./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2939047076 <...> Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts. execve("./syz-executor2939047076", ["./syz-executor2939047076"], 0x7ffe04308380 /* 10 vars */) = 0 brk(NULL) = 0x5555560fc000 brk(0x5555560fce00) = 0x5555560fce00 arch_prctl(ARCH_SET_FS, 0x5555560fc480) = 0 set_tid_address(0x5555560fc750) = 5027 set_robust_list(0x5555560fc760, 24) = 0 rseq(0x5555560fcda0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2939047076", 4096) = 28 getrandom("\xae\xa6\xb3\x6e\x43\x6b\x23\x53", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555560fce00 brk(0x55555611de00) = 0x55555611de00 brk(0x55555611e000) = 0x55555611e000 mprotect(0x7f29737c6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5027 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "5027", 4) = 4 close(3) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f2973704d90, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f2973704d90, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 mkdir("./syzkaller.8d05Uw", 0700) = 0 chmod("./syzkaller.8d05Uw", 0777) = 0 chdir("./syzkaller.8d05Uw") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5028 ./strace-static-x86_64: Process 5028 attached [pid 5028] set_robust_list(0x5555560fc760, 24) = 0 [pid 5028] chdir("./0") = 0 [pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5028] setpgid(0, 0) = 0 [pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5028] write(3, "1000", 4) = 4 [pid 5028] close(3) = 0 [pid 5028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5028] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5028] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5028] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5029 attached => {parent_tid=[5029]}, 88) = 5029 [pid 5028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5029] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5029] memfd_create("syzkaller", 0) = 3 [pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [ 70.532995][ T5029] syz-executor293[5029]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5029] munmap(0x7f296b2da000, 138412032) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5029] close(3) = 0 [pid 5029] mkdir("./bus", 0777) = 0 [ 70.746437][ T5029] loop0: detected capacity change from 0 to 32768 [ 70.759409][ T5029] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5029) [ 70.780046][ T5029] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 70.789181][ T5029] BTRFS info (device loop0): doing ref verification [ 70.796122][ T5029] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 70.807068][ T5029] BTRFS info (device loop0): force zlib compression, level 3 [ 70.814763][ T5029] BTRFS info (device loop0): allowing degraded mounts [ 70.821566][ T5029] BTRFS info (device loop0): using free space tree [pid 5029] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5029] chdir("./bus") = 0 [pid 5029] ioctl(4, LOOP_CLR_FD) = 0 [pid 5029] close(4) = 0 [pid 5029] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5029] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5029] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] open("./file0", O_RDONLY [pid 5028] <... futex resumed>) = 0 [pid 5029] <... open resumed>) = 4 [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] creat("./file1", 000) = 5 [pid 5029] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] <... futex resumed>) = 0 [pid 5029] open("./file0", O_RDONLY [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... open resumed>) = 6 [pid 5029] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] <... futex resumed>) = 0 [pid 5029] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 70.849676][ T5029] BTRFS info (device loop0): auto enabling async discard [pid 5029] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5029] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5028] <... futex resumed>) = 1 [pid 5029] creat("./bus", 012 [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... creat resumed>) = 7 [pid 5029] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5029] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] open("./file0", O_RDONLY) = 9 [pid 5029] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5028] <... futex resumed>) = 1 [pid 5029] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5029] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5028] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5028] <... futex resumed>) = 0 [ 70.986386][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5028] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5028] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5028] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5047]}, 88) = 5047 ./strace-static-x86_64: Process 5047 attached [pid 5028] rt_sigprocmask(SIG_SETMASK, [], [pid 5047] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5028] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5047] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] <... futex resumed>) = 0 [pid 5047] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5028] <... futex resumed>) = 0 [pid 5047] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 71.028961][ T5029] BTRFS info (device loop0): balance: start -d -m [ 71.046924][ T5029] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5028] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5047] <... ioctl resumed>) = 0 [pid 5047] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.183199][ T5029] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 71.266515][ T5029] BTRFS info (device loop0): found 13 extents, stage: move data extents [pid 5047] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] exit_group(0) = ? [pid 5047] <... futex resumed>) = ? [pid 5047] +++ exited with 0 +++ [ 71.313533][ T5029] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5029] <... ioctl resumed> ) = ? [pid 5029] +++ exited with 0 +++ [pid 5028] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5028, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=68 /* 0.68 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 71.359081][ T5029] BTRFS info (device loop0): balance: ended with status: 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5049 ./strace-static-x86_64: Process 5049 attached [pid 5049] set_robust_list(0x5555560fc760, 24) = 0 [pid 5049] chdir("./1") = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5049] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5049] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5050]}, 88) = 5050 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5050 attached [pid 5050] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5050] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] memfd_create("syzkaller", 0) = 3 [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5050] munmap(0x7f296b2da000, 138412032) = 0 [pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5050] close(3) = 0 [pid 5050] mkdir("./bus", 0777) = 0 [ 71.805879][ T5050] loop0: detected capacity change from 0 to 32768 [ 71.816450][ T5050] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5050) [ 71.835025][ T5050] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 71.844091][ T5050] BTRFS info (device loop0): doing ref verification [ 71.850908][ T5050] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 71.861801][ T5050] BTRFS info (device loop0): force zlib compression, level 3 [ 71.869446][ T5050] BTRFS info (device loop0): allowing degraded mounts [ 71.876376][ T5050] BTRFS info (device loop0): using free space tree [pid 5050] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5050] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5050] chdir("./bus") = 0 [pid 5050] ioctl(4, LOOP_CLR_FD) = 0 [pid 5050] close(4) = 0 [pid 5050] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5049] <... futex resumed>) = 0 [pid 5050] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] open("./file0", O_RDONLY [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... open resumed>) = 4 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5049] <... futex resumed>) = 1 [pid 5050] creat("./file1", 000 [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... creat resumed>) = 5 [pid 5050] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] open("./file0", O_RDONLY [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... open resumed>) = 6 [pid 5050] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] <... futex resumed>) = 0 [pid 5050] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 71.901141][ T5050] BTRFS info (device loop0): auto enabling async discard [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... ioctl resumed>) = 0 [pid 5050] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] creat("./bus", 012 [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... creat resumed>) = 7 [pid 5050] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5050] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... openat resumed>) = 8 [pid 5050] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] open("./file0", O_RDONLY) = 9 [pid 5050] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5050] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... ioctl resumed>) = 0 [pid 5050] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] <... futex resumed>) = 0 [pid 5050] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 71.978345][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 72.009460][ T5050] BTRFS info (device loop0): balance: start -d -m [pid 5049] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5049] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5049] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5067 attached [pid 5067] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5049] <... clone3 resumed> => {parent_tid=[5067]}, 88) = 5067 [pid 5067] <... rseq resumed>) = 0 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5067] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5067] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5049] <... futex resumed>) = 1 [pid 5049] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... futex resumed>) = 1 [ 72.019888][ T5050] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5067] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5049] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5049] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5067] <... ioctl resumed>) = 0 [pid 5067] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.117482][ T5050] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 72.196390][ T5050] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 5067] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] exit_group(0 [pid 5067] <... futex resumed>) = ? [pid 5049] <... exit_group resumed>) = ? [pid 5067] +++ exited with 0 +++ [pid 5050] <... ioctl resumed> ) = ? [pid 5050] +++ exited with 0 +++ [pid 5049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5049, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=52 /* 0.52 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 72.244934][ T5050] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 72.280356][ T5050] BTRFS info (device loop0): balance: ended with status: 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5068 ./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x5555560fc760, 24) = 0 [pid 5068] chdir("./2") = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5068] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5069 attached => {parent_tid=[5069]}, 88) = 5069 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5069] <... rseq resumed>) = 0 [pid 5069] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5069] munmap(0x7f296b2da000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./bus", 0777) = 0 [ 72.685084][ T5069] loop0: detected capacity change from 0 to 32768 [ 72.697011][ T5069] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5069) [ 72.713786][ T5069] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 72.722743][ T5069] BTRFS info (device loop0): doing ref verification [pid 5069] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5069] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./bus") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5068] <... futex resumed>) = 0 [pid 5069] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] <... futex resumed>) = 0 [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] open("./file0", O_RDONLY [pid 5068] <... futex resumed>) = 0 [pid 5069] <... open resumed>) = 4 [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] <... futex resumed>) = 0 [ 72.729439][ T5069] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 72.740268][ T5069] BTRFS info (device loop0): force zlib compression, level 3 [ 72.748096][ T5069] BTRFS info (device loop0): allowing degraded mounts [ 72.754925][ T5069] BTRFS info (device loop0): using free space tree [ 72.777905][ T5069] BTRFS info (device loop0): auto enabling async discard [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] creat("./file1", 000 [pid 5068] <... futex resumed>) = 0 [pid 5069] <... creat resumed>) = 5 [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] open("./file0", O_RDONLY [pid 5068] <... futex resumed>) = 0 [pid 5069] <... open resumed>) = 6 [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5069] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... ioctl resumed>) = 0 [pid 5069] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5069] creat("./bus", 012 [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... creat resumed>) = 7 [pid 5069] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5069] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] open("./file0", O_RDONLY) = 9 [pid 5069] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... ioctl resumed>) = 0 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5068] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5068] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5068] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5086]}, 88) = 5086 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5086 attached [pid 5086] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5086] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5086] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5086] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5086] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 72.908284][ T5069] BTRFS info (device loop0): balance: start -d -m [ 72.916388][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 72.932948][ T5069] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5068] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... ioctl resumed>) = 0 [pid 5086] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = 1 [ 73.045720][ T5069] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5086] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] exit_group(0 [pid 5086] <... futex resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5068] <... exit_group resumed>) = ? [ 73.111652][ T5069] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5069] <... ioctl resumed> ) = ? [pid 5069] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=60 /* 0.60 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 73.161625][ T5069] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 73.195773][ T5069] BTRFS info (device loop0): balance: ended with status: 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5087 ./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x5555560fc760, 24) = 0 [pid 5087] chdir("./3") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5087] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5088]}, 88) = 5088 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5088 attached [pid 5088] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5088] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5088] munmap(0x7f296b2da000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./bus", 0777) = 0 [ 73.598091][ T5088] loop0: detected capacity change from 0 to 32768 [ 73.609156][ T5088] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5088) [ 73.626098][ T5088] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 73.635049][ T5088] BTRFS info (device loop0): doing ref verification [ 73.641652][ T5088] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 73.652516][ T5088] BTRFS info (device loop0): force zlib compression, level 3 [ 73.660007][ T5088] BTRFS info (device loop0): allowing degraded mounts [ 73.666851][ T5088] BTRFS info (device loop0): using free space tree [pid 5088] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5088] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./bus") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [pid 5088] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5088] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5088] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5088] open("./file0", O_RDONLY) = 4 [pid 5087] <... futex resumed>) = 1 [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5088] creat("./file1", 000 [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... creat resumed>) = 5 [pid 5088] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] open("./file0", O_RDONLY) = 6 [pid 5088] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5088] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 73.692473][ T5088] BTRFS info (device loop0): auto enabling async discard [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... ioctl resumed>) = 0 [pid 5088] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5088] creat("./bus", 012 [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... creat resumed>) = 7 [pid 5088] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5088] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] open("./file0", O_RDONLY) = 9 [pid 5088] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5088] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 0 [pid 5088] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5087] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5087] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5087] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5105]}, 88) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] <... rseq resumed>) = 0 [pid 5105] set_robust_list(0x7f29736d99a0, 24 [pid 5087] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... set_robust_list resumed>) = 0 [pid 5087] <... futex resumed>) = 0 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5105] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5087] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 73.796850][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 73.814884][ T5088] BTRFS info (device loop0): balance: start -d -m [ 73.830771][ T5088] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5105] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5087] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5105] <... ioctl resumed>) = 0 [pid 5105] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 73.945778][ T5088] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 74.009677][ T5088] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5105] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] exit_group(0) = ? [pid 5105] <... futex resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5088] <... ioctl resumed> ) = ? [pid 5088] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=56 /* 0.56 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 74.059125][ T5088] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 74.096123][ T5088] BTRFS info (device loop0): balance: ended with status: 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5106 ./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x5555560fc760, 24) = 0 [pid 5106] chdir("./4") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5106] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5107 attached [pid 5107] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5106] <... clone3 resumed> => {parent_tid=[5107]}, 88) = 5107 [pid 5107] <... rseq resumed>) = 0 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5107] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] memfd_create("syzkaller", 0 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5107] <... memfd_create resumed>) = 3 [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5107] munmap(0x7f296b2da000, 138412032) = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5107] close(3) = 0 [pid 5107] mkdir("./bus", 0777) = 0 [ 74.609133][ T5107] loop0: detected capacity change from 0 to 32768 [ 74.621016][ T5107] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5107) [ 74.638559][ T5107] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 74.647365][ T5107] BTRFS info (device loop0): doing ref verification [pid 5107] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5107] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5107] chdir("./bus") = 0 [pid 5107] ioctl(4, LOOP_CLR_FD) = 0 [pid 5107] close(4) = 0 [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5106] <... futex resumed>) = 0 [pid 5107] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.653989][ T5107] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 74.664861][ T5107] BTRFS info (device loop0): force zlib compression, level 3 [ 74.672275][ T5107] BTRFS info (device loop0): allowing degraded mounts [ 74.679174][ T5107] BTRFS info (device loop0): using free space tree [ 74.701577][ T5107] BTRFS info (device loop0): auto enabling async discard [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] open("./file0", O_RDONLY) = 4 [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] creat("./file1", 000) = 5 [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... futex resumed>) = 1 [pid 5107] open("./file0", O_RDONLY) = 6 [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... futex resumed>) = 1 [pid 5107] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5106] <... futex resumed>) = 1 [pid 5107] creat("./bus", 012 [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... creat resumed>) = 7 [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... openat resumed>) = 8 [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] open("./file0", O_RDONLY [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... open resumed>) = 9 [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5106] <... futex resumed>) = 1 [pid 5107] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... ioctl resumed>) = 0 [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5107] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5106] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5106] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5106] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 74.812982][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 74.839846][ T5107] BTRFS info (device loop0): balance: start -d -m [ 74.851716][ T5107] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5124 attached [pid 5124] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5106] <... clone3 resumed> => {parent_tid=[5124]}, 88) = 5124 [pid 5124] <... rseq resumed>) = 0 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5124] set_robust_list(0x7f29736d99a0, 24 [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5106] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] <... futex resumed>) = 0 [pid 5124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5124] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] <... futex resumed>) = 0 [pid 5124] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5106] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 5124] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 1 [ 74.903972][ T5107] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 75.002891][ T5107] BTRFS info (device loop0): found 5 extents, stage: move data extents [pid 5124] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5107] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5106] exit_group(0) = ? [pid 5107] <... futex resumed>) = ? [pid 5124] <... futex resumed>) = ? [pid 5107] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=62 /* 0.62 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 75.050767][ T5107] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 75.086042][ T5107] BTRFS info (device loop0): balance: ended with status: 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x5555560fc760, 24) = 0 [pid 5125] chdir("./5") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5125] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5126]}, 88) = 5126 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5126 attached [pid 5126] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5126] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5126] munmap(0x7f296b2da000, 138412032) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./bus", 0777) = 0 [ 75.502074][ T5126] loop0: detected capacity change from 0 to 32768 [ 75.513536][ T5126] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5126) [ 75.529737][ T5126] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 75.538583][ T5126] BTRFS info (device loop0): doing ref verification [ 75.545377][ T5126] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 75.556504][ T5126] BTRFS info (device loop0): force zlib compression, level 3 [ 75.563913][ T5126] BTRFS info (device loop0): allowing degraded mounts [ 75.570794][ T5126] BTRFS info (device loop0): using free space tree [pid 5126] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5126] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./bus") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5126] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5126] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] open("./file0", O_RDONLY) = 4 [pid 5126] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] creat("./file1", 000) = 5 [pid 5126] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5126] open("./file0", O_RDONLY [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... open resumed>) = 6 [pid 5126] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5126] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 75.595330][ T5126] BTRFS info (device loop0): auto enabling async discard [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... ioctl resumed>) = 0 [pid 5126] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5126] creat("./bus", 012 [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... creat resumed>) = 7 [pid 5126] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... openat resumed>) = 8 [pid 5126] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] open("./file0", O_RDONLY) = 9 [pid 5126] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5126] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 75.686646][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 75.720170][ T5126] BTRFS info (device loop0): balance: start -d -m [pid 5126] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5125] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5125] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5125] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5143]}, 88) = 5143 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5125] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5143 attached ) = 0 [pid 5143] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5125] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... rseq resumed>) = 0 [pid 5143] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5143] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... futex resumed>) = 1 [ 75.732509][ T5126] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5143] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5125] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5125] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5143] <... ioctl resumed>) = 0 [pid 5143] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.842283][ T5126] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 75.910525][ T5126] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5143] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] exit_group(0 [pid 5143] <... futex resumed>) = ? [pid 5125] <... exit_group resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5126] <... ioctl resumed> ) = ? [pid 5126] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=56 /* 0.56 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 75.956477][ T5126] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 75.992712][ T5126] BTRFS info (device loop0): balance: ended with status: 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5144 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x5555560fc760, 24) = 0 [pid 5144] chdir("./6") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5144] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5145 attached [pid 5145] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5144] <... clone3 resumed> => {parent_tid=[5145]}, 88) = 5145 [pid 5145] <... rseq resumed>) = 0 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], [pid 5145] set_robust_list(0x7f29736fa9a0, 24 [pid 5144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5145] <... set_robust_list resumed>) = 0 [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5145] munmap(0x7f296b2da000, 138412032) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./bus", 0777) = 0 [ 76.395376][ T5145] loop0: detected capacity change from 0 to 32768 [ 76.405674][ T5145] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5145) [ 76.422052][ T5145] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 76.430906][ T5145] BTRFS info (device loop0): doing ref verification [ 76.437600][ T5145] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 76.448465][ T5145] BTRFS info (device loop0): force zlib compression, level 3 [ 76.455917][ T5145] BTRFS info (device loop0): allowing degraded mounts [ 76.462721][ T5145] BTRFS info (device loop0): using free space tree [pid 5145] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5145] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./bus") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5145] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] open("./file0", O_RDONLY [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... open resumed>) = 4 [pid 5145] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] creat("./file1", 000) = 5 [pid 5145] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] open("./file0", O_RDONLY [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... open resumed>) = 6 [pid 5145] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 1 [pid 5145] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... ioctl resumed>) = 0 [pid 5145] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 1 [pid 5145] creat("./bus", 012 [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... creat resumed>) = 7 [ 76.487575][ T5145] BTRFS info (device loop0): auto enabling async discard [pid 5145] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5145] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [pid 5145] open("./file0", O_RDONLY [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... open resumed>) = 9 [pid 5145] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 0 [pid 5145] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5145] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5144] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5162 attached => {parent_tid=[5162]}, 88) = 5162 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... rseq resumed>) = 0 [pid 5162] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5162] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5162] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5144] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 76.578596][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 76.589958][ T5145] BTRFS info (device loop0): balance: start -d -m [ 76.602949][ T5145] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5162] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5162] <... ioctl resumed>) = 0 [pid 5162] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.740726][ T5145] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5162] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] exit_group(0 [pid 5162] <... futex resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5144] <... exit_group resumed>) = ? [ 76.806745][ T5145] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5145] <... ioctl resumed> ) = ? [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=53 /* 0.53 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 76.855461][ T5145] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 76.889994][ T5145] BTRFS info (device loop0): balance: ended with status: 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5163 ./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x5555560fc760, 24) = 0 [pid 5163] chdir("./7") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5163] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5164 attached => {parent_tid=[5164]}, 88) = 5164 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5164] munmap(0x7f296b2da000, 138412032) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] mkdir("./bus", 0777) = 0 [ 77.294793][ T5164] loop0: detected capacity change from 0 to 32768 [ 77.306833][ T5164] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5164) [ 77.325413][ T5164] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 77.334225][ T5164] BTRFS info (device loop0): doing ref verification [ 77.340915][ T5164] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 77.351735][ T5164] BTRFS info (device loop0): force zlib compression, level 3 [ 77.359180][ T5164] BTRFS info (device loop0): allowing degraded mounts [ 77.366018][ T5164] BTRFS info (device loop0): using free space tree [pid 5164] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5164] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./bus") = 0 [pid 5164] ioctl(4, LOOP_CLR_FD) = 0 [pid 5164] close(4) = 0 [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5164] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] open("./file0", O_RDONLY) = 4 [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] creat("./file1", 000) = 5 [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... futex resumed>) = 1 [pid 5164] open("./file0", O_RDONLY) = 6 [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... futex resumed>) = 1 [ 77.390877][ T5164] BTRFS info (device loop0): auto enabling async discard [pid 5164] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] creat("./bus", 012) = 7 [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] open("./file0", O_RDONLY) = 9 [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5164] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 77.472911][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 77.504256][ T5164] BTRFS info (device loop0): balance: start -d -m [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5163] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5163] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5163] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5181 attached => {parent_tid=[5181]}, 88) = 5181 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5163] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5181] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5181] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5181] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 77.515888][ T5164] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5163] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5181] <... ioctl resumed>) = 0 [pid 5181] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.612440][ T5164] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 77.677473][ T5164] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5181] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5164] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] exit_group(0 [pid 5164] <... futex resumed>) = 0 [pid 5163] <... exit_group resumed>) = ? [pid 5181] <... futex resumed>) = ? [pid 5181] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=58 /* 0.58 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 77.726773][ T5164] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 77.762485][ T5164] BTRFS info (device loop0): balance: ended with status: 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5182 ./strace-static-x86_64: Process 5182 attached [pid 5182] set_robust_list(0x5555560fc760, 24) = 0 [pid 5182] chdir("./8") = 0 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] setpgid(0, 0) = 0 [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5182] write(3, "1000", 4) = 4 [pid 5182] close(3) = 0 [pid 5182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5182] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5182] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5182] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5183 attached [pid 5183] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5182] <... clone3 resumed> => {parent_tid=[5183]}, 88) = 5183 [pid 5183] <... rseq resumed>) = 0 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] <... futex resumed>) = 0 [pid 5183] memfd_create("syzkaller", 0 [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5183] <... memfd_create resumed>) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5183] munmap(0x7f296b2da000, 138412032) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5183] mkdir("./bus", 0777) = 0 [ 78.171736][ T5183] loop0: detected capacity change from 0 to 32768 [ 78.183393][ T5183] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5183) [ 78.201558][ T5183] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 78.210406][ T5183] BTRFS info (device loop0): doing ref verification [ 78.217163][ T5183] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 78.228198][ T5183] BTRFS info (device loop0): force zlib compression, level 3 [ 78.235706][ T5183] BTRFS info (device loop0): allowing degraded mounts [ 78.242631][ T5183] BTRFS info (device loop0): using free space tree [pid 5183] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5183] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] chdir("./bus") = 0 [pid 5183] ioctl(4, LOOP_CLR_FD) = 0 [pid 5183] close(4) = 0 [pid 5183] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5183] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] open("./file0", O_RDONLY [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... open resumed>) = 4 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] creat("./file1", 000) = 5 [pid 5183] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] open("./file0", O_RDONLY [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... open resumed>) = 6 [pid 5183] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 78.266346][ T5183] BTRFS info (device loop0): auto enabling async discard [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... ioctl resumed>) = 0 [pid 5183] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] creat("./bus", 012 [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... creat resumed>) = 7 [pid 5183] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... futex resumed>) = 1 [pid 5183] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5183] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] open("./file0", O_RDONLY) = 9 [pid 5183] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... futex resumed>) = 1 [pid 5183] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5183] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... futex resumed>) = 1 [pid 5183] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5182] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5182] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5182] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5200 attached [pid 5200] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5182] <... clone3 resumed> => {parent_tid=[5200]}, 88) = 5200 [pid 5200] <... rseq resumed>) = 0 [pid 5200] set_robust_list(0x7f29736d99a0, 24 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5200] <... set_robust_list resumed>) = 0 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5200] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] <... futex resumed>) = 1 [ 78.372612][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 78.390282][ T5183] BTRFS info (device loop0): balance: start -d -m [ 78.402311][ T5183] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5200] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 5200] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [ 78.505616][ T5183] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 78.570560][ T5183] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5200] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] exit_group(0) = ? [pid 5200] <... futex resumed>) = ? [pid 5200] +++ exited with 0 +++ [pid 5183] <... ioctl resumed> ) = ? [pid 5183] +++ exited with 0 +++ [pid 5182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=49 /* 0.49 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 78.617956][ T5183] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 78.655238][ T5183] BTRFS info (device loop0): balance: ended with status: 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5201 ./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x5555560fc760, 24) = 0 [pid 5201] chdir("./9") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5201] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5202 attached => {parent_tid=[5202]}, 88) = 5202 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5202] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5202] <... rseq resumed>) = 0 [pid 5202] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5202] munmap(0x7f296b2da000, 138412032) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./bus", 0777) = 0 [ 79.056089][ T5202] loop0: detected capacity change from 0 to 32768 [ 79.066357][ T5202] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5202) [ 79.083273][ T5202] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 79.092423][ T5202] BTRFS info (device loop0): doing ref verification [ 79.099170][ T5202] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 79.110030][ T5202] BTRFS info (device loop0): force zlib compression, level 3 [ 79.117533][ T5202] BTRFS info (device loop0): allowing degraded mounts [ 79.124326][ T5202] BTRFS info (device loop0): using free space tree [pid 5202] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5202] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./bus") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] <... futex resumed>) = 0 [pid 5202] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5202] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] open("./file0", O_RDONLY [pid 5201] <... futex resumed>) = 0 [pid 5202] <... open resumed>) = 4 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] <... futex resumed>) = 0 [pid 5202] creat("./file1", 000 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... creat resumed>) = 5 [pid 5202] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] open("./file0", O_RDONLY [pid 5201] <... futex resumed>) = 0 [pid 5202] <... open resumed>) = 6 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] <... futex resumed>) = 0 [pid 5202] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 79.149624][ T5202] BTRFS info (device loop0): auto enabling async discard [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... ioctl resumed>) = 0 [pid 5202] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] creat("./bus", 012 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... creat resumed>) = 7 [pid 5202] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5202] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] open("./file0", O_RDONLY) = 9 [pid 5202] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5202] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 1 [pid 5202] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5201] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5201] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5201] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5201] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5219]}, 88) = 5219 ./strace-static-x86_64: Process 5219 attached [pid 5201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5219] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5201] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... rseq resumed>) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5219] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5201] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5219] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5219] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 79.238729][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 79.255956][ T5202] BTRFS info (device loop0): balance: start -d -m [ 79.266339][ T5202] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5219] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 5219] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [ 79.359107][ T5202] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 79.447977][ T5202] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5219] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] exit_group(0 [pid 5219] <... futex resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5201] <... exit_group resumed>) = ? [ 79.513291][ T5202] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5202] <... ioctl resumed> ) = ? [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=57 /* 0.57 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 79.553913][ T5202] BTRFS info (device loop0): balance: ended with status: 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5220 ./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x5555560fc760, 24) = 0 [pid 5220] chdir("./10") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5220] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5220] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5221 attached => {parent_tid=[5221]}, 88) = 5221 [pid 5221] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5221] <... rseq resumed>) = 0 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5221] set_robust_list(0x7f29736fa9a0, 24 [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... set_robust_list resumed>) = 0 [pid 5220] <... futex resumed>) = 0 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5221] memfd_create("syzkaller", 0) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5221] munmap(0x7f296b2da000, 138412032) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] mkdir("./bus", 0777) = 0 [ 79.964926][ T5221] loop0: detected capacity change from 0 to 32768 [ 79.976084][ T5221] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5221) [ 79.992771][ T5221] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.002024][ T5221] BTRFS info (device loop0): doing ref verification [ 80.008677][ T5221] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 80.019486][ T5221] BTRFS info (device loop0): force zlib compression, level 3 [ 80.026944][ T5221] BTRFS info (device loop0): allowing degraded mounts [ 80.033717][ T5221] BTRFS info (device loop0): using free space tree [pid 5221] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5221] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./bus") = 0 [pid 5221] ioctl(4, LOOP_CLR_FD) = 0 [pid 5221] close(4) = 0 [pid 5221] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5221] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] open("./file0", O_RDONLY) = 4 [pid 5221] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5221] <... futex resumed>) = 1 [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] creat("./file1", 000 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... creat resumed>) = 5 [pid 5221] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5221] <... futex resumed>) = 1 [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] open("./file0", O_RDONLY [pid 5220] <... futex resumed>) = 0 [pid 5221] <... open resumed>) = 6 [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 80.057968][ T5221] BTRFS info (device loop0): auto enabling async discard [pid 5221] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5221] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... ioctl resumed>) = 0 [pid 5221] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... futex resumed>) = 0 [pid 5221] creat("./bus", 012) = 7 [pid 5221] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5221] <... futex resumed>) = 1 [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... openat resumed>) = 8 [pid 5221] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] open("./file0", O_RDONLY) = 9 [pid 5221] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5221] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... ioctl resumed>) = 0 [pid 5221] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5221] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 80.169521][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 80.207126][ T5221] BTRFS info (device loop0): balance: start -d -m [pid 5220] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5220] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5220] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5238 attached => {parent_tid=[5238]}, 88) = 5238 [pid 5238] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] <... rseq resumed>) = 0 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] set_robust_list(0x7f29736d99a0, 24 [pid 5220] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5220] <... futex resumed>) = 0 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5238] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 80.216485][ T5221] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5220] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5238] <... ioctl resumed>) = 0 [pid 5238] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.311767][ T5221] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 80.377140][ T5221] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5238] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] exit_group(0) = ? [pid 5238] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5221] <... ioctl resumed> ) = ? [pid 5221] +++ exited with 0 +++ [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 80.424697][ T5221] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 80.461745][ T5221] BTRFS info (device loop0): balance: ended with status: 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5239 ./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x5555560fc760, 24) = 0 [pid 5239] chdir("./11") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5239] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5240]}, 88) = 5240 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5240 attached [pid 5240] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5240] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5240] munmap(0x7f296b2da000, 138412032) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] mkdir("./bus", 0777) = 0 [ 80.867749][ T5240] loop0: detected capacity change from 0 to 32768 [ 80.878397][ T5240] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5240) [ 80.893957][ T5240] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 80.904181][ T5240] BTRFS info (device loop0): doing ref verification [ 80.910874][ T5240] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 80.921842][ T5240] BTRFS info (device loop0): force zlib compression, level 3 [ 80.929302][ T5240] BTRFS info (device loop0): allowing degraded mounts [ 80.936200][ T5240] BTRFS info (device loop0): using free space tree [pid 5240] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5240] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./bus") = 0 [pid 5240] ioctl(4, LOOP_CLR_FD) = 0 [pid 5240] close(4) = 0 [pid 5240] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5239] <... futex resumed>) = 0 [pid 5240] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] <... futex resumed>) = 0 [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] open("./file0", O_RDONLY [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... open resumed>) = 4 [pid 5240] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] creat("./file1", 000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... creat resumed>) = 5 [pid 5240] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] open("./file0", O_RDONLY) = 6 [pid 5240] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 80.959430][ T5240] BTRFS info (device loop0): auto enabling async discard [pid 5240] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] creat("./bus", 012 [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... creat resumed>) = 7 [pid 5240] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5240] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] open("./file0", O_RDONLY [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... open resumed>) = 9 [pid 5240] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5240] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5240] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... ioctl resumed>) = 0 [pid 5240] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5240] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5239] <... futex resumed>) = 0 [pid 5240] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5239] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5239] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5239] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5257]}, 88) = 5257 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5239] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5257 attached [pid 5257] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5257] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5257] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5257] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5257] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5239] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.065535][ T5240] BTRFS info (device loop0): balance: start -d -m [ 81.074719][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 81.088983][ T5240] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5239] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... ioctl resumed>) = 0 [pid 5257] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 1 [ 81.193536][ T5240] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 81.256537][ T5240] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5257] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] exit_group(0) = ? [pid 5257] <... futex resumed>) = ? [pid 5257] +++ exited with 0 +++ [pid 5240] <... ioctl resumed> ) = ? [pid 5240] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=50 /* 0.50 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 81.303756][ T5240] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 81.337864][ T5240] BTRFS info (device loop0): balance: ended with status: 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5258 ./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x5555560fc760, 24) = 0 [pid 5258] chdir("./12") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5258] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5258] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5259 attached => {parent_tid=[5259]}, 88) = 5259 [pid 5259] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5259] <... rseq resumed>) = 0 [pid 5259] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5259] memfd_create("syzkaller", 0) = 3 [pid 5259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5259] munmap(0x7f296b2da000, 138412032) = 0 [pid 5259] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5259] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5259] close(3) = 0 [pid 5259] mkdir("./bus", 0777) = 0 [ 81.871750][ T5259] loop0: detected capacity change from 0 to 32768 [ 81.884606][ T5259] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5259) [ 81.917965][ T5259] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 81.927647][ T5259] BTRFS info (device loop0): doing ref verification [ 81.934961][ T5259] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 81.946382][ T5259] BTRFS info (device loop0): force zlib compression, level 3 [ 81.954196][ T5259] BTRFS info (device loop0): allowing degraded mounts [ 81.961767][ T5259] BTRFS info (device loop0): using free space tree [pid 5259] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5259] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5259] chdir("./bus") = 0 [pid 5259] ioctl(4, LOOP_CLR_FD) = 0 [pid 5259] close(4) = 0 [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... futex resumed>) = 1 [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] open("./file0", O_RDONLY) = 4 [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... futex resumed>) = 1 [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5259] creat("./file1", 000 [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... creat resumed>) = 5 [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] open("./file0", O_RDONLY) = 6 [pid 5258] <... futex resumed>) = 0 [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5258] <... futex resumed>) = 0 [ 82.000563][ T5259] BTRFS info (device loop0): auto enabling async discard [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... ioctl resumed>) = 0 [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5259] creat("./bus", 012 [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... creat resumed>) = 7 [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5258] <... futex resumed>) = 1 [pid 5259] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... openat resumed>) = 8 [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] open("./file0", O_RDONLY) = 9 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5258] <... futex resumed>) = 0 [pid 5259] <... ioctl resumed>) = 0 [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5258] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5258] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5276]}, 88) = 5276 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5258] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5258] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5276 attached [pid 5276] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5276] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5276] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5276] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] <... futex resumed>) = 0 [pid 5258] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5258] <... futex resumed>) = 0 [ 82.095972][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 82.103944][ T5259] BTRFS info (device loop0): balance: start -d -m [ 82.115803][ T5259] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5258] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5258] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5276] <... ioctl resumed>) = 0 [pid 5276] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.220240][ T5259] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 82.297216][ T5259] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5276] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5259] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] exit_group(0 [pid 5276] <... futex resumed>) = ? [pid 5259] <... futex resumed>) = ? [pid 5258] <... exit_group resumed>) = ? [pid 5276] +++ exited with 0 +++ [pid 5259] +++ exited with 0 +++ [pid 5258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=52 /* 0.52 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 82.339341][ T5259] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 82.370728][ T5259] BTRFS info (device loop0): balance: ended with status: 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5277 ./strace-static-x86_64: Process 5277 attached [pid 5277] set_robust_list(0x5555560fc760, 24) = 0 [pid 5277] chdir("./13") = 0 [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5277] write(3, "1000", 4) = 4 [pid 5277] close(3) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5277] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5278 attached [pid 5278] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5277] <... clone3 resumed> => {parent_tid=[5278]}, 88) = 5278 [pid 5278] <... rseq resumed>) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] set_robust_list(0x7f29736fa9a0, 24 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] <... set_robust_list resumed>) = 0 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] memfd_create("syzkaller", 0) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5278] munmap(0x7f296b2da000, 138412032) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5278] close(3) = 0 [pid 5278] mkdir("./bus", 0777) = 0 [ 82.767469][ T5278] loop0: detected capacity change from 0 to 32768 [ 82.777944][ T5278] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5278) [ 82.797227][ T5278] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 82.806005][ T5278] BTRFS info (device loop0): doing ref verification [pid 5278] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5278] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5278] chdir("./bus") = 0 [pid 5278] ioctl(4, LOOP_CLR_FD) = 0 [pid 5278] close(4) = 0 [ 82.812622][ T5278] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 82.823622][ T5278] BTRFS info (device loop0): force zlib compression, level 3 [ 82.831048][ T5278] BTRFS info (device loop0): allowing degraded mounts [ 82.837994][ T5278] BTRFS info (device loop0): using free space tree [ 82.860875][ T5278] BTRFS info (device loop0): auto enabling async discard [pid 5278] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5277] <... futex resumed>) = 0 [pid 5278] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5278] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... futex resumed>) = 0 [pid 5278] open("./file0", O_RDONLY) = 4 [pid 5278] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] creat("./file1", 000) = 5 [pid 5278] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... futex resumed>) = 1 [pid 5278] open("./file0", O_RDONLY) = 6 [pid 5278] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... ioctl resumed>) = 0 [pid 5278] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] creat("./bus", 012 [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] <... creat resumed>) = 7 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5278] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] open("./file0", O_RDONLY [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... open resumed>) = 9 [pid 5278] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... ioctl resumed>) = 0 [pid 5278] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5277] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5277] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5277] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5295]}, 88) = 5295 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5277] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5295 attached [pid 5295] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5277] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] <... rseq resumed>) = 0 [pid 5295] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5295] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5295] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5295] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5277] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.949267][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 82.962878][ T5278] BTRFS info (device loop0): balance: start -d -m [ 82.974909][ T5278] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5277] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5295] <... ioctl resumed>) = 0 [pid 5295] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.099952][ T5278] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 83.164527][ T5278] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5295] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] exit_group(0 [pid 5295] <... futex resumed>) = ? [pid 5295] +++ exited with 0 +++ [pid 5277] <... exit_group resumed>) = ? [pid 5278] <... ioctl resumed> ) = ? [pid 5278] +++ exited with 0 +++ [pid 5277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5277, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=56 /* 0.56 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 83.210028][ T5278] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 83.245718][ T5278] BTRFS info (device loop0): balance: ended with status: 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5296 ./strace-static-x86_64: Process 5296 attached [pid 5296] set_robust_list(0x5555560fc760, 24) = 0 [pid 5296] chdir("./14") = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5296] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5296] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5297]}, 88) = 5297 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5297 attached [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5297] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5297] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5297] memfd_create("syzkaller", 0) = 3 [pid 5297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5297] munmap(0x7f296b2da000, 138412032) = 0 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5297] close(3) = 0 [pid 5297] mkdir("./bus", 0777) = 0 [ 83.643493][ T5297] loop0: detected capacity change from 0 to 32768 [ 83.653302][ T5297] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5297) [ 83.671328][ T5297] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 83.680156][ T5297] BTRFS info (device loop0): doing ref verification [ 83.686840][ T5297] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 83.697660][ T5297] BTRFS info (device loop0): force zlib compression, level 3 [ 83.705137][ T5297] BTRFS info (device loop0): allowing degraded mounts [ 83.711951][ T5297] BTRFS info (device loop0): using free space tree [pid 5297] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5297] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5297] chdir("./bus") = 0 [pid 5297] ioctl(4, LOOP_CLR_FD) = 0 [pid 5297] close(4) = 0 [pid 5297] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5296] <... futex resumed>) = 0 [pid 5297] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] open("./file0", O_RDONLY [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... open resumed>) = 4 [pid 5297] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5296] <... futex resumed>) = 1 [pid 5297] creat("./file1", 000 [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... creat resumed>) = 5 [pid 5297] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... futex resumed>) = 1 [pid 5297] open("./file0", O_RDONLY) = 6 [pid 5297] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... ioctl resumed>) = 0 [ 83.735178][ T5297] BTRFS info (device loop0): auto enabling async discard [pid 5297] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] creat("./bus", 012 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... creat resumed>) = 7 [pid 5297] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5297] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] <... futex resumed>) = 0 [pid 5297] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... openat resumed>) = 8 [pid 5297] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5297] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] open("./file0", O_RDONLY) = 9 [pid 5297] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5297] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5297] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5297] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5296] <... futex resumed>) = 1 [pid 5297] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 83.819081][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 83.850304][ T5297] BTRFS info (device loop0): balance: