64+0x38/0xb0 [ 50.248381][ T5349] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.254321][ T5349] RIP: 0033:0x7fa5d8fcb2d9 [ 50.258799][ T5349] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 50.278500][ T5349] RSP: 002b:00007fa5d1b66218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 50.287103][ T5349] RAX: ffffffffffffffda RBX: 00007fa5d9059718 RCX: 00007fa5d8fcb2d9 [ 50.295213][ T5349] RDX: 0000000020002180 RSI: 0000000050009401 RDI: 0000000000000007 [ 50.303318][ T5349] RBP: 00007fa5d9059710 R08: 0000000000000000 R09: 0000000000000000 [ 50.311328][ T5349] R10: 0000000020000000 R11: 0000000000000246 R12: 00007fa5d902566c [ 50.319397][ T5349] R13: 00007fa5d901f06b R14: 00007fa5d9024670 R15: 00007fa5d901f075 [ 50.327413][ T5349] [ 50.330449][ T5349] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 50.337735][ T5349] CPU: 1 PID: 5349 Comm: syz-executor232 Not tainted 6.5.0-rc2-syzkaller #0 [ 50.346413][ T5349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 50.356470][ T5349] Call Trace: [ 50.359770][ T5349] [ 50.362704][ T5349] dump_stack_lvl+0xd9/0x1b0 [ 50.367308][ T5349] panic+0x6a4/0x750 [ 50.371221][ T5349] ? panic_smp_self_stop+0xa0/0xa0 [ 50.376341][ T5349] ? show_trace_log_lvl+0x29d/0x3c0 [ 50.381562][ T5349] ? lookup_inline_extent_backref+0xc6f/0x1340 [ 50.387731][ T5349] check_panic_on_warn+0xab/0xb0 [ 50.392698][ T5349] __warn+0xf2/0x380 [ 50.396668][ T5349] ? lookup_inline_extent_backref+0xc6f/0x1340 [ 50.402859][ T5349] report_bug+0x3bc/0x580 [ 50.407221][ T5349] handle_bug+0x3c/0x70 [ 50.411391][ T5349] exc_invalid_op+0x17/0x40 [ 50.415893][ T5349] asm_exc_invalid_op+0x1a/0x20 [ 50.420778][ T5349] RIP: 0010:lookup_inline_extent_backref+0xc6f/0x1340 [ 50.427552][ T5349] Code: 97 19 fe e8 13 9c 19 fe 8b b4 24 40 01 00 00 31 ff e8 75 97 19 fe 8b 84 24 40 01 00 00 85 c0 0f 84 0a 01 00 00 e8 f1 9b 19 fe <0f> 0b 41 bc fb ff ff ff e9 fb fd ff ff e8 df 9b 19 fe 48 83 c3 0d [ 50.447171][ T5349] RSP: 0018:ffffc90005317040 EFLAGS: 00010293 [ 50.453241][ T5349] RAX: 0000000000000000 RBX: ffffed10058a828c RCX: 0000000000000000 [ 50.461214][ T5349] RDX: ffff888028ba5940 RSI: ffffffff836cd58f RDI: 0000000000000005 [ 50.469269][ T5349] RBP: ffff88802c541460 R08: 0000000000000005 R09: 0000000000000000 [ 50.477238][ T5349] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001 [ 50.485201][ T5349] R13: 0000000000000000 R14: ffff888074dd7c78 R15: ffff88802c541420 [ 50.493205][ T5349] ? lookup_inline_extent_backref+0xc6f/0x1340 [ 50.499421][ T5349] ? hash_extent_data_ref+0xf0/0xf0 [ 50.504637][ T5349] insert_inline_extent_backref+0xc1/0x270 [ 50.510458][ T5349] ? lookup_inline_extent_backref+0x1340/0x1340 [ 50.516698][ T5349] ? kasan_set_track+0x25/0x30 [ 50.521517][ T5349] ? rcu_is_watching+0x12/0xb0 [ 50.526297][ T5349] ? kmem_cache_alloc+0x34e/0x3b0 [ 50.531345][ T5349] __btrfs_inc_extent_ref.isra.0+0xef/0x4b0 [ 50.537255][ T5349] ? insert_extent_data_ref+0x6d0/0x6d0 [ 50.542798][ T5349] ? reacquire_held_locks+0x4b0/0x4b0 [ 50.548170][ T5349] ? btrfs_tree_mod_log_lowest_seq+0x70/0xb0 [ 50.554177][ T5349] ? btrfs_merge_delayed_refs+0x47e/0x570 [ 50.559900][ T5349] __btrfs_run_delayed_refs+0x220e/0x3b80 [ 50.565648][ T5349] ? check_ref_cleanup+0x3e0/0x3e0 [ 50.570762][ T5349] ? spin_bug+0x1d0/0x1d0 [ 50.575089][ T5349] ? preempt_count_sub+0x150/0x150 [ 50.580206][ T5349] btrfs_run_delayed_refs+0x1a1/0x510 [ 50.585578][ T5349] create_pending_snapshot+0x1289/0x2d90 [ 50.591314][ T5349] ? __btrfs_abort_transaction+0x190/0x190 [ 50.597124][ T5349] ? preempt_count_sub+0x150/0x150 [ 50.602245][ T5349] ? rcu_is_watching+0x12/0xb0 [ 50.607015][ T5349] ? trace_contention_end+0xd6/0x100 [ 50.612297][ T5349] ? __mutex_lock+0x25b/0x1340 [ 50.617061][ T5349] ? btrfs_commit_transaction+0xf6f/0x3fd0 [ 50.622877][ T5349] ? lock_sync+0x190/0x190 [ 50.627303][ T5349] create_pending_snapshots+0x17e/0x2d0 [ 50.632858][ T5349] btrfs_commit_transaction+0xf47/0x3fd0 [ 50.638491][ T5349] ? spin_bug+0x1d0/0x1d0 [ 50.642831][ T5349] ? create_pending_snapshots+0x2d0/0x2d0 [ 50.648549][ T5349] ? start_transaction+0x2a5/0x14d0 [ 50.653751][ T5349] btrfs_mksubvol+0xa87/0x12c0 [ 50.658517][ T5349] ? create_subvol+0x15e0/0x15e0 [ 50.663452][ T5349] ? make_vfsuid+0x108/0x160 [ 50.668072][ T5349] btrfs_mksnapshot+0xad/0xf0 [ 50.672750][ T5349] __btrfs_ioctl_snap_create+0x43d/0x4f0 [ 50.678385][ T5349] btrfs_ioctl_snap_create+0x168/0x200 [ 50.683841][ T5349] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 50.689742][ T5349] btrfs_ioctl+0x53b/0x5cf0 [ 50.694248][ T5349] ? tomoyo_path_number_perm+0x190/0x590 [ 50.699882][ T5349] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 50.705689][ T5349] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 50.712102][ T5349] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 50.718006][ T5349] ? do_vfs_ioctl+0x379/0x1910 [ 50.722771][ T5349] ? vfs_fileattr_set+0xbf0/0xbf0 [ 50.727803][ T5349] ? reacquire_held_locks+0x4b0/0x4b0 [ 50.733181][ T5349] ? __fget_files+0x279/0x410 [ 50.737862][ T5349] ? bpf_lsm_file_ioctl+0x9/0x10 [ 50.742790][ T5349] ? btrfs_ioctl_get_supported_features+0x40/0x40 [ 50.749200][ T5349] __x64_sys_ioctl+0x18f/0x210 [ 50.753966][ T5349] do_syscall_64+0x38/0xb0 [ 50.758384][ T5349] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.764279][ T5349] RIP: 0033:0x7fa5d8fcb2d9 [ 50.768684][ T5349] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 50.788288][ T5349] RSP: 002b:00007fa5d1b66218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 50.796695][ T5349] RAX: ffffffffffffffda RBX: 00007fa5d9059718 RCX: 00007fa5d8fcb2d9 [ 50.804661][ T5349] RDX: 0000000020002180 RSI: 0000000050009401 RDI: 0000000000000007 [ 50.812624][ T5349] RBP: 00007fa5d9059710 R08: 0000000000000000 R09: 0000000000000000 [ 50.820586][ T5349] R10: 0000000020000000 R11: 0000000000000246 R12: 00007fa5d902566c [ 50.828549][ T5349] R13: 00007fa5d901f06b R14: 00007fa5d9024670 R15: 00007fa5d901f075 [ 50.836528][ T5349] [ 50.840265][ T5349] Kernel Offset: disabled [ 50.844709][ T5349] Rebooting in 86400 seconds..