start -d -m [pid 5296] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5296] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5296] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5314]}, 88) = 5314 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5296] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5314 attached [pid 5314] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5314] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5314] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5314] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... futex resumed>) = 1 [ 83.861952][ T5297] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5314] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5296] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5314] <... ioctl resumed>) = 0 [pid 5314] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.969632][ T5297] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 84.037884][ T5297] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5314] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] exit_group(0) = ? [pid 5314] <... futex resumed>) = ? [pid 5314] +++ exited with 0 +++ [pid 5297] <... ioctl resumed> ) = ? [pid 5297] +++ exited with 0 +++ [pid 5296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5296, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=50 /* 0.50 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 84.086222][ T5297] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 84.123947][ T5297] BTRFS info (device loop0): balance: ended with status: 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5315 ./strace-static-x86_64: Process 5315 attached [pid 5315] set_robust_list(0x5555560fc760, 24) = 0 [pid 5315] chdir("./15") = 0 [pid 5315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5315] setpgid(0, 0) = 0 [pid 5315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5315] write(3, "1000", 4) = 4 [pid 5315] close(3) = 0 [pid 5315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5315] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5315] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5316 attached => {parent_tid=[5316]}, 88) = 5316 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], [pid 5316] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5316] set_robust_list(0x7f29736fa9a0, 24 [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... set_robust_list resumed>) = 0 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5316] memfd_create("syzkaller", 0) = 3 [pid 5316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5316] munmap(0x7f296b2da000, 138412032) = 0 [pid 5316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5316] close(3) = 0 [pid 5316] mkdir("./bus", 0777) = 0 [ 84.542215][ T5316] loop0: detected capacity change from 0 to 32768 [ 84.552477][ T5316] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5316) [ 84.569641][ T5316] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 84.578459][ T5316] BTRFS info (device loop0): doing ref verification [ 84.585118][ T5316] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 84.596141][ T5316] BTRFS info (device loop0): force zlib compression, level 3 [ 84.603553][ T5316] BTRFS info (device loop0): allowing degraded mounts [ 84.610564][ T5316] BTRFS info (device loop0): using free space tree [pid 5316] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5316] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5316] chdir("./bus") = 0 [pid 5316] ioctl(4, LOOP_CLR_FD) = 0 [pid 5316] close(4) = 0 [pid 5316] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5316] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5316] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5316] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] open("./file0", O_RDONLY) = 4 [pid 5316] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5316] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] creat("./file1", 000) = 5 [pid 5316] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] open("./file0", O_RDONLY) = 6 [pid 5316] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5316] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] creat("./bus", 012) = 7 [pid 5316] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5316] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] open("./file0", O_RDONLY [pid 5315] <... futex resumed>) = 0 [pid 5316] <... open resumed>) = 9 [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [ 84.633841][ T5316] BTRFS info (device loop0): auto enabling async discard [pid 5316] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5316] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5316] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5315] <... futex resumed>) = 1 [pid 5316] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5315] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5315] <... futex resumed>) = 1 [pid 5316] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5315] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5315] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5315] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5333]}, 88) = 5333 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5315] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5333 attached [pid 5333] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... rseq resumed>) = 0 [pid 5333] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5333] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5333] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5333] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5315] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 84.746006][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 84.760259][ T5316] BTRFS info (device loop0): balance: start -d -m [ 84.779293][ T5316] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 84.803756][ T5316] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 84.814608][ T5316] BTRFS error (device loop0): dumping block entry [5373952 4096], num_refs 0, metadata 1, from disk 0 [ 84.825769][ T5316] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [ 84.834793][ T5316] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 84.846214][ T5316] __btrfs_cow_block+0x465/0x1a90 [ 84.851489][ T5316] btrfs_cow_block+0x35e/0xa10 [ 84.856554][ T5316] btrfs_search_slot+0xbf9/0x2f80 [ 84.861821][ T5316] btrfs_insert_empty_items+0x9c/0x180 [ 84.867593][ T5316] insert_with_overflow+0x150/0x3f0 [ 84.873012][ T5316] btrfs_insert_dir_item+0x243/0x630 [ 84.878591][ T5316] btrfs_add_link+0x270/0xc50 [ 84.883491][ T5316] btrfs_create_new_inode+0x1b3d/0x2710 [ 84.889350][ T5316] btrfs_create_common+0x1f9/0x300 [ 84.894754][ T5316] path_openat+0x13e7/0x3180 [ 84.899580][ T5316] do_filp_open+0x234/0x490 [pid 5315] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 84.904302][ T5316] do_sys_openat2+0x13e/0x1d0 [ 84.909299][ T5316] __x64_sys_creat+0x123/0x160 [ 84.914292][ T5316] do_syscall_64+0x41/0xc0 [ 84.918988][ T5316] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.925165][ T5316] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 84.938195][ T5316] __btrfs_cow_block+0xcca/0x1a90 [ 84.943432][ T5316] btrfs_cow_block+0x35e/0xa10 [ 84.948490][ T5316] btrfs_search_slot+0xbf9/0x2f80 [pid 5315] exit_group(0) = ? [ 84.953731][ T5316] btrfs_lookup_inode+0xdc/0x480 [ 84.958960][ T5316] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 84.965107][ T5316] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 84.971882][ T5316] __btrfs_run_delayed_items+0x213/0x490 [ 84.977768][ T5316] btrfs_commit_transaction+0x8a4/0x3730 [ 84.983603][ T5316] prepare_to_relocate+0x3c5/0x4c0 [ 84.989010][ T5316] relocate_block_group+0x17f/0xcd0 [ 84.994482][ T5316] btrfs_relocate_block_group+0x7ab/0xd70 [ 85.000409][ T5316] btrfs_relocate_chunk+0x12c/0x3b0 [ 85.005866][ T5316] __btrfs_balance+0x1b06/0x2690 [ 85.011020][ T5316] btrfs_balance+0xbd8/0x10d0 [ 85.015946][ T5316] btrfs_ioctl_balance+0x496/0x7c0 [ 85.021264][ T5316] __se_sys_ioctl+0xf8/0x170 [ 85.026119][ T5316] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 5246976, owner 0, offset 0, num_refs 1 [ 85.037985][ T5316] __btrfs_mod_ref+0x9b1/0xe20 [ 85.042960][ T5316] btrfs_copy_root+0x851/0xce0 [ 85.047998][ T5316] create_reloc_root+0x244/0x9a0 [ 85.053154][ T5316] btrfs_init_reloc_root+0x329/0x4e0 [ 85.058696][ T5316] record_root_in_trans+0x2c9/0x360 [ 85.064094][ T5316] qgroup_account_snapshot+0xa9/0x340 [ 85.069833][ T5316] create_pending_snapshot+0x1050/0x28b0 [ 85.075792][ T5316] create_pending_snapshots+0x195/0x1d0 [ 85.081553][ T5316] btrfs_commit_transaction+0xf1c/0x3730 [ 85.087476][ T5316] prepare_to_relocate+0x3c5/0x4c0 [ 85.092804][ T5316] relocate_block_group+0x17f/0xcd0 [ 85.098296][ T5316] btrfs_relocate_block_group+0x7ab/0xd70 [pid 5333] <... ioctl resumed>) = ? [pid 5333] +++ exited with 0 +++ [ 85.104225][ T5316] btrfs_relocate_chunk+0x12c/0x3b0 [ 85.109675][ T5316] __btrfs_balance+0x1b06/0x2690 [ 85.114836][ T5316] btrfs_balance+0xbd8/0x10d0 [ 85.119694][ T5316] btrfs_ioctl_balance+0x496/0x7c0 [pid 5316] <... ioctl resumed> ) = ? [pid 5316] +++ exited with 0 +++ [pid 5315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5315, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=70 /* 0.70 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 85.165253][ T5316] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 85.189908][ T5316] BTRFS info (device loop0): balance: canceled umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5334 ./strace-static-x86_64: Process 5334 attached [pid 5334] set_robust_list(0x5555560fc760, 24) = 0 [pid 5334] chdir("./16") = 0 [pid 5334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5334] setpgid(0, 0) = 0 [pid 5334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5334] write(3, "1000", 4) = 4 [pid 5334] close(3) = 0 [pid 5334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5334] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5334] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5335]}, 88) = 5335 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5335 attached [pid 5335] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5335] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5335] memfd_create("syzkaller", 0) = 3 [pid 5335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5335] munmap(0x7f296b2da000, 138412032) = 0 [pid 5335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5335] close(3) = 0 [pid 5335] mkdir("./bus", 0777) = 0 [ 85.590316][ T5335] loop0: detected capacity change from 0 to 32768 [ 85.600780][ T5335] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5335) [ 85.617310][ T5335] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 85.626199][ T5335] BTRFS info (device loop0): doing ref verification [pid 5335] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5335] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5335] chdir("./bus") = 0 [pid 5335] ioctl(4, LOOP_CLR_FD) = 0 [pid 5335] close(4) = 0 [pid 5335] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5335] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5334] <... futex resumed>) = 0 [pid 5335] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5335] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5335] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5334] <... futex resumed>) = 0 [pid 5335] open("./file0", O_RDONLY [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... open resumed>) = 4 [pid 5335] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... futex resumed>) = 0 [pid 5335] creat("./file1", 000) = 5 [pid 5335] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] open("./file0", O_RDONLY) = 6 [pid 5334] <... futex resumed>) = 0 [pid 5335] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 85.632797][ T5335] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 85.643668][ T5335] BTRFS info (device loop0): force zlib compression, level 3 [ 85.651192][ T5335] BTRFS info (device loop0): allowing degraded mounts [ 85.658010][ T5335] BTRFS info (device loop0): using free space tree [ 85.680283][ T5335] BTRFS info (device loop0): auto enabling async discard [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = 1 [pid 5335] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... ioctl resumed>) = 0 [pid 5335] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5335] creat("./bus", 012 [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... creat resumed>) = 7 [pid 5335] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] <... futex resumed>) = 0 [pid 5335] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... openat resumed>) = 8 [pid 5335] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5335] <... futex resumed>) = 1 [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] open("./file0", O_RDONLY [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... open resumed>) = 9 [pid 5335] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... futex resumed>) = 1 [pid 5335] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5335] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5335] <... futex resumed>) = 1 [pid 5335] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5334] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5334] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5352]}, 88) = 5352 ./strace-static-x86_64: Process 5352 attached [pid 5334] rt_sigprocmask(SIG_SETMASK, [], [pid 5352] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5352] <... rseq resumed>) = 0 [pid 5334] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] set_robust_list(0x7f29736d99a0, 24 [pid 5334] <... futex resumed>) = 0 [pid 5352] <... set_robust_list resumed>) = 0 [ 85.761137][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 85.792174][ T5335] BTRFS info (device loop0): balance: start -d -m [ 85.801616][ T5335] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5334] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5352] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5352] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5334] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5334] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... futex resumed>) = 1 [pid 5352] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5334] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5352] <... ioctl resumed>) = 0 [pid 5352] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 85.917337][ T5335] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 85.985066][ T5335] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5352] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] exit_group(0) = ? [pid 5352] <... futex resumed>) = ? [pid 5352] +++ exited with 0 +++ [pid 5335] <... ioctl resumed> ) = ? [pid 5335] +++ exited with 0 +++ [pid 5334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5334, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=55 /* 0.55 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 86.032932][ T5335] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 86.072194][ T5335] BTRFS info (device loop0): balance: ended with status: 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5353] set_robust_list(0x5555560fc760, 24) = 0 [pid 5353] chdir("./17") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5353] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5354]}, 88) = 5354 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5354 attached NULL, 8) = 0 [pid 5354] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... rseq resumed>) = 0 [pid 5354] set_robust_list(0x7f29736fa9a0, 24 [pid 5353] <... futex resumed>) = 0 [pid 5354] <... set_robust_list resumed>) = 0 [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5354] munmap(0x7f296b2da000, 138412032) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] mkdir("./bus", 0777) = 0 [ 86.467022][ T5354] loop0: detected capacity change from 0 to 32768 [ 86.478636][ T5354] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5354) [ 86.495067][ T5354] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 86.503783][ T5354] BTRFS info (device loop0): doing ref verification [ 86.510741][ T5354] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 86.521823][ T5354] BTRFS info (device loop0): force zlib compression, level 3 [ 86.529902][ T5354] BTRFS info (device loop0): allowing degraded mounts [ 86.536978][ T5354] BTRFS info (device loop0): using free space tree [pid 5354] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5354] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./bus") = 0 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [pid 5354] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5354] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5354] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] open("./file0", O_RDONLY) = 4 [pid 5354] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 0 [pid 5354] <... futex resumed>) = 1 [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] creat("./file1", 000 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... creat resumed>) = 5 [pid 5354] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] open("./file0", O_RDONLY) = 6 [pid 5354] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = 0 [pid 5354] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5353] <... futex resumed>) = 1 [ 86.561171][ T5354] BTRFS info (device loop0): auto enabling async discard [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... ioctl resumed>) = 0 [pid 5354] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] creat("./bus", 012 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... creat resumed>) = 7 [pid 5354] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5354] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... openat resumed>) = 8 [pid 5354] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 0 [pid 5354] <... futex resumed>) = 1 [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] open("./file0", O_RDONLY [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... open resumed>) = 9 [pid 5354] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... ioctl resumed>) = 0 [pid 5354] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 0 [pid 5354] <... futex resumed>) = 1 [pid 5353] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5353] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5353] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5371]}, 88) = 5371 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5353] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5371 attached [pid 5371] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5371] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5371] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5371] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5353] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.662485][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 86.676161][ T5354] BTRFS info (device loop0): balance: start -d -m [ 86.688833][ T778] cfg80211: failed to load regulatory.db [ 86.695788][ T5354] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5353] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5371] <... ioctl resumed>) = 0 [pid 5371] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [ 86.810987][ T5354] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 86.893849][ T5354] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5371] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] exit_group(0 [pid 5371] <... futex resumed>) = ? [pid 5353] <... exit_group resumed>) = ? [pid 5371] +++ exited with 0 +++ [pid 5354] <... ioctl resumed> ) = ? [pid 5354] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=47 /* 0.47 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 86.942401][ T5354] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 86.978773][ T5354] BTRFS info (device loop0): balance: ended with status: 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5372 ./strace-static-x86_64: Process 5372 attached [pid 5372] set_robust_list(0x5555560fc760, 24) = 0 [pid 5372] chdir("./18") = 0 [pid 5372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5372] setpgid(0, 0) = 0 [pid 5372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5372] write(3, "1000", 4) = 4 [pid 5372] close(3) = 0 [pid 5372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5372] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5372] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5373 attached => {parent_tid=[5373]}, 88) = 5373 [pid 5373] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] set_robust_list(0x7f29736fa9a0, 24 [pid 5372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5373] <... set_robust_list resumed>) = 0 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5373] memfd_create("syzkaller", 0) = 3 [pid 5373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5373] munmap(0x7f296b2da000, 138412032) = 0 [pid 5373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5373] close(3) = 0 [pid 5373] mkdir("./bus", 0777) = 0 [ 87.401934][ T5373] loop0: detected capacity change from 0 to 32768 [ 87.413179][ T5373] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5373) [ 87.428768][ T5373] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 87.438838][ T5373] BTRFS info (device loop0): doing ref verification [pid 5373] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5373] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5373] chdir("./bus") = 0 [pid 5373] ioctl(4, LOOP_CLR_FD) = 0 [pid 5373] close(4) = 0 [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5373] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] <... futex resumed>) = 0 [pid 5373] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] open("./file0", O_RDONLY) = 4 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5373] creat("./file1", 000 [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... creat resumed>) = 5 [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... futex resumed>) = 1 [pid 5373] open("./file0", O_RDONLY) = 6 [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5373] <... futex resumed>) = 1 [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 87.445987][ T5373] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 87.456857][ T5373] BTRFS info (device loop0): force zlib compression, level 3 [ 87.464264][ T5373] BTRFS info (device loop0): allowing degraded mounts [ 87.471439][ T5373] BTRFS info (device loop0): using free space tree [ 87.493604][ T5373] BTRFS info (device loop0): auto enabling async discard [pid 5373] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5373] creat("./bus", 012 [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... creat resumed>) = 7 [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5373] open("./file0", O_RDONLY [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... open resumed>) = 9 [pid 5372] <... futex resumed>) = 0 [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5372] <... futex resumed>) = 0 [pid 5373] <... ioctl resumed>) = 0 [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] <... futex resumed>) = 0 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5373] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] <... futex resumed>) = 0 [pid 5373] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5372] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5372] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5372] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5390]}, 88) = 5390 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5372] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5390 attached [pid 5390] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5390] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5390] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5390] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] <... futex resumed>) = 0 [pid 5390] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] <... futex resumed>) = 0 [pid 5390] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 87.600703][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 87.614626][ T5373] BTRFS info (device loop0): balance: start -d -m [ 87.623680][ T5373] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5372] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... ioctl resumed>) = 0 [pid 5390] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5390] <... futex resumed>) = 0 [ 87.719269][ T5373] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 87.780996][ T5373] BTRFS info (device loop0): found 13 extents, stage: move data extents [pid 5390] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5373] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5373] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] exit_group(0 [pid 5390] <... futex resumed>) = ? [pid 5372] <... exit_group resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5373] +++ exited with 0 +++ [pid 5372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5372, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 87.825102][ T5373] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 87.862368][ T5373] BTRFS info (device loop0): balance: ended with status: 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5391 attached , child_tidptr=0x5555560fc750) = 5391 [pid 5391] set_robust_list(0x5555560fc760, 24) = 0 [pid 5391] chdir("./19") = 0 [pid 5391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5391] setpgid(0, 0) = 0 [pid 5391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5391] write(3, "1000", 4) = 4 [pid 5391] close(3) = 0 [pid 5391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5391] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5392 attached [pid 5392] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5391] <... clone3 resumed> => {parent_tid=[5392]}, 88) = 5392 [pid 5392] <... rseq resumed>) = 0 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], [pid 5392] set_robust_list(0x7f29736fa9a0, 24 [pid 5391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5392] <... set_robust_list resumed>) = 0 [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], [pid 5391] <... futex resumed>) = 0 [pid 5392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5392] memfd_create("syzkaller", 0) = 3 [pid 5392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5392] munmap(0x7f296b2da000, 138412032) = 0 [pid 5392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5392] close(3) = 0 [pid 5392] mkdir("./bus", 0777) = 0 [ 88.257099][ T5392] loop0: detected capacity change from 0 to 32768 [ 88.267964][ T5392] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5392) [ 88.285966][ T5392] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 88.294777][ T5392] BTRFS info (device loop0): doing ref verification [pid 5392] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5392] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5392] chdir("./bus") = 0 [pid 5392] ioctl(4, LOOP_CLR_FD) = 0 [pid 5392] close(4) = 0 [pid 5392] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5392] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5392] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] <... futex resumed>) = 1 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5391] <... futex resumed>) = 1 [pid 5392] open("./file0", O_RDONLY) = 4 [pid 5392] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 0 [pid 5391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] creat("./file1", 000) = 5 [pid 5392] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] open("./file0", O_RDONLY) = 6 [pid 5392] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [ 88.301400][ T5392] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 88.312374][ T5392] BTRFS info (device loop0): force zlib compression, level 3 [ 88.319851][ T5392] BTRFS info (device loop0): allowing degraded mounts [ 88.326708][ T5392] BTRFS info (device loop0): using free space tree [ 88.349694][ T5392] BTRFS info (device loop0): auto enabling async discard [pid 5392] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5392] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5392] creat("./bus", 012 [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... creat resumed>) = 7 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5392] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] open("./file0", O_RDONLY) = 9 [pid 5392] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5392] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5391] <... futex resumed>) = 0 [pid 5391] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5392] <... futex resumed>) = 1 [pid 5392] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5391] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5391] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5391] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5409 attached => {parent_tid=[5409]}, 88) = 5409 [pid 5409] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], [pid 5409] <... rseq resumed>) = 0 [pid 5391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5409] set_robust_list(0x7f29736d99a0, 24 [pid 5391] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... set_robust_list resumed>) = 0 [pid 5391] <... futex resumed>) = 0 [pid 5409] rt_sigprocmask(SIG_SETMASK, [], [pid 5391] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5409] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5409] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5391] <... futex resumed>) = 0 [pid 5409] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5391] <... futex resumed>) = 0 [pid 5409] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 88.422287][ T5392] BTRFS info (device loop0): balance: start -d -m [ 88.423592][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 88.441614][ T5392] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5391] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5409] <... ioctl resumed>) = 0 [pid 5409] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.566963][ T5392] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5409] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5391] exit_group(0 [pid 5409] <... futex resumed>) = ? [pid 5409] +++ exited with 0 +++ [pid 5391] <... exit_group resumed>) = ? [ 88.645493][ T5392] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5392] <... ioctl resumed> ) = ? [pid 5392] +++ exited with 0 +++ [pid 5391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5391, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=50 /* 0.50 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 88.697319][ T5392] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 88.731359][ T5392] BTRFS info (device loop0): balance: ended with status: 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5410 ./strace-static-x86_64: Process 5410 attached [pid 5410] set_robust_list(0x5555560fc760, 24) = 0 [pid 5410] chdir("./20") = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5410] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5411 attached [pid 5411] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5410] <... clone3 resumed> => {parent_tid=[5411]}, 88) = 5411 [pid 5411] <... rseq resumed>) = 0 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], [pid 5411] set_robust_list(0x7f29736fa9a0, 24 [pid 5410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5411] <... set_robust_list resumed>) = 0 [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] rt_sigprocmask(SIG_SETMASK, [], [pid 5410] <... futex resumed>) = 0 [pid 5411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5411] memfd_create("syzkaller", 0) = 3 [pid 5411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5411] munmap(0x7f296b2da000, 138412032) = 0 [pid 5411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5411] close(3) = 0 [pid 5411] mkdir("./bus", 0777) = 0 [ 89.131229][ T5411] loop0: detected capacity change from 0 to 32768 [ 89.142798][ T5411] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5411) [ 89.162343][ T5411] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 89.171607][ T5411] BTRFS info (device loop0): doing ref verification [ 89.178326][ T5411] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 89.189258][ T5411] BTRFS info (device loop0): force zlib compression, level 3 [ 89.196736][ T5411] BTRFS info (device loop0): allowing degraded mounts [ 89.203523][ T5411] BTRFS info (device loop0): using free space tree [pid 5411] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5411] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5411] chdir("./bus") = 0 [pid 5411] ioctl(4, LOOP_CLR_FD) = 0 [pid 5411] close(4) = 0 [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5411] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5411] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] <... futex resumed>) = 0 [pid 5411] open("./file0", O_RDONLY [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... open resumed>) = 4 [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 1 [pid 5411] creat("./file1", 000) = 5 [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5411] <... futex resumed>) = 1 [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] open("./file0", O_RDONLY [pid 5410] <... futex resumed>) = 0 [pid 5411] <... open resumed>) = 6 [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = 0 [pid 5411] <... futex resumed>) = 1 [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... ioctl resumed>) = 0 [ 89.226593][ T5411] BTRFS info (device loop0): auto enabling async discard [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5411] creat("./bus", 012 [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... creat resumed>) = 7 [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5411] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... openat resumed>) = 8 [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5411] open("./file0", O_RDONLY) = 9 [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5411] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] <... futex resumed>) = 0 [pid 5411] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... ioctl resumed>) = 0 [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] <... futex resumed>) = 0 [pid 5410] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 89.296210][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 89.331977][ T5411] BTRFS info (device loop0): balance: start -d -m [pid 5411] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5410] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5410] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5410] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 89.342658][ T5411] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5428 attached => {parent_tid=[5428]}, 88) = 5428 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], [pid 5428] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5428] <... rseq resumed>) = 0 [pid 5410] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] set_robust_list(0x7f29736d99a0, 24 [pid 5410] <... futex resumed>) = 0 [pid 5428] <... set_robust_list resumed>) = 0 [pid 5410] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5428] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5428] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5428] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] <... futex resumed>) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5428] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5410] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] <... ioctl resumed>) = 0 [pid 5428] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5428] <... futex resumed>) = 0 [ 89.448283][ T5411] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 89.524909][ T5411] BTRFS info (device loop0): found 8 extents, stage: move data extents [pid 5428] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5411] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5411] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] exit_group(0 [pid 5411] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = ? [pid 5410] <... exit_group resumed>) = ? [pid 5428] +++ exited with 0 +++ [pid 5411] +++ exited with 0 +++ [pid 5410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5410, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=56 /* 0.56 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 89.573997][ T5411] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 89.613764][ T5411] BTRFS info (device loop0): balance: ended with status: 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5429 ./strace-static-x86_64: Process 5429 attached [pid 5429] set_robust_list(0x5555560fc760, 24) = 0 [pid 5429] chdir("./21") = 0 [pid 5429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5429] setpgid(0, 0) = 0 [pid 5429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5429] write(3, "1000", 4) = 4 [pid 5429] close(3) = 0 [pid 5429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5429] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5430]}, 88) = 5430 [pid 5429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5430 attached [pid 5430] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5430] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5430] memfd_create("syzkaller", 0) = 3 [pid 5430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5430] munmap(0x7f296b2da000, 138412032) = 0 [pid 5430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5430] close(3) = 0 [pid 5430] mkdir("./bus", 0777) = 0 [ 90.017820][ T5430] loop0: detected capacity change from 0 to 32768 [ 90.027337][ T5430] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5430) [ 90.043838][ T5430] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.052690][ T5430] BTRFS info (device loop0): doing ref verification [ 90.059362][ T5430] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 90.070248][ T5430] BTRFS info (device loop0): force zlib compression, level 3 [ 90.077770][ T5430] BTRFS info (device loop0): allowing degraded mounts [ 90.084600][ T5430] BTRFS info (device loop0): using free space tree [pid 5430] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5430] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5430] chdir("./bus") = 0 [pid 5430] ioctl(4, LOOP_CLR_FD) = 0 [pid 5430] close(4) = 0 [pid 5430] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5430] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] <... futex resumed>) = 0 [pid 5430] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5430] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = 0 [pid 5430] <... futex resumed>) = 1 [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] open("./file0", O_RDONLY [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... open resumed>) = 4 [pid 5430] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 1 [pid 5430] creat("./file1", 000) = 5 [pid 5430] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 1 [pid 5430] open("./file0", O_RDONLY) = 6 [pid 5430] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = 0 [pid 5430] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5429] <... futex resumed>) = 1 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... ioctl resumed>) = 0 [pid 5430] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5430] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5430] creat("./bus", 012 [pid 5429] <... futex resumed>) = 0 [pid 5430] <... creat resumed>) = 7 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 1 [pid 5430] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5430] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 1 [pid 5430] open("./file0", O_RDONLY) = 9 [pid 5430] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 1 [pid 5430] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5430] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... futex resumed>) = 1 [ 90.109009][ T5430] BTRFS info (device loop0): auto enabling async discard [pid 5430] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5429] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5429] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5429] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5447]}, 88) = 5447 [pid 5429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5429] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5447 attached [pid 5447] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5447] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5447] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5447] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [ 90.174859][ T5430] BTRFS info (device loop0): balance: start -d -m [ 90.176519][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 90.205840][ T5430] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5429] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5447] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5429] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5447] <... ioctl resumed>) = 0 [pid 5447] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.336773][ T5430] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 90.402045][ T5430] BTRFS info (device loop0): found 13 extents, stage: move data extents [pid 5447] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] exit_group(0 [pid 5447] <... futex resumed>) = ? [pid 5447] +++ exited with 0 +++ [pid 5429] <... exit_group resumed>) = ? [pid 5430] <... ioctl resumed> ) = ? [pid 5430] +++ exited with 0 +++ [pid 5429] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5429, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 90.451399][ T5430] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 90.486670][ T5430] BTRFS info (device loop0): balance: ended with status: 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5448 attached , child_tidptr=0x5555560fc750) = 5448 [pid 5448] set_robust_list(0x5555560fc760, 24) = 0 [pid 5448] chdir("./22") = 0 [pid 5448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5448] setpgid(0, 0) = 0 [pid 5448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5448] write(3, "1000", 4) = 4 [pid 5448] close(3) = 0 [pid 5448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5448] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5448] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5449 attached => {parent_tid=[5449]}, 88) = 5449 [pid 5449] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5449] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5448] rt_sigprocmask(SIG_SETMASK, [], [pid 5449] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5448] <... futex resumed>) = 1 [pid 5449] memfd_create("syzkaller", 0 [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5449] <... memfd_create resumed>) = 3 [pid 5449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5449] munmap(0x7f296b2da000, 138412032) = 0 [pid 5449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5449] close(3) = 0 [pid 5449] mkdir("./bus", 0777) = 0 [ 90.891108][ T5449] loop0: detected capacity change from 0 to 32768 [ 90.902463][ T5449] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5449) [ 90.919074][ T5449] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 90.928021][ T5449] BTRFS info (device loop0): doing ref verification [ 90.934760][ T5449] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 90.945588][ T5449] BTRFS info (device loop0): force zlib compression, level 3 [ 90.952974][ T5449] BTRFS info (device loop0): allowing degraded mounts [ 90.959899][ T5449] BTRFS info (device loop0): using free space tree [pid 5449] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5449] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5449] chdir("./bus") = 0 [pid 5449] ioctl(4, LOOP_CLR_FD) = 0 [pid 5449] close(4) = 0 [pid 5449] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5449] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5449] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] open("./file0", O_RDONLY [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... open resumed>) = 4 [pid 5449] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5449] creat("./file1", 000 [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... creat resumed>) = 5 [pid 5449] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] open("./file0", O_RDONLY) = 6 [pid 5449] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.982395][ T5449] BTRFS info (device loop0): auto enabling async discard [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... ioctl resumed>) = 0 [pid 5449] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5448] <... futex resumed>) = 1 [pid 5449] creat("./bus", 012 [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... creat resumed>) = 7 [pid 5449] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5449] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] open("./file0", O_RDONLY [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... open resumed>) = 9 [pid 5449] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5449] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... ioctl resumed>) = 0 [pid 5449] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5448] <... futex resumed>) = 0 [pid 5449] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5448] <... futex resumed>) = 0 [pid 5449] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5448] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5448] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5448] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5466 attached => {parent_tid=[5466]}, 88) = 5466 [pid 5448] rt_sigprocmask(SIG_SETMASK, [], [pid 5466] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5466] set_robust_list(0x7f29736d99a0, 24 [pid 5448] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... set_robust_list resumed>) = 0 [pid 5448] <... futex resumed>) = 0 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], [pid 5448] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5466] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5466] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = 0 [pid 5466] <... futex resumed>) = 1 [pid 5448] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5448] <... futex resumed>) = 0 [ 91.097555][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 91.108651][ T5449] BTRFS info (device loop0): balance: start -d -m [ 91.119688][ T5449] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5448] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5466] <... ioctl resumed>) = 0 [pid 5466] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5466] <... futex resumed>) = 0 [ 91.214332][ T5449] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 91.282410][ T5449] BTRFS info (device loop0): found 8 extents, stage: move data extents [pid 5466] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5448] exit_group(0) = ? [pid 5466] <... futex resumed>) = ? [pid 5466] +++ exited with 0 +++ [pid 5449] <... ioctl resumed> ) = ? [pid 5449] +++ exited with 0 +++ [pid 5448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5448, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 91.330333][ T5449] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 91.363236][ T5449] BTRFS info (device loop0): balance: ended with status: 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5467 ./strace-static-x86_64: Process 5467 attached [pid 5467] set_robust_list(0x5555560fc760, 24) = 0 [pid 5467] chdir("./23") = 0 [pid 5467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5467] setpgid(0, 0) = 0 [pid 5467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5467] write(3, "1000", 4) = 4 [pid 5467] close(3) = 0 [pid 5467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5467] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5467] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5467] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5467] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5468 attached [pid 5468] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5467] <... clone3 resumed> => {parent_tid=[5468]}, 88) = 5468 [pid 5468] <... rseq resumed>) = 0 [pid 5468] set_robust_list(0x7f29736fa9a0, 24 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], [pid 5468] <... set_robust_list resumed>) = 0 [pid 5467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] memfd_create("syzkaller", 0 [pid 5467] <... futex resumed>) = 0 [pid 5468] <... memfd_create resumed>) = 3 [pid 5468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5468] munmap(0x7f296b2da000, 138412032) = 0 [pid 5468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5468] close(3) = 0 [pid 5468] mkdir("./bus", 0777) = 0 [ 91.758923][ T5468] loop0: detected capacity change from 0 to 32768 [ 91.770605][ T5468] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5468) [ 91.788724][ T5468] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 91.798005][ T5468] BTRFS info (device loop0): doing ref verification [ 91.804690][ T5468] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 91.816075][ T5468] BTRFS info (device loop0): force zlib compression, level 3 [ 91.823468][ T5468] BTRFS info (device loop0): allowing degraded mounts [ 91.830680][ T5468] BTRFS info (device loop0): using free space tree [pid 5468] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5468] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5468] chdir("./bus") = 0 [pid 5468] ioctl(4, LOOP_CLR_FD) = 0 [pid 5468] close(4) = 0 [pid 5468] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5467] <... futex resumed>) = 1 [pid 5468] open("./file0", O_RDONLY [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... open resumed>) = 4 [pid 5468] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5467] <... futex resumed>) = 1 [pid 5468] creat("./file1", 000) = 5 [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] open("./file0", O_RDONLY [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... open resumed>) = 6 [pid 5468] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.853469][ T5468] BTRFS info (device loop0): auto enabling async discard [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... ioctl resumed>) = 0 [pid 5468] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5467] <... futex resumed>) = 1 [pid 5468] creat("./bus", 012) = 7 [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5467] <... futex resumed>) = 1 [pid 5468] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... openat resumed>) = 8 [pid 5468] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] open("./file0", O_RDONLY [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... open resumed>) = 9 [pid 5468] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5467] <... futex resumed>) = 1 [pid 5468] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... ioctl resumed>) = 0 [pid 5468] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5467] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5467] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5467] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5467] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5485 attached [pid 5485] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5467] <... clone3 resumed> => {parent_tid=[5485]}, 88) = 5485 [pid 5485] <... rseq resumed>) = 0 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], [pid 5485] set_robust_list(0x7f29736d99a0, 24 [pid 5467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5485] <... set_robust_list resumed>) = 0 [pid 5467] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] rt_sigprocmask(SIG_SETMASK, [], [pid 5467] <... futex resumed>) = 0 [pid 5485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5467] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5485] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5485] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] <... futex resumed>) = 0 [pid 5485] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 91.952521][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 91.975412][ T5468] BTRFS info (device loop0): balance: start -d -m [ 91.993086][ T5468] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 92.010249][ T5485] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 92.021287][ T5485] BTRFS error (device loop0): dumping block entry [5378048 4096], num_refs 0, metadata 1, from disk 0 [ 92.032754][ T5485] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [ 92.041951][ T5485] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 92.053708][ T5485] __btrfs_cow_block+0x465/0x1a90 [ 92.059469][ T5485] btrfs_cow_block+0x35e/0xa10 [ 92.064919][ T5485] btrfs_search_slot+0xbf9/0x2f80 [ 92.070170][ T5485] btrfs_insert_empty_items+0x9c/0x180 [ 92.076241][ T5485] insert_with_overflow+0x150/0x3f0 [ 92.081661][ T5485] btrfs_insert_dir_item+0x243/0x630 [ 92.087499][ T5485] btrfs_add_link+0x270/0xc50 [ 92.092399][ T5485] btrfs_create_new_inode+0x1b3d/0x2710 [ 92.098246][ T5485] btrfs_create_common+0x1f9/0x300 [ 92.103581][ T5485] path_openat+0x13e7/0x3180 [pid 5467] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 92.108507][ T5485] do_filp_open+0x234/0x490 [ 92.113228][ T5485] do_sys_openat2+0x13e/0x1d0 [ 92.118516][ T5485] __x64_sys_creat+0x123/0x160 [ 92.123772][ T5485] do_syscall_64+0x41/0xc0 [ 92.128466][ T5485] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 92.134661][ T5485] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 92.147688][ T5485] __btrfs_cow_block+0xcca/0x1a90 [ 92.152937][ T5485] btrfs_cow_block+0x35e/0xa10 [ 92.157991][ T5485] btrfs_search_slot+0xbf9/0x2f80 [ 92.163215][ T5485] btrfs_lookup_inode+0xdc/0x480 [ 92.168453][ T5485] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 92.174592][ T5485] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 92.183193][ T5485] __btrfs_run_delayed_items+0x213/0x490 [ 92.189056][ T5485] btrfs_commit_transaction+0x8a4/0x3730 [ 92.194970][ T5485] create_snapshot+0x4a5/0x7e0 [ 92.199946][ T5485] btrfs_mksubvol+0x5d0/0x750 [ 92.204887][ T5485] btrfs_mksnapshot+0xb5/0xf0 [ 92.209780][ T5485] __btrfs_ioctl_snap_create+0x344/0x460 [ 92.215693][ T5485] btrfs_ioctl_snap_create+0x13c/0x190 [ 92.221359][ T5485] btrfs_ioctl+0xbbf/0xd40 [ 92.226028][ T5485] __se_sys_ioctl+0xf8/0x170 [ 92.230848][ T5485] do_syscall_64+0x41/0xc0 [ 92.235591][ T5485] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 5246976, owner 0, offset 0, num_refs 1 [ 92.247498][ T5485] __btrfs_mod_ref+0x9b1/0xe20 [ 92.252478][ T5485] btrfs_copy_root+0x851/0xce0 [pid 5467] exit_group(0) = ? [ 92.257571][ T5485] create_reloc_root+0x244/0x9a0 [ 92.262716][ T5485] btrfs_init_reloc_root+0x329/0x4e0 [ 92.268252][ T5485] record_root_in_trans+0x2c9/0x360 [ 92.273707][ T5485] qgroup_account_snapshot+0xa9/0x340 [ 92.279372][ T5485] create_pending_snapshot+0x1050/0x28b0 [ 92.285253][ T5485] create_pending_snapshots+0x195/0x1d0 [ 92.290996][ T5485] btrfs_commit_transaction+0xf1c/0x3730 [ 92.296881][ T5485] create_snapshot+0x4a5/0x7e0 [ 92.301853][ T5485] btrfs_mksubvol+0x5d0/0x750 [ 92.306794][ T5485] btrfs_mksnapshot+0xb5/0xf0 [pid 5485] <... ioctl resumed>) = ? [pid 5485] +++ exited with 0 +++ [ 92.311671][ T5485] __btrfs_ioctl_snap_create+0x344/0x460 [ 92.317561][ T5485] btrfs_ioctl_snap_create+0x13c/0x190 [ 92.323220][ T5485] btrfs_ioctl+0xbbf/0xd40 [ 92.327876][ T5485] __se_sys_ioctl+0xf8/0x170 [pid 5468] <... ioctl resumed> ) = ? [pid 5468] +++ exited with 0 +++ [pid 5467] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5467, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=72 /* 0.72 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 92.376624][ T5468] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 92.402108][ T5468] BTRFS info (device loop0): balance: canceled umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5486 ./strace-static-x86_64: Process 5486 attached [pid 5486] set_robust_list(0x5555560fc760, 24) = 0 [pid 5486] chdir("./24") = 0 [pid 5486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5486] setpgid(0, 0) = 0 [pid 5486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5486] write(3, "1000", 4) = 4 [pid 5486] close(3) = 0 [pid 5486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5486] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5486] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5486] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5487]}, 88) = 5487 ./strace-static-x86_64: Process 5487 attached [pid 5486] rt_sigprocmask(SIG_SETMASK, [], [pid 5487] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5487] <... rseq resumed>) = 0 [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] set_robust_list(0x7f29736fa9a0, 24 [pid 5486] <... futex resumed>) = 0 [pid 5487] <... set_robust_list resumed>) = 0 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5487] memfd_create("syzkaller", 0) = 3 [pid 5487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5487] munmap(0x7f296b2da000, 138412032) = 0 [pid 5487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5487] close(3) = 0 [pid 5487] mkdir("./bus", 0777) = 0 [ 92.793042][ T5487] loop0: detected capacity change from 0 to 32768 [ 92.803016][ T5487] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5487) [ 92.819654][ T5487] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 92.830216][ T5487] BTRFS info (device loop0): doing ref verification [pid 5487] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5487] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5487] chdir("./bus") = 0 [pid 5487] ioctl(4, LOOP_CLR_FD) = 0 [pid 5487] close(4) = 0 [pid 5487] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... futex resumed>) = 1 [pid 5487] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5487] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] open("./file0", O_RDONLY [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... open resumed>) = 4 [pid 5487] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... futex resumed>) = 1 [pid 5487] creat("./file1", 000) = 5 [pid 5487] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5487] <... futex resumed>) = 1 [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] open("./file0", O_RDONLY [pid 5486] <... futex resumed>) = 0 [pid 5487] <... open resumed>) = 6 [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 92.837522][ T5487] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 92.848586][ T5487] BTRFS info (device loop0): force zlib compression, level 3 [ 92.856318][ T5487] BTRFS info (device loop0): allowing degraded mounts [ 92.863087][ T5487] BTRFS info (device loop0): using free space tree [ 92.885123][ T5487] BTRFS info (device loop0): auto enabling async discard [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... ioctl resumed>) = 0 [pid 5487] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5487] <... futex resumed>) = 1 [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] creat("./bus", 012 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... creat resumed>) = 7 [pid 5487] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] <... futex resumed>) = 0 [pid 5487] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... openat resumed>) = 8 [pid 5487] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5487] open("./file0", O_RDONLY) = 9 [pid 5487] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... futex resumed>) = 0 [pid 5487] <... futex resumed>) = 1 [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... ioctl resumed>) = 0 [pid 5487] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] <... futex resumed>) = 0 [pid 5487] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 92.968203][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 92.998621][ T5487] BTRFS info (device loop0): balance: start -d -m [ 93.009478][ T5487] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5486] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5486] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5486] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5504]}, 88) = 5504 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5486] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5504 attached [pid 5504] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5504] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5504] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5504] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 93.047933][ T5487] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 93.065845][ T5487] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 93.076697][ T5487] BTRFS error (device loop0): dumping block entry [5398528 4096], num_refs 0, metadata 1, from disk 0 [ 93.087747][ T5487] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [pid 5504] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5486] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 93.096508][ T5487] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 93.107917][ T5487] __btrfs_cow_block+0x465/0x1a90 [ 93.113162][ T5487] btrfs_cow_block+0x35e/0xa10 [ 93.118855][ T5487] btrfs_search_slot+0xbf9/0x2f80 [ 93.124103][ T5487] btrfs_insert_empty_items+0x9c/0x180 [ 93.129862][ T5487] insert_with_overflow+0x150/0x3f0 [ 93.135307][ T5487] btrfs_insert_dir_item+0x243/0x630 [ 93.140804][ T5487] btrfs_add_link+0x270/0xc50 [ 93.145887][ T5487] btrfs_create_new_inode+0x1b3d/0x2710 [ 93.151656][ T5487] btrfs_create_common+0x1f9/0x300 [ 93.157025][ T5487] path_openat+0x13e7/0x3180 [ 93.161826][ T5487] do_filp_open+0x234/0x490 [ 93.166624][ T5487] do_sys_openat2+0x13e/0x1d0 [ 93.171531][ T5487] __x64_sys_creat+0x123/0x160 [ 93.176548][ T5487] do_syscall_64+0x41/0xc0 [ 93.181175][ T5487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 93.187346][ T5487] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 93.200434][ T5487] __btrfs_cow_block+0xcca/0x1a90 [ 93.205681][ T5487] btrfs_cow_block+0x35e/0xa10 [ 93.210631][ T5487] btrfs_search_slot+0xbf9/0x2f80 [ 93.215882][ T5487] btrfs_lookup_inode+0xdc/0x480 [ 93.221029][ T5487] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 93.227204][ T5487] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 93.233989][ T5487] __btrfs_run_delayed_items+0x213/0x490 [ 93.239879][ T5487] btrfs_commit_transaction+0x8a4/0x3730 [pid 5486] exit_group(0) = ? [ 93.245741][ T5487] prepare_to_relocate+0x3c5/0x4c0 [ 93.251050][ T5487] relocate_block_group+0x17f/0xcd0 [ 93.256507][ T5487] btrfs_relocate_block_group+0x7ab/0xd70 [ 93.262443][ T5487] btrfs_relocate_chunk+0x12c/0x3b0 [ 93.267888][ T5487] __btrfs_balance+0x1b06/0x2690 [ 93.273534][ T5487] btrfs_balance+0xbd8/0x10d0 [ 93.278468][ T5487] btrfs_ioctl_balance+0x496/0x7c0 [ 93.283778][ T5487] __se_sys_ioctl+0xf8/0x170 [ 93.288612][ T5487] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [ 93.300631][ T5487] __btrfs_mod_ref+0x9b1/0xe20 [ 93.305657][ T5487] btrfs_copy_root+0x851/0xce0 [ 93.310636][ T5487] create_reloc_root+0x244/0x9a0 [ 93.315841][ T5487] btrfs_init_reloc_root+0x329/0x4e0 [ 93.321333][ T5487] record_root_in_trans+0x2c9/0x360 [ 93.326750][ T5487] qgroup_account_snapshot+0xa9/0x340 [ 93.332339][ T5487] create_pending_snapshot+0x1050/0x28b0 [ 93.338256][ T5487] create_pending_snapshots+0x195/0x1d0 [pid 5504] <... ioctl resumed>) = ? [pid 5504] +++ exited with 0 +++ [ 93.344024][ T5487] btrfs_commit_transaction+0xf1c/0x3730 [ 93.349909][ T5487] prepare_to_relocate+0x3c5/0x4c0 [ 93.355249][ T5487] relocate_block_group+0x17f/0xcd0 [ 93.360635][ T5487] btrfs_relocate_block_group+0x7ab/0xd70 [ 93.366588][ T5487] btrfs_relocate_chunk+0x12c/0x3b0 [ 93.372021][ T5487] __btrfs_balance+0x1b06/0x2690 [ 93.377212][ T5487] btrfs_balance+0xbd8/0x10d0 [ 93.382141][ T5487] btrfs_ioctl_balance+0x496/0x7c0 [pid 5487] <... ioctl resumed> ) = ? [pid 5487] +++ exited with 0 +++ [pid 5486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5486, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=69 /* 0.69 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 93.421959][ T5487] BTRFS info (device loop0): balance: canceled umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5505 ./strace-static-x86_64: Process 5505 attached [pid 5505] set_robust_list(0x5555560fc760, 24) = 0 [pid 5505] chdir("./25") = 0 [pid 5505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5505] setpgid(0, 0) = 0 [pid 5505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5505] write(3, "1000", 4) = 4 [pid 5505] close(3) = 0 [pid 5505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5505] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5505] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5506]}, 88) = 5506 [pid 5505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5506 attached [pid 5506] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5506] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5506] memfd_create("syzkaller", 0) = 3 [pid 5506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5506] munmap(0x7f296b2da000, 138412032) = 0 [pid 5506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5506] close(3) = 0 [pid 5506] mkdir("./bus", 0777) = 0 [ 93.796822][ T5506] loop0: detected capacity change from 0 to 32768 [ 93.806612][ T5506] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5506) [ 93.823419][ T5506] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 93.832593][ T5506] BTRFS info (device loop0): doing ref verification [ 93.839468][ T5506] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 93.850570][ T5506] BTRFS info (device loop0): force zlib compression, level 3 [ 93.858228][ T5506] BTRFS info (device loop0): allowing degraded mounts [ 93.865335][ T5506] BTRFS info (device loop0): using free space tree [pid 5506] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5506] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5506] chdir("./bus") = 0 [pid 5506] ioctl(4, LOOP_CLR_FD) = 0 [pid 5506] close(4) = 0 [pid 5506] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5506] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5506] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5506] <... futex resumed>) = 1 [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] open("./file0", O_RDONLY [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... open resumed>) = 4 [pid 5506] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] creat("./file1", 000 [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... creat resumed>) = 5 [pid 5506] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5506] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] <... futex resumed>) = 0 [pid 5506] open("./file0", O_RDONLY [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... open resumed>) = 6 [pid 5506] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5506] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... ioctl resumed>) = 0 [pid 5506] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... futex resumed>) = 1 [ 93.887981][ T5506] BTRFS info (device loop0): auto enabling async discard [pid 5506] creat("./bus", 012) = 7 [pid 5506] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... futex resumed>) = 1 [pid 5506] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5506] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... futex resumed>) = 1 [pid 5506] open("./file0", O_RDONLY) = 9 [pid 5506] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... futex resumed>) = 1 [pid 5506] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5506] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] <... futex resumed>) = 1 [pid 5506] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5505] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5505] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5505] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5523 attached [pid 5523] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5505] <... clone3 resumed> => {parent_tid=[5523]}, 88) = 5523 [pid 5523] <... rseq resumed>) = 0 [pid 5505] rt_sigprocmask(SIG_SETMASK, [], [pid 5523] set_robust_list(0x7f29736d99a0, 24 [pid 5505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5523] <... set_robust_list resumed>) = 0 [pid 5505] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] rt_sigprocmask(SIG_SETMASK, [], [pid 5505] <... futex resumed>) = 0 [pid 5523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5505] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5523] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5505] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5505] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... futex resumed>) = 1 [ 93.978994][ T5506] BTRFS info (device loop0): balance: start -d -m [ 93.986950][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 94.000842][ T5506] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5523] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 5523] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [ 94.105892][ T5506] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 94.167060][ T5506] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5523] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5505] exit_group(0) = ? [pid 5523] <... futex resumed>) = ? [pid 5523] +++ exited with 0 +++ [pid 5506] <... ioctl resumed> ) = ? [pid 5506] +++ exited with 0 +++ [pid 5505] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5505, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=49 /* 0.49 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 94.218029][ T5506] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 94.253740][ T5506] BTRFS info (device loop0): balance: ended with status: 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5524 attached , child_tidptr=0x5555560fc750) = 5524 [pid 5524] set_robust_list(0x5555560fc760, 24) = 0 [pid 5524] chdir("./26") = 0 [pid 5524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5524] setpgid(0, 0) = 0 [pid 5524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5524] write(3, "1000", 4) = 4 [pid 5524] close(3) = 0 [pid 5524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5524] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5524] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5525 attached [pid 5525] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5524] <... clone3 resumed> => {parent_tid=[5525]}, 88) = 5525 [pid 5525] set_robust_list(0x7f29736fa9a0, 24 [pid 5524] rt_sigprocmask(SIG_SETMASK, [], [pid 5525] <... set_robust_list resumed>) = 0 [pid 5524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5525] rt_sigprocmask(SIG_SETMASK, [], [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5524] <... futex resumed>) = 0 [pid 5525] memfd_create("syzkaller", 0) = 3 [pid 5525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5525] munmap(0x7f296b2da000, 138412032) = 0 [pid 5525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5525] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5525] close(3) = 0 [pid 5525] mkdir("./bus", 0777) = 0 [ 94.658807][ T5525] loop0: detected capacity change from 0 to 32768 [ 94.670193][ T5525] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5525) [ 94.688868][ T5525] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 94.697975][ T5525] BTRFS info (device loop0): doing ref verification [pid 5525] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5525] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5525] chdir("./bus") = 0 [pid 5525] ioctl(4, LOOP_CLR_FD) = 0 [pid 5525] close(4) = 0 [pid 5525] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5525] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] <... futex resumed>) = 0 [pid 5525] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5524] <... futex resumed>) = 0 [pid 5525] open("./file0", O_RDONLY [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... open resumed>) = 4 [pid 5525] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5524] <... futex resumed>) = 0 [pid 5525] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5524] <... futex resumed>) = 0 [pid 5525] creat("./file1", 000 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... creat resumed>) = 5 [pid 5525] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] open("./file0", O_RDONLY) = 6 [pid 5525] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5525] <... futex resumed>) = 0 [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... ioctl resumed>) = 0 [pid 5525] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5525] creat("./bus", 012 [pid 5524] <... futex resumed>) = 0 [ 94.704682][ T5525] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 94.715655][ T5525] BTRFS info (device loop0): force zlib compression, level 3 [ 94.723059][ T5525] BTRFS info (device loop0): allowing degraded mounts [ 94.729937][ T5525] BTRFS info (device loop0): using free space tree [ 94.751446][ T5525] BTRFS info (device loop0): auto enabling async discard [pid 5525] <... creat resumed>) = 7 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... futex resumed>) = 1 [pid 5525] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5525] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... futex resumed>) = 1 [pid 5525] open("./file0", O_RDONLY) = 9 [pid 5525] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... futex resumed>) = 1 [pid 5525] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5525] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... futex resumed>) = 1 [pid 5525] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5524] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5524] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5524] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5541 attached [pid 5541] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5524] <... clone3 resumed> => {parent_tid=[5541]}, 88) = 5541 [pid 5541] set_robust_list(0x7f29736d99a0, 24 [pid 5524] rt_sigprocmask(SIG_SETMASK, [], [pid 5541] <... set_robust_list resumed>) = 0 [pid 5524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], [pid 5524] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5524] <... futex resumed>) = 0 [pid 5541] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 5524] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... openat resumed>) = 10 [pid 5541] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = 1 [pid 5524] <... futex resumed>) = 0 [pid 5541] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 94.810091][ T5525] BTRFS info (device loop0): balance: start -d -m [ 94.811184][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 94.829288][ T5525] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5524] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... ioctl resumed>) = 0 [pid 5541] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = 1 [ 94.905623][ T5525] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5541] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5524] exit_group(0 [pid 5541] <... futex resumed>) = ? [pid 5524] <... exit_group resumed>) = ? [pid 5541] +++ exited with 0 +++ [ 95.010993][ T5525] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5525] <... ioctl resumed> ) = ? [pid 5525] +++ exited with 0 +++ [pid 5524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5524, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=51 /* 0.51 s */} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 95.069701][ T5525] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 95.103973][ T5525] BTRFS info (device loop0): balance: ended with status: 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5543 attached , child_tidptr=0x5555560fc750) = 5543 [pid 5543] set_robust_list(0x5555560fc760, 24) = 0 [pid 5543] chdir("./27") = 0 [pid 5543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5543] setpgid(0, 0) = 0 [pid 5543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5543] write(3, "1000", 4) = 4 [pid 5543] close(3) = 0 [pid 5543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5543] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5543] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5544 attached [pid 5544] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5543] <... clone3 resumed> => {parent_tid=[5544]}, 88) = 5544 [pid 5544] <... rseq resumed>) = 0 [pid 5543] rt_sigprocmask(SIG_SETMASK, [], [pid 5544] set_robust_list(0x7f29736fa9a0, 24 [pid 5543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5544] <... set_robust_list resumed>) = 0 [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] rt_sigprocmask(SIG_SETMASK, [], [pid 5543] <... futex resumed>) = 0 [pid 5544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5544] memfd_create("syzkaller", 0) = 3 [pid 5544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5544] munmap(0x7f296b2da000, 138412032) = 0 [pid 5544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5544] close(3) = 0 [pid 5544] mkdir("./bus", 0777) = 0 [ 95.495684][ T5544] loop0: detected capacity change from 0 to 32768 [ 95.505524][ T5544] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5544) [ 95.520881][ T5544] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 95.529877][ T5544] BTRFS info (device loop0): doing ref verification [pid 5544] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5544] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5544] chdir("./bus") = 0 [pid 5544] ioctl(4, LOOP_CLR_FD) = 0 [pid 5544] close(4) = 0 [pid 5544] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5544] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = 1 [pid 5544] open("./file0", O_RDONLY [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... open resumed>) = 4 [pid 5544] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = 1 [pid 5544] creat("./file1", 000 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... creat resumed>) = 5 [pid 5544] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] open("./file0", O_RDONLY [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... open resumed>) = 6 [pid 5544] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = 1 [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [ 95.536645][ T5544] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 95.547439][ T5544] BTRFS info (device loop0): force zlib compression, level 3 [ 95.554896][ T5544] BTRFS info (device loop0): allowing degraded mounts [ 95.561681][ T5544] BTRFS info (device loop0): using free space tree [ 95.584785][ T5544] BTRFS info (device loop0): auto enabling async discard [pid 5544] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5544] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] creat("./bus", 012 [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... creat resumed>) = 7 [pid 5544] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5544] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = 1 [pid 5544] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5544] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5544] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = 1 [pid 5544] open("./file0", O_RDONLY) = 9 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5544] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5544] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] <... futex resumed>) = 0 [pid 5544] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5543] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5543] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5543] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5543] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5543] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [ 95.653080][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 95.685102][ T5544] BTRFS info (device loop0): balance: start -d -m [ 95.693034][ T5544] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5561 attached => {parent_tid=[5561]}, 88) = 5561 [pid 5543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5561] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5543] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5561] <... rseq resumed>) = 0 [pid 5543] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5561] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5561] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5561] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... futex resumed>) = 0 [pid 5543] <... futex resumed>) = 1 [pid 5561] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 95.736935][ T5544] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5543] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5561] <... ioctl resumed>) = 0 [pid 5561] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.865773][ T5544] BTRFS info (device loop0): found 6 extents, stage: move data extents [pid 5561] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5543] exit_group(0 [pid 5561] <... futex resumed>) = ? [pid 5561] +++ exited with 0 +++ [pid 5543] <... exit_group resumed>) = ? [pid 5544] <... ioctl resumed> ) = ? [pid 5544] +++ exited with 0 +++ [pid 5543] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5543, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=48 /* 0.48 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 95.912550][ T5544] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 95.947182][ T5544] BTRFS info (device loop0): balance: ended with status: 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5562 ./strace-static-x86_64: Process 5562 attached [pid 5562] set_robust_list(0x5555560fc760, 24) = 0 [pid 5562] chdir("./28") = 0 [pid 5562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5562] setpgid(0, 0) = 0 [pid 5562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5562] write(3, "1000", 4) = 4 [pid 5562] close(3) = 0 [pid 5562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5562] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5562] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5563 attached [pid 5563] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5563] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5563] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... clone3 resumed> => {parent_tid=[5563]}, 88) = 5563 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = 0 [pid 5562] <... futex resumed>) = 1 [pid 5563] memfd_create("syzkaller", 0 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5563] <... memfd_create resumed>) = 3 [pid 5563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5563] munmap(0x7f296b2da000, 138412032) = 0 [pid 5563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5563] close(3) = 0 [pid 5563] mkdir("./bus", 0777) = 0 [ 96.349150][ T5563] loop0: detected capacity change from 0 to 32768 [ 96.359353][ T5563] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5563) [ 96.375902][ T5563] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 96.384877][ T5563] BTRFS info (device loop0): doing ref verification [pid 5563] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5563] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5563] chdir("./bus") = 0 [pid 5563] ioctl(4, LOOP_CLR_FD) = 0 [pid 5563] close(4) = 0 [pid 5563] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5563] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] open("./file0", O_RDONLY) = 4 [pid 5563] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = 0 [pid 5562] <... futex resumed>) = 1 [pid 5563] creat("./file1", 000 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... creat resumed>) = 5 [pid 5563] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5563] open("./file0", O_RDONLY [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... open resumed>) = 6 [pid 5563] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 96.391616][ T5563] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 96.402442][ T5563] BTRFS info (device loop0): force zlib compression, level 3 [ 96.409894][ T5563] BTRFS info (device loop0): allowing degraded mounts [ 96.416708][ T5563] BTRFS info (device loop0): using free space tree [ 96.438209][ T5563] BTRFS info (device loop0): auto enabling async discard [pid 5563] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5563] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... futex resumed>) = 0 [pid 5563] creat("./bus", 012) = 7 [pid 5563] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5563] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] open("./file0", O_RDONLY) = 9 [pid 5563] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... futex resumed>) = 0 [pid 5563] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5563] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... futex resumed>) = 0 [pid 5562] <... futex resumed>) = 1 [pid 5563] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5562] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5562] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5562] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5580 attached => {parent_tid=[5580]}, 88) = 5580 [pid 5580] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], [pid 5580] <... rseq resumed>) = 0 [pid 5562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5580] set_robust_list(0x7f29736d99a0, 24 [pid 5562] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5580] <... set_robust_list resumed>) = 0 [pid 5562] <... futex resumed>) = 0 [pid 5580] rt_sigprocmask(SIG_SETMASK, [], [pid 5562] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5580] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5580] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5580] <... futex resumed>) = 1 [pid 5562] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5580] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5562] <... futex resumed>) = 0 [ 96.517759][ T5563] BTRFS info (device loop0): balance: start -d -m [ 96.525565][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 96.537527][ T5563] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5562] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5580] <... ioctl resumed>) = 0 [pid 5580] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5580] <... futex resumed>) = 1 [ 96.629372][ T5563] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 96.709436][ T5563] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5580] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5562] exit_group(0) = ? [pid 5580] <... futex resumed>) = ? [pid 5580] +++ exited with 0 +++ [pid 5563] <... ioctl resumed> ) = ? [pid 5563] +++ exited with 0 +++ [pid 5562] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5562, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=51 /* 0.51 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 96.752581][ T5563] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 96.785288][ T5563] BTRFS info (device loop0): balance: ended with status: 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5581 ./strace-static-x86_64: Process 5581 attached [pid 5581] set_robust_list(0x5555560fc760, 24) = 0 [pid 5581] chdir("./29") = 0 [pid 5581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5581] setpgid(0, 0) = 0 [pid 5581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5581] write(3, "1000", 4) = 4 [pid 5581] close(3) = 0 [pid 5581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5581] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5581] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5581] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5581] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5582]}, 88) = 5582 [pid 5581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5582 attached [pid 5582] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5582] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5582] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5582] memfd_create("syzkaller", 0) = 3 [pid 5582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5582] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5582] munmap(0x7f296b2da000, 138412032) = 0 [pid 5582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5582] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5582] close(3) = 0 [pid 5582] mkdir("./bus", 0777) = 0 [ 97.167664][ T5582] loop0: detected capacity change from 0 to 32768 [ 97.177889][ T5582] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5582) [ 97.196182][ T5582] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 97.205188][ T5582] BTRFS info (device loop0): doing ref verification [pid 5582] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5582] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5582] chdir("./bus") = 0 [pid 5582] ioctl(4, LOOP_CLR_FD) = 0 [pid 5582] close(4) = 0 [pid 5582] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] <... futex resumed>) = 0 [pid 5582] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5581] <... futex resumed>) = 0 [pid 5582] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5582] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] <... futex resumed>) = 0 [pid 5582] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = 0 [pid 5581] <... futex resumed>) = 1 [pid 5582] open("./file0", O_RDONLY [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] <... open resumed>) = 4 [pid 5582] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = 0 [pid 5582] <... futex resumed>) = 1 [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] creat("./file1", 000 [pid 5581] <... futex resumed>) = 0 [pid 5582] <... creat resumed>) = 5 [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] <... futex resumed>) = 0 [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] open("./file0", O_RDONLY [pid 5581] <... futex resumed>) = 0 [pid 5582] <... open resumed>) = 6 [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] <... futex resumed>) = 0 [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5581] <... futex resumed>) = 0 [ 97.211840][ T5582] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 97.222797][ T5582] BTRFS info (device loop0): force zlib compression, level 3 [ 97.230459][ T5582] BTRFS info (device loop0): allowing degraded mounts [ 97.237322][ T5582] BTRFS info (device loop0): using free space tree [ 97.258914][ T5582] BTRFS info (device loop0): auto enabling async discard [pid 5582] <... ioctl resumed>) = 0 [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] <... futex resumed>) = 0 [pid 5582] creat("./bus", 012) = 7 [pid 5582] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] <... futex resumed>) = 0 [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5581] <... futex resumed>) = 0 [pid 5582] <... openat resumed>) = 8 [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] <... futex resumed>) = 0 [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] open("./file0", O_RDONLY [pid 5581] <... futex resumed>) = 0 [pid 5582] <... open resumed>) = 9 [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5581] <... futex resumed>) = 0 [pid 5582] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5582] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5582] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5581] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] <... futex resumed>) = 0 [ 97.328709][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 97.364839][ T5582] BTRFS info (device loop0): balance: start -d -m [pid 5582] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5581] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5581] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5581] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5581] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5599]}, 88) = 5599 [pid 5581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5581] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5599 attached [pid 5599] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5599] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5599] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5599] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5599] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5599] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] <... futex resumed>) = 0 [pid 5581] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] <... futex resumed>) = 0 [pid 5581] <... futex resumed>) = 1 [pid 5599] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 97.376595][ T5582] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5581] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5599] <... ioctl resumed>) = 0 [pid 5599] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.481781][ T5582] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 97.542497][ T5582] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5599] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] exit_group(0) = ? [pid 5599] <... futex resumed>) = ? [pid 5599] +++ exited with 0 +++ [pid 5582] <... ioctl resumed> ) = ? [pid 5582] +++ exited with 0 +++ [pid 5581] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5581, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=50 /* 0.50 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 97.590938][ T5582] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 97.623811][ T5582] BTRFS info (device loop0): balance: ended with status: 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5600 attached [pid 5600] set_robust_list(0x5555560fc760, 24 [pid 5027] <... clone resumed>, child_tidptr=0x5555560fc750) = 5600 [pid 5600] <... set_robust_list resumed>) = 0 [pid 5600] chdir("./30") = 0 [pid 5600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5600] setpgid(0, 0) = 0 [pid 5600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5600] write(3, "1000", 4) = 4 [pid 5600] close(3) = 0 [pid 5600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5600] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5600] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5601 attached => {parent_tid=[5601]}, 88) = 5601 [pid 5601] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5600] rt_sigprocmask(SIG_SETMASK, [], [pid 5601] <... rseq resumed>) = 0 [pid 5600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5601] set_robust_list(0x7f29736fa9a0, 24 [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... set_robust_list resumed>) = 0 [pid 5600] <... futex resumed>) = 0 [pid 5601] rt_sigprocmask(SIG_SETMASK, [], [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5601] memfd_create("syzkaller", 0) = 3 [pid 5601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5601] munmap(0x7f296b2da000, 138412032) = 0 [pid 5601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5601] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5601] close(3) = 0 [pid 5601] mkdir("./bus", 0777) = 0 [ 98.015389][ T5601] loop0: detected capacity change from 0 to 32768 [ 98.025464][ T5601] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5601) [ 98.040804][ T5601] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.049728][ T5601] BTRFS info (device loop0): doing ref verification [pid 5601] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5601] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5601] chdir("./bus") = 0 [pid 5601] ioctl(4, LOOP_CLR_FD) = 0 [pid 5601] close(4) = 0 [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5601] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5600] <... futex resumed>) = 0 [pid 5601] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] open("./file0", O_RDONLY) = 4 [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5601] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5600] <... futex resumed>) = 0 [pid 5601] creat("./file1", 000 [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... creat resumed>) = 5 [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5601] open("./file0", O_RDONLY [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... open resumed>) = 6 [pid 5600] <... futex resumed>) = 0 [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... futex resumed>) = 0 [pid 5600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5601] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5600] <... futex resumed>) = 0 [ 98.056404][ T5601] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 98.067261][ T5601] BTRFS info (device loop0): force zlib compression, level 3 [ 98.074720][ T5601] BTRFS info (device loop0): allowing degraded mounts [ 98.081515][ T5601] BTRFS info (device loop0): using free space tree [ 98.103454][ T5601] BTRFS info (device loop0): auto enabling async discard [pid 5601] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... ioctl resumed>) = 0 [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] creat("./bus", 012) = 7 [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... futex resumed>) = 0 [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... futex resumed>) = 1 [pid 5601] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... futex resumed>) = 0 [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... futex resumed>) = 1 [pid 5601] open("./file0", O_RDONLY) = 9 [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... futex resumed>) = 0 [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... futex resumed>) = 1 [pid 5601] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5600] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5600] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5600] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5600] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5618 attached => {parent_tid=[5618]}, 88) = 5618 [pid 5600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5600] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5618] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5618] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5618] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5618] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5600] <... futex resumed>) = 0 [pid 5618] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 98.211258][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 98.235108][ T5601] BTRFS info (device loop0): balance: start -d -m [ 98.247208][ T5601] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5600] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] <... ioctl resumed>) = 0 [pid 5618] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... futex resumed>) = 0 [pid 5618] <... futex resumed>) = 1 [ 98.337136][ T5601] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 98.397013][ T5601] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5618] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5601] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] exit_group(0) = ? [pid 5601] <... futex resumed>) = ? [pid 5601] +++ exited with 0 +++ [pid 5618] <... futex resumed>) = ? [pid 5618] +++ exited with 0 +++ [pid 5600] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5600, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=48 /* 0.48 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 98.443539][ T5601] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 98.478017][ T5601] BTRFS info (device loop0): balance: ended with status: 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5619 ./strace-static-x86_64: Process 5619 attached [pid 5619] set_robust_list(0x5555560fc760, 24) = 0 [pid 5619] chdir("./31") = 0 [pid 5619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5619] setpgid(0, 0) = 0 [pid 5619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5619] write(3, "1000", 4) = 4 [pid 5619] close(3) = 0 [pid 5619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5619] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5619] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5619] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5619] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5620 attached => {parent_tid=[5620]}, 88) = 5620 [pid 5619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5620] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] set_robust_list(0x7f29736fa9a0, 24 [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5620] <... set_robust_list resumed>) = 0 [pid 5620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5620] memfd_create("syzkaller", 0) = 3 [pid 5620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5620] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5620] munmap(0x7f296b2da000, 138412032) = 0 [pid 5620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5620] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5620] close(3) = 0 [pid 5620] mkdir("./bus", 0777) = 0 [ 98.867669][ T5620] loop0: detected capacity change from 0 to 32768 [ 98.877513][ T5620] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5620) [ 98.895438][ T5620] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 98.904170][ T5620] BTRFS info (device loop0): doing ref verification [ 98.911269][ T5620] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 98.922184][ T5620] BTRFS info (device loop0): force zlib compression, level 3 [ 98.929604][ T5620] BTRFS info (device loop0): allowing degraded mounts [ 98.936459][ T5620] BTRFS info (device loop0): using free space tree [pid 5620] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5620] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5620] chdir("./bus") = 0 [pid 5620] ioctl(4, LOOP_CLR_FD) = 0 [pid 5620] close(4) = 0 [pid 5620] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5620] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] <... futex resumed>) = 0 [pid 5620] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5619] <... futex resumed>) = 0 [pid 5620] open("./file0", O_RDONLY [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] <... open resumed>) = 4 [pid 5620] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] creat("./file1", 000 [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] <... creat resumed>) = 5 [pid 5620] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5620] <... futex resumed>) = 1 [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] open("./file0", O_RDONLY [pid 5619] <... futex resumed>) = 0 [pid 5620] <... open resumed>) = 6 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5620] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] <... ioctl resumed>) = 0 [pid 5620] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 1 [pid 5620] creat("./bus", 012 [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] <... creat resumed>) = 7 [pid 5620] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] <... futex resumed>) = 1 [ 98.958709][ T5620] BTRFS info (device loop0): auto enabling async discard [pid 5620] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5620] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] open("./file0", O_RDONLY [pid 5619] <... futex resumed>) = 0 [pid 5620] <... open resumed>) = 9 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] <... futex resumed>) = 0 [pid 5620] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5619] <... futex resumed>) = 0 [pid 5620] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5620] <... ioctl resumed>) = 0 [pid 5620] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] <... futex resumed>) = 0 [pid 5620] <... futex resumed>) = 1 [pid 5619] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5619] <... futex resumed>) = 0 [pid 5619] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5619] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5619] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5619] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5619] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5637 attached => {parent_tid=[5637]}, 88) = 5637 [pid 5637] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5619] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5619] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... rseq resumed>) = 0 [pid 5637] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5637] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5637] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5619] <... futex resumed>) = 0 [pid 5637] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5619] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5619] <... futex resumed>) = 0 [pid 5637] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 99.054012][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 99.064873][ T5620] BTRFS info (device loop0): balance: start -d -m [ 99.078775][ T5620] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5619] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5637] <... ioctl resumed>) = 0 [pid 5619] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5637] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.174386][ T5620] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 99.247464][ T5620] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5637] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5619] exit_group(0) = ? [pid 5637] <... futex resumed>) = ? [pid 5637] +++ exited with 0 +++ [pid 5620] <... ioctl resumed> ) = ? [pid 5620] +++ exited with 0 +++ [pid 5619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5619, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 99.297745][ T5620] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 99.333618][ T5620] BTRFS info (device loop0): balance: ended with status: 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5638 ./strace-static-x86_64: Process 5638 attached [pid 5638] set_robust_list(0x5555560fc760, 24) = 0 [pid 5638] chdir("./32") = 0 [pid 5638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5638] setpgid(0, 0) = 0 [pid 5638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5638] write(3, "1000", 4) = 4 [pid 5638] close(3) = 0 [pid 5638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5638] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5638] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5639]}, 88) = 5639 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5639 attached [pid 5639] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5639] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5639] memfd_create("syzkaller", 0) = 3 [pid 5639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5639] munmap(0x7f296b2da000, 138412032) = 0 [pid 5639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5639] close(3) = 0 [pid 5639] mkdir("./bus", 0777) = 0 [ 99.733246][ T5639] loop0: detected capacity change from 0 to 32768 [ 99.745012][ T5639] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5639) [ 99.761453][ T5639] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 99.771080][ T5639] BTRFS info (device loop0): doing ref verification [ 99.777926][ T5639] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 99.788850][ T5639] BTRFS info (device loop0): force zlib compression, level 3 [ 99.796532][ T5639] BTRFS info (device loop0): allowing degraded mounts [ 99.803334][ T5639] BTRFS info (device loop0): using free space tree [pid 5639] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5639] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5639] chdir("./bus") = 0 [pid 5639] ioctl(4, LOOP_CLR_FD) = 0 [pid 5639] close(4) = 0 [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5638] <... futex resumed>) = 1 [pid 5639] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... futex resumed>) = 0 [pid 5638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] open("./file0", O_RDONLY [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... open resumed>) = 4 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... futex resumed>) = 1 [pid 5639] creat("./file1", 000) = 5 [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5638] <... futex resumed>) = 1 [pid 5639] open("./file0", O_RDONLY) = 6 [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 99.828097][ T5639] BTRFS info (device loop0): auto enabling async discard [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... ioctl resumed>) = 0 [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] creat("./bus", 012) = 7 [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] <... openat resumed>) = 8 [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5639] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5638] <... futex resumed>) = 1 [pid 5639] open("./file0", O_RDONLY [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... open resumed>) = 9 [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5638] <... futex resumed>) = 0 [pid 5639] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... ioctl resumed>) = 0 [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5638] <... futex resumed>) = 1 [pid 5639] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5638] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5638] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5638] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5656]}, 88) = 5656 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5638] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5656 attached [pid 5638] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5656] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5656] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5656] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5656] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] <... futex resumed>) = 0 [pid 5638] <... futex resumed>) = 1 [pid 5656] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 99.922869][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 99.934999][ T5639] BTRFS info (device loop0): balance: start -d -m [ 99.943896][ T5639] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5638] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5656] <... ioctl resumed>) = 0 [pid 5656] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.073773][ T5639] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 100.133947][ T5639] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5656] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5639] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5639] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5639] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] exit_group(0 [pid 5656] <... futex resumed>) = ? [pid 5656] +++ exited with 0 +++ [pid 5638] <... exit_group resumed>) = ? [pid 5639] <... futex resumed>) = ? [pid 5639] +++ exited with 0 +++ [pid 5638] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5638, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 100.178768][ T5639] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 100.212889][ T5639] BTRFS info (device loop0): balance: ended with status: 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5657 ./strace-static-x86_64: Process 5657 attached [pid 5657] set_robust_list(0x5555560fc760, 24) = 0 [pid 5657] chdir("./33") = 0 [pid 5657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5657] setpgid(0, 0) = 0 [pid 5657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5657] write(3, "1000", 4) = 4 [pid 5657] close(3) = 0 [pid 5657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5657] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5657] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5657] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5657] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5658]}, 88) = 5658 ./strace-static-x86_64: Process 5658 attached [pid 5657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5658] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... rseq resumed>) = 0 [pid 5657] <... futex resumed>) = 0 [pid 5658] set_robust_list(0x7f29736fa9a0, 24 [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5658] <... set_robust_list resumed>) = 0 [pid 5658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5658] memfd_create("syzkaller", 0) = 3 [pid 5658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5658] munmap(0x7f296b2da000, 138412032) = 0 [pid 5658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5658] close(3) = 0 [pid 5658] mkdir("./bus", 0777) = 0 [ 100.599774][ T5658] loop0: detected capacity change from 0 to 32768 [ 100.611159][ T5658] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5658) [ 100.628103][ T5658] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 100.636944][ T5658] BTRFS info (device loop0): doing ref verification [ 100.643557][ T5658] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 100.654448][ T5658] BTRFS info (device loop0): force zlib compression, level 3 [ 100.661853][ T5658] BTRFS info (device loop0): allowing degraded mounts [ 100.668706][ T5658] BTRFS info (device loop0): using free space tree [pid 5658] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5658] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5658] chdir("./bus") = 0 [pid 5658] ioctl(4, LOOP_CLR_FD) = 0 [pid 5658] close(4) = 0 [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] <... futex resumed>) = 0 [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... futex resumed>) = 0 [pid 5658] open("./file0", O_RDONLY) = 4 [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] creat("./file1", 000) = 5 [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] open("./file0", O_RDONLY [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... open resumed>) = 6 [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... ioctl resumed>) = 0 [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5658] creat("./bus", 012 [pid 5657] <... futex resumed>) = 0 [ 100.692575][ T5658] BTRFS info (device loop0): auto enabling async discard [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... creat resumed>) = 7 [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... openat resumed>) = 8 [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5658] open("./file0", O_RDONLY) = 9 [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = 0 [pid 5657] <... futex resumed>) = 1 [pid 5658] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = 0 [pid 5657] <... futex resumed>) = 1 [pid 5658] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 100.793278][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5657] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5657] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5657] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5657] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5675]}, 88) = 5675 [pid 5657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5657] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5675 attached [pid 5675] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5675] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5675] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5675] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [ 100.837354][ T5658] BTRFS info (device loop0): balance: start -d -m [ 100.846578][ T5658] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5675] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5657] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] <... ioctl resumed>) = 0 [pid 5675] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5675] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] <... futex resumed>) = 0 [ 100.895680][ T5658] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 100.985969][ T5658] BTRFS info (device loop0): found 5 extents, stage: move data extents [pid 5658] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5658] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] exit_group(0 [pid 5675] <... futex resumed>) = ? [pid 5675] +++ exited with 0 +++ [pid 5657] <... exit_group resumed>) = ? [pid 5658] <... futex resumed>) = ? [pid 5658] +++ exited with 0 +++ [pid 5657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5657, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=49 /* 0.49 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 101.033304][ T5658] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 101.072104][ T5658] BTRFS info (device loop0): balance: ended with status: 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5676 ./strace-static-x86_64: Process 5676 attached [pid 5676] set_robust_list(0x5555560fc760, 24) = 0 [pid 5676] chdir("./34") = 0 [pid 5676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5676] setpgid(0, 0) = 0 [pid 5676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5676] write(3, "1000", 4) = 4 [pid 5676] close(3) = 0 [pid 5676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5676] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5676] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5677]}, 88) = 5677 [pid 5676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5677 attached [pid 5677] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5677] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5677] memfd_create("syzkaller", 0) = 3 [pid 5677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5677] munmap(0x7f296b2da000, 138412032) = 0 [pid 5677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5677] close(3) = 0 [pid 5677] mkdir("./bus", 0777) = 0 [ 101.463102][ T5677] loop0: detected capacity change from 0 to 32768 [ 101.472983][ T5677] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5677) [ 101.489945][ T5677] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 101.498828][ T5677] BTRFS info (device loop0): doing ref verification [ 101.505831][ T5677] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 101.516705][ T5677] BTRFS info (device loop0): force zlib compression, level 3 [ 101.524115][ T5677] BTRFS info (device loop0): allowing degraded mounts [ 101.531440][ T5677] BTRFS info (device loop0): using free space tree [pid 5677] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5677] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5677] chdir("./bus") = 0 [pid 5677] ioctl(4, LOOP_CLR_FD) = 0 [pid 5677] close(4) = 0 [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] <... futex resumed>) = 0 [pid 5677] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = 0 [pid 5677] open("./file0", O_RDONLY [pid 5676] <... futex resumed>) = 1 [pid 5677] <... open resumed>) = 4 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5677] <... futex resumed>) = 0 [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] creat("./file1", 000 [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... creat resumed>) = 5 [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5677] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] open("./file0", O_RDONLY) = 6 [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] <... futex resumed>) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5677] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 101.555568][ T5677] BTRFS info (device loop0): auto enabling async discard [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... ioctl resumed>) = 0 [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... futex resumed>) = 1 [pid 5677] creat("./bus", 012) = 7 [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5677] open("./file0", O_RDONLY [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... open resumed>) = 9 [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... futex resumed>) = 1 [pid 5677] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = 0 [pid 5677] <... futex resumed>) = 1 [pid 5677] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5676] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5676] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5676] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5694 attached => {parent_tid=[5694]}, 88) = 5694 [pid 5694] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5676] rt_sigprocmask(SIG_SETMASK, [], [pid 5694] <... rseq resumed>) = 0 [pid 5676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5694] set_robust_list(0x7f29736d99a0, 24 [pid 5676] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5694] <... set_robust_list resumed>) = 0 [pid 5676] <... futex resumed>) = 0 [pid 5694] rt_sigprocmask(SIG_SETMASK, [], [pid 5676] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5694] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5694] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] <... futex resumed>) = 1 [ 101.682701][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 101.696612][ T5677] BTRFS info (device loop0): balance: start -d -m [ 101.705004][ T5677] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5694] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5676] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5694] <... ioctl resumed>) = 0 [pid 5694] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 101.794130][ T5677] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 101.862225][ T5677] BTRFS info (device loop0): found 13 extents, stage: move data extents [pid 5694] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5677] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] exit_group(0 [pid 5677] <... futex resumed>) = ? [pid 5676] <... exit_group resumed>) = ? [pid 5694] <... futex resumed>) = ? [pid 5677] +++ exited with 0 +++ [pid 5694] +++ exited with 0 +++ [pid 5676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5676, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 101.908571][ T5677] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 101.943864][ T5677] BTRFS info (device loop0): balance: ended with status: 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5695 ./strace-static-x86_64: Process 5695 attached [pid 5695] set_robust_list(0x5555560fc760, 24) = 0 [pid 5695] chdir("./35") = 0 [pid 5695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5695] setpgid(0, 0) = 0 [pid 5695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5695] write(3, "1000", 4) = 4 [pid 5695] close(3) = 0 [pid 5695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5695] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5695] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5696]}, 88) = 5696 ./strace-static-x86_64: Process 5696 attached [pid 5695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5696] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5696] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5696] memfd_create("syzkaller", 0) = 3 [pid 5696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5696] munmap(0x7f296b2da000, 138412032) = 0 [pid 5696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5696] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5696] close(3) = 0 [pid 5696] mkdir("./bus", 0777) = 0 [ 102.349249][ T5696] loop0: detected capacity change from 0 to 32768 [ 102.360913][ T5696] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5696) [ 102.379470][ T5696] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 102.388320][ T5696] BTRFS info (device loop0): doing ref verification [ 102.395026][ T5696] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 102.406156][ T5696] BTRFS info (device loop0): force zlib compression, level 3 [ 102.413561][ T5696] BTRFS info (device loop0): allowing degraded mounts [ 102.420636][ T5696] BTRFS info (device loop0): using free space tree [pid 5696] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5696] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5696] chdir("./bus") = 0 [pid 5696] ioctl(4, LOOP_CLR_FD) = 0 [pid 5696] close(4) = 0 [pid 5696] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5695] <... futex resumed>) = 0 [pid 5696] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5696] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] open("./file0", O_RDONLY [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... open resumed>) = 4 [pid 5696] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5696] creat("./file1", 000) = 5 [pid 5696] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 102.444558][ T5696] BTRFS info (device loop0): auto enabling async discard [pid 5696] open("./file0", O_RDONLY [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... open resumed>) = 6 [pid 5696] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5695] <... futex resumed>) = 0 [pid 5696] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... ioctl resumed>) = 0 [pid 5696] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5695] <... futex resumed>) = 0 [pid 5696] creat("./bus", 012 [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... creat resumed>) = 7 [pid 5696] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] <... futex resumed>) = 0 [pid 5696] <... futex resumed>) = 1 [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... openat resumed>) = 8 [pid 5696] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] open("./file0", O_RDONLY) = 9 [pid 5696] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5695] <... futex resumed>) = 0 [pid 5696] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... ioctl resumed>) = 0 [pid 5696] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5695] <... futex resumed>) = 0 [pid 5696] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 102.527114][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 5695] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5695] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5695] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5713 attached => {parent_tid=[5713]}, 88) = 5713 [pid 5695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5695] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5713] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5695] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5713] <... rseq resumed>) = 0 [pid 5713] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5713] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5713] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5713] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5695] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 102.576253][ T5696] BTRFS info (device loop0): balance: start -d -m [ 102.585001][ T5696] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5695] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5713] <... ioctl resumed>) = 0 [pid 5713] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5713] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] <... futex resumed>) = 0 [ 102.696011][ T5696] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 102.767031][ T5696] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5695] exit_group(0) = ? [pid 5713] <... futex resumed>) = ? [pid 5713] +++ exited with 0 +++ [pid 5696] <... ioctl resumed> ) = ? [pid 5696] +++ exited with 0 +++ [pid 5695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5695, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=50 /* 0.50 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 102.815195][ T5696] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 102.854627][ T5696] BTRFS info (device loop0): balance: ended with status: 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5714 ./strace-static-x86_64: Process 5714 attached [pid 5714] set_robust_list(0x5555560fc760, 24) = 0 [pid 5714] chdir("./36") = 0 [pid 5714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5714] setpgid(0, 0) = 0 [pid 5714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5714] write(3, "1000", 4) = 4 [pid 5714] close(3) = 0 [pid 5714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5714] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5714] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5714] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5715 attached [pid 5715] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5715] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5715] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] <... clone3 resumed> => {parent_tid=[5715]}, 88) = 5715 [pid 5714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = 0 [pid 5714] <... futex resumed>) = 1 [pid 5715] memfd_create("syzkaller", 0 [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5715] <... memfd_create resumed>) = 3 [pid 5715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5715] munmap(0x7f296b2da000, 138412032) = 0 [pid 5715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5715] close(3) = 0 [pid 5715] mkdir("./bus", 0777) = 0 [ 103.283773][ T5715] loop0: detected capacity change from 0 to 32768 [ 103.293538][ T5715] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5715) [ 103.310682][ T5715] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 103.319509][ T5715] BTRFS info (device loop0): doing ref verification [ 103.326300][ T5715] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 103.337128][ T5715] BTRFS info (device loop0): force zlib compression, level 3 [ 103.344592][ T5715] BTRFS info (device loop0): allowing degraded mounts [ 103.351385][ T5715] BTRFS info (device loop0): using free space tree [pid 5715] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5715] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5715] chdir("./bus") = 0 [pid 5715] ioctl(4, LOOP_CLR_FD) = 0 [pid 5715] close(4) = 0 [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = 0 [pid 5714] <... futex resumed>) = 1 [pid 5715] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5715] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = 0 [pid 5714] <... futex resumed>) = 1 [pid 5715] open("./file0", O_RDONLY) = 4 [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5715] <... futex resumed>) = 0 [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] creat("./file1", 000 [pid 5714] <... futex resumed>) = 0 [pid 5715] <... creat resumed>) = 5 [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = 0 [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... futex resumed>) = 1 [pid 5715] open("./file0", O_RDONLY) = 6 [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = 0 [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... futex resumed>) = 1 [pid 5715] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] creat("./bus", 012 [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 103.374798][ T5715] BTRFS info (device loop0): auto enabling async discard [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... creat resumed>) = 7 [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] <... futex resumed>) = 0 [pid 5715] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... openat resumed>) = 8 [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = 0 [pid 5715] <... futex resumed>) = 1 [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5715] open("./file0", O_RDONLY [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... open resumed>) = 9 [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] <... futex resumed>) = 0 [pid 5715] <... futex resumed>) = 1 [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5714] <... futex resumed>) = 0 [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5715] <... ioctl resumed>) = 0 [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5715] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] <... futex resumed>) = 0 [pid 5715] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 103.455351][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 103.495513][ T5715] BTRFS info (device loop0): balance: start -d -m [pid 5714] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5714] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5714] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5732 attached [pid 5732] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5714] <... clone3 resumed> => {parent_tid=[5732]}, 88) = 5732 [pid 5732] <... rseq resumed>) = 0 [pid 5714] rt_sigprocmask(SIG_SETMASK, [], [pid 5732] set_robust_list(0x7f29736d99a0, 24 [pid 5714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5732] <... set_robust_list resumed>) = 0 [pid 5714] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] rt_sigprocmask(SIG_SETMASK, [], [pid 5714] <... futex resumed>) = 0 [pid 5732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5714] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5732] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5732] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5714] <... futex resumed>) = 0 [pid 5732] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5714] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5714] <... futex resumed>) = 0 [pid 5732] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 103.506591][ T5715] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5714] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5732] <... ioctl resumed>) = 0 [pid 5732] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 103.606498][ T5715] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 103.683323][ T5715] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 5732] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5715] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5715] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5714] exit_group(0 [pid 5715] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5732] <... futex resumed>) = ? [pid 5715] <... futex resumed>) = ? [pid 5714] <... exit_group resumed>) = ? [pid 5732] +++ exited with 0 +++ [pid 5715] +++ exited with 0 +++ [pid 5714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5714, si_uid=0, si_status=0, si_utime=0, si_stime=49 /* 0.49 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 103.731117][ T5715] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 103.769804][ T5715] BTRFS info (device loop0): balance: ended with status: 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5733 ./strace-static-x86_64: Process 5733 attached [pid 5733] set_robust_list(0x5555560fc760, 24) = 0 [pid 5733] chdir("./37") = 0 [pid 5733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5733] setpgid(0, 0) = 0 [pid 5733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5733] write(3, "1000", 4) = 4 [pid 5733] close(3) = 0 [pid 5733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5733] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5733] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5734]}, 88) = 5734 ./strace-static-x86_64: Process 5734 attached [pid 5733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5734] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5734] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5734] memfd_create("syzkaller", 0) = 3 [pid 5734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5734] munmap(0x7f296b2da000, 138412032) = 0 [pid 5734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5734] close(3) = 0 [pid 5734] mkdir("./bus", 0777) = 0 [ 104.168268][ T5734] loop0: detected capacity change from 0 to 32768 [ 104.179361][ T5734] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5734) [ 104.196863][ T5734] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 104.205708][ T5734] BTRFS info (device loop0): doing ref verification [ 104.212658][ T5734] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 104.223573][ T5734] BTRFS info (device loop0): force zlib compression, level 3 [ 104.231042][ T5734] BTRFS info (device loop0): allowing degraded mounts [ 104.237885][ T5734] BTRFS info (device loop0): using free space tree [pid 5734] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5734] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5734] chdir("./bus") = 0 [pid 5734] ioctl(4, LOOP_CLR_FD) = 0 [pid 5734] close(4) = 0 [pid 5734] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5734] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] <... futex resumed>) = 0 [pid 5734] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5734] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5734] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... futex resumed>) = 1 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] <... futex resumed>) = 0 [pid 5734] open("./file0", O_RDONLY) = 4 [pid 5734] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] creat("./file1", 000) = 5 [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] <... futex resumed>) = 1 [pid 5734] open("./file0", O_RDONLY) = 6 [pid 5734] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5734] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5734] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5734] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5734] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] <... futex resumed>) = 0 [ 104.262041][ T5734] BTRFS info (device loop0): auto enabling async discard [pid 5734] creat("./bus", 012) = 7 [pid 5734] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5734] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] <... openat resumed>) = 8 [pid 5734] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] open("./file0", O_RDONLY) = 9 [pid 5734] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5734] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5733] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5733] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5733] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5733] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5751]}, 88) = 5751 ./strace-static-x86_64: Process 5751 attached [pid 5751] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5733] rt_sigprocmask(SIG_SETMASK, [], [pid 5751] <... rseq resumed>) = 0 [pid 5751] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5751] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 5733] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... openat resumed>) = 10 [pid 5751] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... futex resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5751] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 104.347252][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 104.360993][ T5734] BTRFS info (device loop0): balance: start -d -m [ 104.373203][ T5734] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5733] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5751] <... ioctl resumed>) = 0 [pid 5751] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... futex resumed>) = 0 [ 104.460332][ T5734] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 104.543716][ T5734] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5733] exit_group(0 [pid 5751] <... futex resumed>) = ? [pid 5733] <... exit_group resumed>) = ? [pid 5751] +++ exited with 0 +++ [pid 5734] <... ioctl resumed> ) = ? [pid 5734] +++ exited with 0 +++ [pid 5733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5733, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=57 /* 0.57 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 104.592564][ T5734] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 104.628631][ T5734] BTRFS info (device loop0): balance: ended with status: 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5752 ./strace-static-x86_64: Process 5752 attached [pid 5752] set_robust_list(0x5555560fc760, 24) = 0 [pid 5752] chdir("./38") = 0 [pid 5752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5752] setpgid(0, 0) = 0 [pid 5752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5752] write(3, "1000", 4) = 4 [pid 5752] close(3) = 0 [pid 5752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5752] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5752] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5753 attached [pid 5753] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5753] set_robust_list(0x7f29736fa9a0, 24 [pid 5752] <... clone3 resumed> => {parent_tid=[5753]}, 88) = 5753 [pid 5753] <... set_robust_list resumed>) = 0 [pid 5752] rt_sigprocmask(SIG_SETMASK, [], [pid 5753] rt_sigprocmask(SIG_SETMASK, [], [pid 5752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5753] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5753] memfd_create("syzkaller", 0) = 3 [pid 5753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5753] munmap(0x7f296b2da000, 138412032) = 0 [pid 5753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5753] close(3) = 0 [pid 5753] mkdir("./bus", 0777) = 0 [ 105.047003][ T5753] loop0: detected capacity change from 0 to 32768 [ 105.057118][ T5753] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5753) [ 105.073114][ T5753] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.082110][ T5753] BTRFS info (device loop0): doing ref verification [ 105.088793][ T5753] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 105.099638][ T5753] BTRFS info (device loop0): force zlib compression, level 3 [ 105.107099][ T5753] BTRFS info (device loop0): allowing degraded mounts [ 105.113887][ T5753] BTRFS info (device loop0): using free space tree [pid 5753] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5753] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5753] chdir("./bus") = 0 [pid 5753] ioctl(4, LOOP_CLR_FD) = 0 [pid 5753] close(4) = 0 [pid 5753] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5753] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5753] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5753] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... futex resumed>) = 0 [pid 5753] open("./file0", O_RDONLY) = 4 [pid 5753] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] creat("./file1", 000) = 5 [pid 5753] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] open("./file0", O_RDONLY) = 6 [pid 5753] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... ioctl resumed>) = 0 [pid 5753] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... futex resumed>) = 1 [pid 5753] creat("./bus", 012) = 7 [ 105.137911][ T5753] BTRFS info (device loop0): auto enabling async discard [pid 5753] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... futex resumed>) = 1 [pid 5753] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5753] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] open("./file0", O_RDONLY [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... open resumed>) = 9 [pid 5753] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5753] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5753] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5752] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5752] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5752] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5770]}, 88) = 5770 [pid 5752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5752] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5770 attached [pid 5770] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5770] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5770] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5770] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... futex resumed>) = 1 [ 105.228455][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 105.243998][ T5753] BTRFS info (device loop0): balance: start -d -m [ 105.256236][ T5753] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5770] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5752] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 105.303314][ T5753] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 105.313660][ T5753] BTRFS error (device loop0): dumping block entry [5378048 4096], num_refs 0, metadata 1, from disk 0 [ 105.324749][ T5753] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [ 105.333473][ T5753] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 105.344937][ T5753] __btrfs_cow_block+0x465/0x1a90 [ 105.350188][ T5753] btrfs_cow_block+0x35e/0xa10 [ 105.355243][ T5753] btrfs_search_slot+0xbf9/0x2f80 [ 105.360488][ T5753] btrfs_insert_empty_items+0x9c/0x180 [ 105.366244][ T5753] insert_with_overflow+0x150/0x3f0 [ 105.371664][ T5753] btrfs_insert_dir_item+0x243/0x630 [ 105.377223][ T5753] btrfs_add_link+0x270/0xc50 [ 105.382120][ T5753] btrfs_create_new_inode+0x1b3d/0x2710 [ 105.388013][ T5753] btrfs_create_common+0x1f9/0x300 [ 105.393352][ T5753] path_openat+0x13e7/0x3180 [ 105.398208][ T5753] do_filp_open+0x234/0x490 [ 105.402918][ T5753] do_sys_openat2+0x13e/0x1d0 [ 105.407880][ T5753] __x64_sys_creat+0x123/0x160 [ 105.412866][ T5753] do_syscall_64+0x41/0xc0 [ 105.417567][ T5753] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 105.423682][ T5753] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 105.436733][ T5753] __btrfs_cow_block+0xcca/0x1a90 [ 105.441966][ T5753] btrfs_cow_block+0x35e/0xa10 [ 105.447007][ T5753] btrfs_search_slot+0xbf9/0x2f80 [ 105.452234][ T5753] btrfs_lookup_inode+0xdc/0x480 [ 105.457456][ T5753] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 105.463548][ T5753] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 105.470378][ T5753] __btrfs_run_delayed_items+0x213/0x490 [ 105.476329][ T5753] btrfs_commit_transaction+0x8a4/0x3730 [ 105.482157][ T5753] prepare_to_relocate+0x3c5/0x4c0 [ 105.487506][ T5753] relocate_block_group+0x17f/0xcd0 [ 105.492956][ T5753] btrfs_relocate_block_group+0x7ab/0xd70 [ 105.498973][ T5753] btrfs_relocate_chunk+0x12c/0x3b0 [pid 5752] exit_group(0) = ? [ 105.504368][ T5753] __btrfs_balance+0x1b06/0x2690 [ 105.509547][ T5753] btrfs_balance+0xbd8/0x10d0 [ 105.514502][ T5753] btrfs_ioctl_balance+0x496/0x7c0 [ 105.519830][ T5753] __se_sys_ioctl+0xf8/0x170 [ 105.524692][ T5753] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 5246976, owner 0, offset 0, num_refs 1 [ 105.536576][ T5753] __btrfs_mod_ref+0x9b1/0xe20 [ 105.541528][ T5753] btrfs_copy_root+0x851/0xce0 [ 105.546556][ T5753] create_reloc_root+0x244/0x9a0 [ 105.551760][ T5753] btrfs_init_reloc_root+0x329/0x4e0 [ 105.557315][ T5753] record_root_in_trans+0x2c9/0x360 [ 105.562721][ T5753] qgroup_account_snapshot+0xa9/0x340 [ 105.568363][ T5753] create_pending_snapshot+0x1050/0x28b0 [ 105.574209][ T5753] create_pending_snapshots+0x195/0x1d0 [ 105.580044][ T5753] btrfs_commit_transaction+0xf1c/0x3730 [ 105.585985][ T5753] prepare_to_relocate+0x3c5/0x4c0 [ 105.591310][ T5753] relocate_block_group+0x17f/0xcd0 [ 105.596765][ T5753] btrfs_relocate_block_group+0x7ab/0xd70 [pid 5770] <... ioctl resumed>) = ? [pid 5770] +++ exited with 0 +++ [ 105.602686][ T5753] btrfs_relocate_chunk+0x12c/0x3b0 [ 105.608144][ T5753] __btrfs_balance+0x1b06/0x2690 [ 105.613282][ T5753] btrfs_balance+0xbd8/0x10d0 [ 105.618219][ T5753] btrfs_ioctl_balance+0x496/0x7c0 [pid 5753] <... ioctl resumed> ) = ? [pid 5753] +++ exited with 0 +++ [pid 5752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5752, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=64 /* 0.64 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 105.672948][ T5753] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 105.698490][ T5753] BTRFS info (device loop0): balance: canceled umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5773 ./strace-static-x86_64: Process 5773 attached [pid 5773] set_robust_list(0x5555560fc760, 24) = 0 [pid 5773] chdir("./39") = 0 [pid 5773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5773] setpgid(0, 0) = 0 [pid 5773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5773] write(3, "1000", 4) = 4 [pid 5773] close(3) = 0 [pid 5773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5773] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5773] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5773] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5773] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5774 attached [pid 5774] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5773] <... clone3 resumed> => {parent_tid=[5774]}, 88) = 5774 [pid 5774] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5773] rt_sigprocmask(SIG_SETMASK, [], [pid 5774] rt_sigprocmask(SIG_SETMASK, [], [pid 5773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] memfd_create("syzkaller", 0 [pid 5773] <... futex resumed>) = 0 [pid 5774] <... memfd_create resumed>) = 3 [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5774] munmap(0x7f296b2da000, 138412032) = 0 [pid 5774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5774] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5774] close(3) = 0 [pid 5774] mkdir("./bus", 0777) = 0 [ 106.086434][ T5774] loop0: detected capacity change from 0 to 32768 [ 106.098597][ T5774] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5774) [ 106.115148][ T5774] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 106.123896][ T5774] BTRFS info (device loop0): doing ref verification [pid 5774] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5774] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5774] chdir("./bus") = 0 [pid 5774] ioctl(4, LOOP_CLR_FD) = 0 [pid 5774] close(4) = 0 [pid 5774] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] <... futex resumed>) = 0 [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5773] <... futex resumed>) = 1 [pid 5774] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5774] <... futex resumed>) = 0 [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5774] open("./file0", O_RDONLY [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] <... open resumed>) = 4 [ 106.130582][ T5774] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 106.141464][ T5774] BTRFS info (device loop0): force zlib compression, level 3 [ 106.148931][ T5774] BTRFS info (device loop0): allowing degraded mounts [ 106.155793][ T5774] BTRFS info (device loop0): using free space tree [ 106.179183][ T5774] BTRFS info (device loop0): auto enabling async discard [pid 5774] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] <... futex resumed>) = 0 [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] creat("./file1", 000 [pid 5773] <... futex resumed>) = 0 [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] <... creat resumed>) = 5 [pid 5774] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] <... futex resumed>) = 0 [pid 5774] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5773] <... futex resumed>) = 0 [pid 5774] open("./file0", O_RDONLY [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] <... open resumed>) = 6 [pid 5774] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... futex resumed>) = 0 [pid 5774] <... futex resumed>) = 1 [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5773] <... futex resumed>) = 0 [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] <... ioctl resumed>) = 0 [pid 5774] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] <... futex resumed>) = 0 [pid 5774] creat("./bus", 012 [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] <... creat resumed>) = 7 [pid 5774] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] <... futex resumed>) = 0 [pid 5774] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5774] <... futex resumed>) = 0 [pid 5774] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] <... futex resumed>) = 0 [pid 5774] open("./file0", O_RDONLY [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... open resumed>) = 9 [pid 5773] <... futex resumed>) = 0 [pid 5774] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] <... futex resumed>) = 0 [pid 5773] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5774] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5773] <... futex resumed>) = 0 [pid 5774] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5774] <... ioctl resumed>) = 0 [pid 5774] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5773] <... futex resumed>) = 0 [pid 5774] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5774] <... futex resumed>) = 0 [pid 5773] <... futex resumed>) = 1 [pid 5774] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5773] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5773] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5773] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5792 attached => {parent_tid=[5792]}, 88) = 5792 [pid 5773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5773] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5773] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5792] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5792] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 106.287483][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 106.302408][ T5774] BTRFS info (device loop0): balance: start -d -m [ 106.313207][ T5774] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5792] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5792] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 106.356416][ T5774] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 106.370753][ T5792] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 106.381047][ T5792] BTRFS error (device loop0): dumping block entry [5378048 4096], num_refs 0, metadata 1, from disk 0 [ 106.392058][ T5792] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [pid 5792] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5773] <... futex resumed>) = 0 [pid 5773] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [ 106.400803][ T5792] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 106.412165][ T5792] __btrfs_cow_block+0x465/0x1a90 [ 106.417476][ T5792] btrfs_cow_block+0x35e/0xa10 [ 106.422441][ T5792] btrfs_search_slot+0xbf9/0x2f80 [ 106.427714][ T5792] btrfs_insert_empty_items+0x9c/0x180 [ 106.433391][ T5792] insert_with_overflow+0x150/0x3f0 [ 106.438895][ T5792] btrfs_insert_dir_item+0x243/0x630 [ 106.444449][ T5792] btrfs_add_link+0x270/0xc50 [ 106.449595][ T5792] btrfs_create_new_inode+0x1b3d/0x2710 [pid 5792] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 106.455758][ T5792] btrfs_create_common+0x1f9/0x300 [ 106.461090][ T5792] path_openat+0x13e7/0x3180 [ 106.466219][ T5792] do_filp_open+0x234/0x490 [ 106.470931][ T5792] do_sys_openat2+0x13e/0x1d0 [ 106.475955][ T5792] __x64_sys_creat+0x123/0x160 [ 106.480943][ T5792] do_syscall_64+0x41/0xc0 [ 106.486056][ T5792] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 106.492172][ T5792] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [pid 5773] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 106.505182][ T5792] __btrfs_cow_block+0xcca/0x1a90 [ 106.510411][ T5792] btrfs_cow_block+0x35e/0xa10 [ 106.515422][ T5792] btrfs_search_slot+0xbf9/0x2f80 [ 106.520645][ T5792] btrfs_lookup_inode+0xdc/0x480 [ 106.525849][ T5792] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 106.532170][ T5792] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 106.539017][ T5792] __btrfs_run_delayed_items+0x213/0x490 [ 106.544902][ T5792] btrfs_commit_transaction+0x8a4/0x3730 [ 106.550751][ T5792] create_snapshot+0x4a5/0x7e0 [ 106.555807][ T5792] btrfs_mksubvol+0x5d0/0x750 [ 106.560731][ T5792] btrfs_mksnapshot+0xb5/0xf0 [ 106.565692][ T5792] __btrfs_ioctl_snap_create+0x344/0x460 [ 106.571532][ T5792] btrfs_ioctl_snap_create+0x13c/0x190 [ 106.577240][ T5792] btrfs_ioctl+0xbbf/0xd40 [ 106.581876][ T5792] __se_sys_ioctl+0xf8/0x170 [ 106.586741][ T5792] do_syscall_64+0x41/0xc0 [ 106.591378][ T5792] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [ 106.603278][ T5792] __btrfs_mod_ref+0x9b1/0xe20 [ 106.608291][ T5792] btrfs_copy_root+0x851/0xce0 [ 106.613273][ T5792] create_reloc_root+0x244/0x9a0 [ 106.618467][ T5792] btrfs_init_reloc_root+0x329/0x4e0 [ 106.623972][ T5792] record_root_in_trans+0x2c9/0x360 [ 106.629439][ T5792] qgroup_account_snapshot+0xa9/0x340 [ 106.635082][ T5792] create_pending_snapshot+0x1050/0x28b0 [ 106.640912][ T5792] create_pending_snapshots+0x195/0x1d0 [ 106.646715][ T5792] btrfs_commit_transaction+0xf1c/0x3730 [ 106.652542][ T5792] create_snapshot+0x4a5/0x7e0 [pid 5773] exit_group(0) = ? [pid 5792] <... ioctl resumed>) = ? [pid 5792] +++ exited with 0 +++ [ 106.657534][ T5792] btrfs_mksubvol+0x5d0/0x750 [ 106.662433][ T5792] btrfs_mksnapshot+0xb5/0xf0 [ 106.667477][ T5792] __btrfs_ioctl_snap_create+0x344/0x460 [ 106.673344][ T5792] btrfs_ioctl_snap_create+0x13c/0x190 [ 106.679143][ T5792] btrfs_ioctl+0xbbf/0xd40 [ 106.683783][ T5792] __se_sys_ioctl+0xf8/0x170 [pid 5774] <... ioctl resumed> ) = ? [pid 5774] +++ exited with 0 +++ [pid 5773] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5773, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=72 /* 0.72 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 106.725570][ T5774] BTRFS info (device loop0): balance: canceled umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5794 ./strace-static-x86_64: Process 5794 attached [pid 5794] set_robust_list(0x5555560fc760, 24) = 0 [pid 5794] chdir("./40") = 0 [pid 5794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5794] setpgid(0, 0) = 0 [pid 5794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5794] write(3, "1000", 4) = 4 [pid 5794] close(3) = 0 [pid 5794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5794] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5795 attached [pid 5795] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5795] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5795] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] <... clone3 resumed> => {parent_tid=[5795]}, 88) = 5795 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5795] memfd_create("syzkaller", 0) = 3 [pid 5795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5795] munmap(0x7f296b2da000, 138412032) = 0 [pid 5795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5795] close(3) = 0 [pid 5795] mkdir("./bus", 0777) = 0 [ 107.134288][ T5795] loop0: detected capacity change from 0 to 32768 [ 107.144675][ T5795] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5795) [ 107.162881][ T5795] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 107.171750][ T5795] BTRFS info (device loop0): doing ref verification [pid 5795] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5795] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5795] chdir("./bus") = 0 [pid 5795] ioctl(4, LOOP_CLR_FD) = 0 [pid 5795] close(4) = 0 [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5795] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5795] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5795] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5795] open("./file0", O_RDONLY [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... open resumed>) = 4 [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] creat("./file1", 000 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... creat resumed>) = 5 [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5795] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] open("./file0", O_RDONLY [pid 5794] <... futex resumed>) = 0 [pid 5795] <... open resumed>) = 6 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5795] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 107.178556][ T5795] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 107.189503][ T5795] BTRFS info (device loop0): force zlib compression, level 3 [ 107.196977][ T5795] BTRFS info (device loop0): allowing degraded mounts [ 107.203763][ T5795] BTRFS info (device loop0): using free space tree [ 107.225997][ T5795] BTRFS info (device loop0): auto enabling async discard [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... ioctl resumed>) = 0 [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... futex resumed>) = 1 [pid 5795] creat("./bus", 012) = 7 [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... futex resumed>) = 1 [pid 5795] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... futex resumed>) = 1 [pid 5795] open("./file0", O_RDONLY) = 9 [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... futex resumed>) = 1 [pid 5795] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5794] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... futex resumed>) = 1 [pid 5795] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5794] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5794] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5794] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5812 attached => {parent_tid=[5812]}, 88) = 5812 [pid 5812] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], [pid 5812] <... rseq resumed>) = 0 [pid 5794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5794] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5794] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5812] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5812] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5812] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5812] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5812] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5794] <... futex resumed>) = 0 [ 107.301369][ T5795] BTRFS info (device loop0): balance: start -d -m [ 107.302910][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 107.320398][ T5795] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5794] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5812] <... ioctl resumed>) = 0 [pid 5812] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5812] <... futex resumed>) = 1 [ 107.370606][ T5795] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 107.498420][ T5795] BTRFS info (device loop0): found 5 extents, stage: move data extents [pid 5812] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5795] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] exit_group(0 [pid 5812] <... futex resumed>) = ? [pid 5794] <... exit_group resumed>) = ? [pid 5812] +++ exited with 0 +++ [pid 5795] <... futex resumed>) = ? [pid 5795] +++ exited with 0 +++ [pid 5794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5794, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=50 /* 0.50 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 107.561178][ T5795] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 107.597944][ T5795] BTRFS info (device loop0): balance: ended with status: 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5814 ./strace-static-x86_64: Process 5814 attached [pid 5814] set_robust_list(0x5555560fc760, 24) = 0 [pid 5814] chdir("./41") = 0 [pid 5814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5814] setpgid(0, 0) = 0 [pid 5814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5814] write(3, "1000", 4) = 4 [pid 5814] close(3) = 0 [pid 5814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5814] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5814] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5815 attached => {parent_tid=[5815]}, 88) = 5815 [pid 5815] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5814] rt_sigprocmask(SIG_SETMASK, [], [pid 5815] <... rseq resumed>) = 0 [pid 5814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5815] set_robust_list(0x7f29736fa9a0, 24 [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... set_robust_list resumed>) = 0 [pid 5814] <... futex resumed>) = 0 [pid 5815] rt_sigprocmask(SIG_SETMASK, [], [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5815] memfd_create("syzkaller", 0) = 3 [pid 5815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5815] munmap(0x7f296b2da000, 138412032) = 0 [pid 5815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5815] close(3) = 0 [pid 5815] mkdir("./bus", 0777) = 0 [ 108.006962][ T5815] loop0: detected capacity change from 0 to 32768 [ 108.017562][ T5815] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5815) [ 108.035847][ T5815] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.044659][ T5815] BTRFS info (device loop0): doing ref verification [ 108.051296][ T5815] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 108.062246][ T5815] BTRFS info (device loop0): force zlib compression, level 3 [ 108.069686][ T5815] BTRFS info (device loop0): allowing degraded mounts [ 108.076551][ T5815] BTRFS info (device loop0): using free space tree [ 108.100563][ T5815] BTRFS info (device loop0): auto enabling async discard [pid 5815] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5815] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5815] chdir("./bus") = 0 [pid 5815] ioctl(4, LOOP_CLR_FD) = 0 [pid 5815] close(4) = 0 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5815] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5814] <... futex resumed>) = 0 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] <... futex resumed>) = 0 [pid 5815] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] <... futex resumed>) = 0 [pid 5815] open("./file0", O_RDONLY [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] <... open resumed>) = 4 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] creat("./file1", 000) = 5 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5815] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] open("./file0", O_RDONLY) = 6 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] <... futex resumed>) = 0 [pid 5814] <... futex resumed>) = 1 [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] <... futex resumed>) = 0 [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] creat("./bus", 012) = 7 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5815] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] <... futex resumed>) = 0 [pid 5815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] <... openat resumed>) = 8 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] open("./file0", O_RDONLY) = 9 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5815] <... futex resumed>) = 1 [pid 5814] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5814] <... futex resumed>) = 0 [ 108.228688][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 108.266348][ T5815] BTRFS info (device loop0): balance: start -d -m [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5814] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5814] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5814] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5832]}, 88) = 5832 [pid 5814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5814] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5832 attached [pid 5814] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5832] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5832] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5832] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5814] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5814] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... futex resumed>) = 1 [ 108.278998][ T5815] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5832] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 5832] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5814] <... futex resumed>) = 0 [ 108.371449][ T5815] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 108.436744][ T5815] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5832] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5815] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5815] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5814] exit_group(0 [pid 5832] <... futex resumed>) = ? [pid 5815] <... futex resumed>) = ? [pid 5832] +++ exited with 0 +++ [pid 5814] <... exit_group resumed>) = ? [pid 5815] +++ exited with 0 +++ [pid 5814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5814, si_uid=0, si_status=0, si_utime=0, si_stime=50 /* 0.50 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 108.482251][ T5815] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 108.519414][ T5815] BTRFS info (device loop0): balance: ended with status: 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5834 ./strace-static-x86_64: Process 5834 attached [pid 5834] set_robust_list(0x5555560fc760, 24) = 0 [pid 5834] chdir("./42") = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5834] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5834] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5835 attached => {parent_tid=[5835]}, 88) = 5835 [pid 5835] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] <... rseq resumed>) = 0 [pid 5835] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5835] memfd_create("syzkaller", 0) = 3 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5835] munmap(0x7f296b2da000, 138412032) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5835] close(3) = 0 [pid 5835] mkdir("./bus", 0777) = 0 [ 108.932823][ T5835] loop0: detected capacity change from 0 to 32768 [ 108.944310][ T5835] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5835) [ 108.959931][ T5835] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.968744][ T5835] BTRFS info (device loop0): doing ref verification [ 108.975552][ T5835] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 108.986432][ T5835] BTRFS info (device loop0): force zlib compression, level 3 [ 108.993842][ T5835] BTRFS info (device loop0): allowing degraded mounts [ 109.000683][ T5835] BTRFS info (device loop0): using free space tree [pid 5835] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5835] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5835] chdir("./bus") = 0 [pid 5835] ioctl(4, LOOP_CLR_FD) = 0 [pid 5835] close(4) = 0 [pid 5835] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5835] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] open("./file0", O_RDONLY) = 4 [pid 5835] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 0 [pid 5835] creat("./file1", 000) = 5 [pid 5835] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5835] open("./file0", O_RDONLY) = 6 [pid 5835] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5835] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5834] <... futex resumed>) = 1 [ 109.024731][ T5835] BTRFS info (device loop0): auto enabling async discard [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... ioctl resumed>) = 0 [pid 5835] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5835] creat("./bus", 012 [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... creat resumed>) = 7 [pid 5835] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5835] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5835] <... futex resumed>) = 1 [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] open("./file0", O_RDONLY [pid 5834] <... futex resumed>) = 0 [pid 5835] <... open resumed>) = 9 [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 1 [pid 5835] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5835] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 1 [pid 5835] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5834] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5834] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5852 attached => {parent_tid=[5852]}, 88) = 5852 [pid 5852] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] <... rseq resumed>) = 0 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] set_robust_list(0x7f29736d99a0, 24 [pid 5834] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5834] <... futex resumed>) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5852] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5852] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5852] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 109.121606][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 109.136360][ T5835] BTRFS info (device loop0): balance: start -d -m [ 109.146601][ T5835] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5834] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5852] <... ioctl resumed>) = 0 [pid 5852] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.259891][ T5835] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 109.330167][ T5835] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5852] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] exit_group(0 [pid 5852] <... futex resumed>) = ? [pid 5834] <... exit_group resumed>) = ? [pid 5852] +++ exited with 0 +++ [pid 5835] <... ioctl resumed> ) = ? [pid 5835] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=51 /* 0.51 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 109.379824][ T5835] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 109.418231][ T5835] BTRFS info (device loop0): balance: ended with status: 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5853 ./strace-static-x86_64: Process 5853 attached [pid 5853] set_robust_list(0x5555560fc760, 24) = 0 [pid 5853] chdir("./43") = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0) = 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5853] write(3, "1000", 4) = 4 [pid 5853] close(3) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5853] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5853] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5853] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5853] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5853] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5854]}, 88) = 5854 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5854 attached [pid 5854] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5854] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5854] memfd_create("syzkaller", 0) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5854] munmap(0x7f296b2da000, 138412032) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5854] close(3) = 0 [pid 5854] mkdir("./bus", 0777) = 0 [ 109.829059][ T5854] loop0: detected capacity change from 0 to 32768 [ 109.839169][ T5854] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5854) [ 109.854987][ T5854] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 109.863725][ T5854] BTRFS info (device loop0): doing ref verification [pid 5854] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5854] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./bus") = 0 [pid 5854] ioctl(4, LOOP_CLR_FD) = 0 [pid 5854] close(4) = 0 [pid 5854] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5854] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5854] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5854] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5854] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] open("./file0", O_RDONLY) = 4 [pid 5854] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5854] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] creat("./file1", 000 [pid 5853] <... futex resumed>) = 0 [pid 5854] <... creat resumed>) = 5 [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] open("./file0", O_RDONLY [pid 5853] <... futex resumed>) = 0 [pid 5854] <... open resumed>) = 6 [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5854] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 109.870455][ T5854] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 109.881271][ T5854] BTRFS info (device loop0): force zlib compression, level 3 [ 109.888718][ T5854] BTRFS info (device loop0): allowing degraded mounts [ 109.895528][ T5854] BTRFS info (device loop0): using free space tree [ 109.918681][ T5854] BTRFS info (device loop0): auto enabling async discard [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] <... ioctl resumed>) = 0 [pid 5854] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5854] creat("./bus", 012 [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] <... creat resumed>) = 7 [pid 5854] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5854] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] open("./file0", O_RDONLY [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] <... open resumed>) = 9 [pid 5854] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5854] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5853] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5853] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5853] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5853] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5871 attached [pid 5871] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5853] <... clone3 resumed> => {parent_tid=[5871]}, 88) = 5871 [pid 5871] <... rseq resumed>) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] set_robust_list(0x7f29736d99a0, 24 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5853] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... futex resumed>) = 0 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5871] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 110.006290][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 110.018869][ T5854] BTRFS info (device loop0): balance: start -d -m [ 110.027902][ T5854] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5871] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5853] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] <... ioctl resumed>) = 0 [pid 5871] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 110.149030][ T5854] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5871] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] exit_group(0 [pid 5871] <... futex resumed>) = ? [pid 5853] <... exit_group resumed>) = ? [pid 5871] +++ exited with 0 +++ [ 110.225762][ T5854] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5854] <... ioctl resumed> ) = ? [pid 5854] +++ exited with 0 +++ [pid 5853] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=52 /* 0.52 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 110.275613][ T5854] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 110.309226][ T5854] BTRFS info (device loop0): balance: ended with status: 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached , child_tidptr=0x5555560fc750) = 5872 [pid 5872] set_robust_list(0x5555560fc760, 24) = 0 [pid 5872] chdir("./44") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5872] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5873 attached => {parent_tid=[5873]}, 88) = 5873 [pid 5873] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5873] <... rseq resumed>) = 0 [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] set_robust_list(0x7f29736fa9a0, 24 [pid 5872] <... futex resumed>) = 0 [pid 5873] <... set_robust_list resumed>) = 0 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] memfd_create("syzkaller", 0) = 3 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5873] munmap(0x7f296b2da000, 138412032) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5873] close(3) = 0 [pid 5873] mkdir("./bus", 0777) = 0 [ 110.720274][ T5873] loop0: detected capacity change from 0 to 32768 [ 110.731610][ T5873] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5873) [ 110.749386][ T5873] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 110.758223][ T5873] BTRFS info (device loop0): doing ref verification [pid 5873] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5873] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5873] chdir("./bus") = 0 [pid 5873] ioctl(4, LOOP_CLR_FD) = 0 [pid 5873] close(4) = 0 [pid 5873] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5873] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] <... futex resumed>) = 0 [pid 5873] open("./file0", O_RDONLY [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... open resumed>) = 4 [pid 5873] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] creat("./file1", 000 [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... creat resumed>) = 5 [pid 5873] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5873] open("./file0", O_RDONLY [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... open resumed>) = 6 [ 110.764923][ T5873] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 110.775883][ T5873] BTRFS info (device loop0): force zlib compression, level 3 [ 110.783387][ T5873] BTRFS info (device loop0): allowing degraded mounts [ 110.790236][ T5873] BTRFS info (device loop0): using free space tree [ 110.813431][ T5873] BTRFS info (device loop0): auto enabling async discard [pid 5873] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5873] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... ioctl resumed>) = 0 [pid 5873] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5873] creat("./bus", 012 [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... creat resumed>) = 7 [pid 5873] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5873] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] open("./file0", O_RDONLY) = 9 [pid 5873] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5873] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5872] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 110.901377][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 110.925302][ T5873] BTRFS info (device loop0): balance: start -d -m [pid 5872] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5872] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5890 attached [pid 5890] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5872] <... clone3 resumed> => {parent_tid=[5890]}, 88) = 5890 [pid 5890] <... rseq resumed>) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] set_robust_list(0x7f29736d99a0, 24 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] <... set_robust_list resumed>) = 0 [pid 5872] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... futex resumed>) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 5872] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] <... openat resumed>) = 10 [pid 5890] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5890] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] <... futex resumed>) = 0 [pid 5890] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 110.945064][ T5873] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5872] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] <... ioctl resumed>) = 0 [pid 5890] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = 0 [pid 5890] <... futex resumed>) = 1 [ 111.060363][ T5873] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 111.126394][ T5873] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5890] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] exit_group(0 [pid 5890] <... futex resumed>) = ? [pid 5872] <... exit_group resumed>) = ? [pid 5890] +++ exited with 0 +++ [pid 5873] <... ioctl resumed> ) = ? [pid 5873] +++ exited with 0 +++ [pid 5872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=50 /* 0.50 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 111.172232][ T5873] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 111.211400][ T5873] BTRFS info (device loop0): balance: ended with status: 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5891 ./strace-static-x86_64: Process 5891 attached [pid 5891] set_robust_list(0x5555560fc760, 24) = 0 [pid 5891] chdir("./45") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5891] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5891] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5892]}, 88) = 5892 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5892 attached [pid 5892] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5892] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5892] memfd_create("syzkaller", 0) = 3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5892] munmap(0x7f296b2da000, 138412032) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5892] close(3) = 0 [pid 5892] mkdir("./bus", 0777) = 0 [ 111.613993][ T5892] loop0: detected capacity change from 0 to 32768 [ 111.623787][ T5892] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5892) [ 111.639893][ T5892] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 111.648854][ T5892] BTRFS info (device loop0): doing ref verification [ 111.655631][ T5892] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 111.666747][ T5892] BTRFS info (device loop0): force zlib compression, level 3 [ 111.674132][ T5892] BTRFS info (device loop0): allowing degraded mounts [ 111.681029][ T5892] BTRFS info (device loop0): using free space tree [pid 5892] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5892] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./bus") = 0 [pid 5892] ioctl(4, LOOP_CLR_FD) = 0 [pid 5892] close(4) = 0 [pid 5892] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 1 [pid 5892] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5892] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] open("./file0", O_RDONLY) = 4 [pid 5892] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5892] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] creat("./file1", 000) = 5 [pid 5891] <... futex resumed>) = 0 [pid 5892] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] open("./file0", O_RDONLY [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... open resumed>) = 6 [pid 5892] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 0 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 1 [pid 5892] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... ioctl resumed>) = 0 [pid 5892] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 0 [ 111.704469][ T5892] BTRFS info (device loop0): auto enabling async discard [pid 5892] creat("./bus", 012) = 7 [pid 5892] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 1 [pid 5892] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5892] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 1 [pid 5892] open("./file0", O_RDONLY) = 9 [pid 5892] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5892] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... ioctl resumed>) = 0 [pid 5892] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5891] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5891] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5891] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5891] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5909 attached [ 111.773969][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 111.802422][ T5892] BTRFS info (device loop0): balance: start -d -m [ 111.813008][ T5892] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5909] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5891] <... clone3 resumed> => {parent_tid=[5909]}, 88) = 5909 [pid 5909] <... rseq resumed>) = 0 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] set_robust_list(0x7f29736d99a0, 24 [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] <... set_robust_list resumed>) = 0 [pid 5891] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] <... futex resumed>) = 0 [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5909] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5909] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5891] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 111.874166][ T5892] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 111.897388][ T5909] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 111.907746][ T5909] BTRFS error (device loop0): dumping block entry [5398528 4096], num_refs 0, metadata 1, from disk 0 [ 111.918939][ T5909] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [ 111.927715][ T5909] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 111.939164][ T5909] __btrfs_cow_block+0x465/0x1a90 [ 111.944476][ T5909] btrfs_cow_block+0x35e/0xa10 [ 111.949467][ T5909] btrfs_search_slot+0xbf9/0x2f80 [ 111.954864][ T5909] btrfs_insert_empty_items+0x9c/0x180 [ 111.960558][ T5909] insert_with_overflow+0x150/0x3f0 [ 111.966061][ T5909] btrfs_insert_dir_item+0x243/0x630 [pid 5891] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 111.971565][ T5909] btrfs_add_link+0x270/0xc50 [ 111.976538][ T5909] btrfs_create_new_inode+0x1b3d/0x2710 [ 111.982303][ T5909] btrfs_create_common+0x1f9/0x300 [ 111.987714][ T5909] path_openat+0x13e7/0x3180 [ 111.992513][ T5909] do_filp_open+0x234/0x490 [ 111.997281][ T5909] do_sys_openat2+0x13e/0x1d0 [ 112.002170][ T5909] __x64_sys_creat+0x123/0x160 [ 112.007176][ T5909] do_syscall_64+0x41/0xc0 [ 112.011816][ T5909] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 112.018006][ T5909] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 112.031021][ T5909] __btrfs_cow_block+0xcca/0x1a90 [ 112.036310][ T5909] btrfs_cow_block+0x35e/0xa10 [ 112.041269][ T5909] btrfs_search_slot+0xbf9/0x2f80 [ 112.046584][ T5909] btrfs_lookup_inode+0xdc/0x480 [ 112.051760][ T5909] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 112.057969][ T5909] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 112.064848][ T5909] __btrfs_run_delayed_items+0x213/0x490 [pid 5891] exit_group(0) = ? [ 112.070691][ T5909] btrfs_commit_transaction+0x8a4/0x3730 [ 112.076616][ T5909] create_snapshot+0x4a5/0x7e0 [ 112.081605][ T5909] btrfs_mksubvol+0x5d0/0x750 [ 112.086560][ T5909] btrfs_mksnapshot+0xb5/0xf0 [ 112.091449][ T5909] __btrfs_ioctl_snap_create+0x344/0x460 [ 112.097379][ T5909] btrfs_ioctl_snap_create+0x13c/0x190 [ 112.103045][ T5909] btrfs_ioctl+0xbbf/0xd40 [ 112.107696][ T5909] __se_sys_ioctl+0xf8/0x170 [ 112.112497][ T5909] do_syscall_64+0x41/0xc0 [ 112.117226][ T5909] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [ 112.129121][ T5909] __btrfs_mod_ref+0x9b1/0xe20 [ 112.134095][ T5909] btrfs_copy_root+0x851/0xce0 [ 112.139123][ T5909] create_reloc_root+0x244/0x9a0 [ 112.144277][ T5909] btrfs_init_reloc_root+0x329/0x4e0 [ 112.149825][ T5909] record_root_in_trans+0x2c9/0x360 [ 112.155268][ T5909] qgroup_account_snapshot+0xa9/0x340 [ 112.160862][ T5909] create_pending_snapshot+0x1050/0x28b0 [ 112.166776][ T5909] create_pending_snapshots+0x195/0x1d0 [pid 5909] <... ioctl resumed>) = ? [pid 5909] +++ exited with 0 +++ [ 112.172535][ T5909] btrfs_commit_transaction+0xf1c/0x3730 [ 112.178491][ T5909] create_snapshot+0x4a5/0x7e0 [ 112.183485][ T5909] btrfs_mksubvol+0x5d0/0x750 [ 112.188435][ T5909] btrfs_mksnapshot+0xb5/0xf0 [ 112.193314][ T5909] __btrfs_ioctl_snap_create+0x344/0x460 [ 112.199247][ T5909] btrfs_ioctl_snap_create+0x13c/0x190 [ 112.204938][ T5909] btrfs_ioctl+0xbbf/0xd40 [ 112.209541][ T5909] __se_sys_ioctl+0xf8/0x170 [pid 5892] <... ioctl resumed> ) = ? [pid 5892] +++ exited with 0 +++ [pid 5891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=64 /* 0.64 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 112.244240][ T5892] BTRFS info (device loop0): balance: canceled umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5910 ./strace-static-x86_64: Process 5910 attached [pid 5910] set_robust_list(0x5555560fc760, 24) = 0 [pid 5910] chdir("./46") = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5910] write(3, "1000", 4) = 4 [pid 5910] close(3) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5910] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5910] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5910] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5911 attached => {parent_tid=[5911]}, 88) = 5911 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] set_robust_list(0x7f29736fa9a0, 24 [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5911] <... set_robust_list resumed>) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5911] munmap(0x7f296b2da000, 138412032) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] mkdir("./bus", 0777) = 0 [ 112.641999][ T5911] loop0: detected capacity change from 0 to 32768 [ 112.651804][ T5911] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5911) [ 112.669068][ T5911] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 112.677908][ T5911] BTRFS info (device loop0): doing ref verification [ 112.684684][ T5911] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 112.695520][ T5911] BTRFS info (device loop0): force zlib compression, level 3 [ 112.702945][ T5911] BTRFS info (device loop0): allowing degraded mounts [ 112.709839][ T5911] BTRFS info (device loop0): using free space tree [pid 5911] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5911] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./bus") = 0 [pid 5911] ioctl(4, LOOP_CLR_FD) = 0 [pid 5911] close(4) = 0 [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5910] <... futex resumed>) = 0 [pid 5911] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5911] <... futex resumed>) = 0 [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] open("./file0", O_RDONLY [pid 5910] <... futex resumed>) = 0 [pid 5911] <... open resumed>) = 4 [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] <... futex resumed>) = 0 [pid 5911] creat("./file1", 000 [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... creat resumed>) = 5 [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] open("./file0", O_RDONLY [pid 5910] <... futex resumed>) = 0 [pid 5911] <... open resumed>) = 6 [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... ioctl resumed>) = 0 [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [ 112.732500][ T5911] BTRFS info (device loop0): auto enabling async discard [pid 5911] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] creat("./bus", 012) = 7 [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... futex resumed>) = 0 [pid 5911] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] <... futex resumed>) = 0 [pid 5911] open("./file0", O_RDONLY [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... open resumed>) = 9 [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... ioctl resumed>) = 0 [pid 5910] <... futex resumed>) = 0 [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... futex resumed>) = 0 [pid 5910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5910] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5910] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5910] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [ 112.828970][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 112.843780][ T5911] BTRFS info (device loop0): balance: start -d -m [ 112.855231][ T5911] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5928 attached [pid 5928] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5928] set_robust_list(0x7f29736d99a0, 24 [pid 5910] <... clone3 resumed> => {parent_tid=[5928]}, 88) = 5928 [pid 5928] <... set_robust_list resumed>) = 0 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5928] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 5910] <... futex resumed>) = 0 [pid 5928] <... openat resumed>) = 10 [pid 5910] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5928] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5910] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.907650][ T5911] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5910] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5910] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5928] <... ioctl resumed>) = 0 [pid 5928] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5928] <... futex resumed>) = 0 [ 113.035914][ T5911] BTRFS info (device loop0): found 7 extents, stage: move data extents [pid 5928] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5911] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] exit_group(0) = ? [pid 5928] <... futex resumed>) = ? [pid 5911] <... futex resumed>) = ? [pid 5928] +++ exited with 0 +++ [pid 5911] +++ exited with 0 +++ [pid 5910] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=52 /* 0.52 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 113.083429][ T5911] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 113.119523][ T5911] BTRFS info (device loop0): balance: ended with status: 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5929 ./strace-static-x86_64: Process 5929 attached [pid 5929] set_robust_list(0x5555560fc760, 24) = 0 [pid 5929] chdir("./47") = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5929] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[5930]}, 88) = 5930 ./strace-static-x86_64: Process 5930 attached [pid 5929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5930] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5930] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5930] memfd_create("syzkaller", 0) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5930] munmap(0x7f296b2da000, 138412032) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5930] close(3) = 0 [pid 5930] mkdir("./bus", 0777) = 0 [ 113.507794][ T5930] loop0: detected capacity change from 0 to 32768 [ 113.518403][ T5930] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5930) [ 113.536972][ T5930] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 113.545775][ T5930] BTRFS info (device loop0): doing ref verification [ 113.552530][ T5930] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 113.563392][ T5930] BTRFS info (device loop0): force zlib compression, level 3 [ 113.571083][ T5930] BTRFS info (device loop0): allowing degraded mounts [ 113.577925][ T5930] BTRFS info (device loop0): using free space tree [pid 5930] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5930] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./bus") = 0 [pid 5930] ioctl(4, LOOP_CLR_FD) = 0 [pid 5930] close(4) = 0 [pid 5930] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5930] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 5930] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5930] open("./file0", O_RDONLY) = 4 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5930] creat("./file1", 000) = 5 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... futex resumed>) = 1 [pid 5930] open("./file0", O_RDONLY) = 6 [pid 5930] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... futex resumed>) = 1 [ 113.601582][ T5930] BTRFS info (device loop0): auto enabling async discard [pid 5930] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5930] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... futex resumed>) = 1 [pid 5930] creat("./bus", 012) = 7 [pid 5930] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... futex resumed>) = 1 [pid 5930] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5930] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... futex resumed>) = 1 [pid 5930] open("./file0", O_RDONLY) = 9 [pid 5930] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5930] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] <... futex resumed>) = 1 [pid 5930] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5929] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5929] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5929] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 5947 attached => {parent_tid=[5947]}, 88) = 5947 [pid 5947] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], [pid 5947] <... rseq resumed>) = 0 [pid 5929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] set_robust_list(0x7f29736d99a0, 24 [pid 5929] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... set_robust_list resumed>) = 0 [pid 5929] <... futex resumed>) = 0 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5929] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5947] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5947] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5929] <... futex resumed>) = 0 [pid 5947] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 113.687672][ T5930] BTRFS info (device loop0): balance: start -d -m [ 113.688982][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 113.703907][ T5930] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5929] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... ioctl resumed>) = 0 [pid 5929] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5947] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 113.829281][ T5930] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 113.909319][ T5930] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 5947] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] exit_group(0) = ? [pid 5947] <... futex resumed>) = ? [pid 5947] +++ exited with 0 +++ [pid 5930] <... ioctl resumed> ) = ? [pid 5930] +++ exited with 0 +++ [pid 5929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 113.957575][ T5930] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 113.992456][ T5930] BTRFS info (device loop0): balance: ended with status: 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 5948 ./strace-static-x86_64: Process 5948 attached [pid 5948] set_robust_list(0x5555560fc760, 24) = 0 [pid 5948] chdir("./48") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5948] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5948] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5949 attached => {parent_tid=[5949]}, 88) = 5949 [pid 5949] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 5949] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], [pid 5948] rt_sigprocmask(SIG_SETMASK, [], [pid 5949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5949] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5949] munmap(0x7f296b2da000, 138412032) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5949] close(3) = 0 [pid 5949] mkdir("./bus", 0777) = 0 [ 114.394669][ T5949] loop0: detected capacity change from 0 to 32768 [ 114.405108][ T5949] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5949) [ 114.420349][ T5949] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 114.429232][ T5949] BTRFS info (device loop0): doing ref verification [pid 5949] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5949] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./bus") = 0 [pid 5949] ioctl(4, LOOP_CLR_FD) = 0 [pid 5949] close(4) = 0 [pid 5949] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5949] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = 1 [pid 5949] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5949] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 0 [pid 5949] open("./file0", O_RDONLY [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... open resumed>) = 4 [pid 5949] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] creat("./file1", 000 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... creat resumed>) = 5 [pid 5949] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5949] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... futex resumed>) = 0 [pid 5949] open("./file0", O_RDONLY) = 6 [pid 5949] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... futex resumed>) = 1 [ 114.435929][ T5949] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 114.446819][ T5949] BTRFS info (device loop0): force zlib compression, level 3 [ 114.454220][ T5949] BTRFS info (device loop0): allowing degraded mounts [ 114.461070][ T5949] BTRFS info (device loop0): using free space tree [ 114.484841][ T5949] BTRFS info (device loop0): auto enabling async discard [pid 5949] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5949] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5949] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5949] creat("./bus", 012) = 7 [pid 5948] <... futex resumed>) = 1 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... futex resumed>) = 1 [pid 5949] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5949] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... futex resumed>) = 1 [pid 5949] open("./file0", O_RDONLY) = 9 [pid 5949] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... futex resumed>) = 1 [pid 5949] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5949] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... futex resumed>) = 1 [pid 5949] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5948] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5948] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5966]}, 88) = 5966 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5948] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5966 attached [pid 5966] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5966] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5966] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5966] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 114.575891][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 114.588825][ T5949] BTRFS info (device loop0): balance: start -d -m [ 114.609667][ T5949] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 114.635434][ T5966] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 114.645763][ T5966] BTRFS error (device loop0): dumping block entry [5373952 4096], num_refs 0, metadata 1, from disk 0 [ 114.656800][ T5966] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [ 114.665547][ T5966] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 114.676922][ T5966] __btrfs_cow_block+0x465/0x1a90 [ 114.682165][ T5966] btrfs_cow_block+0x35e/0xa10 [ 114.687197][ T5966] btrfs_search_slot+0xbf9/0x2f80 [ 114.692436][ T5966] btrfs_insert_empty_items+0x9c/0x180 [ 114.698235][ T5966] insert_with_overflow+0x150/0x3f0 [ 114.703684][ T5966] btrfs_insert_dir_item+0x243/0x630 [ 114.709263][ T5966] btrfs_add_link+0x270/0xc50 [ 114.714161][ T5966] btrfs_create_new_inode+0x1b3d/0x2710 [ 114.719958][ T5966] btrfs_create_common+0x1f9/0x300 [ 114.725340][ T5966] path_openat+0x13e7/0x3180 [ 114.730143][ T5966] do_filp_open+0x234/0x490 [pid 5966] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 114.734960][ T5966] do_sys_openat2+0x13e/0x1d0 [ 114.740084][ T5966] __x64_sys_creat+0x123/0x160 [ 114.745103][ T5966] do_syscall_64+0x41/0xc0 [ 114.749736][ T5966] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 114.755924][ T5966] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 114.768926][ T5966] __btrfs_cow_block+0xcca/0x1a90 [ 114.774162][ T5966] btrfs_cow_block+0x35e/0xa10 [ 114.779210][ T5966] btrfs_search_slot+0xbf9/0x2f80 [ 114.784533][ T5966] btrfs_lookup_inode+0xdc/0x480 [ 114.789670][ T5966] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 114.795790][ T5966] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 114.802578][ T5966] __btrfs_run_delayed_items+0x213/0x490 [ 114.808438][ T5966] btrfs_commit_transaction+0x8a4/0x3730 [ 114.814275][ T5966] create_snapshot+0x4a5/0x7e0 [ 114.819306][ T5966] btrfs_mksubvol+0x5d0/0x750 [ 114.824203][ T5966] btrfs_mksnapshot+0xb5/0xf0 [ 114.829149][ T5966] __btrfs_ioctl_snap_create+0x344/0x460 [pid 5948] exit_group(0) = ? [ 114.835074][ T5966] btrfs_ioctl_snap_create+0x13c/0x190 [ 114.841113][ T5966] btrfs_ioctl+0xbbf/0xd40 [ 114.845767][ T5966] __se_sys_ioctl+0xf8/0x170 [ 114.850567][ T5966] do_syscall_64+0x41/0xc0 [ 114.855226][ T5966] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 5246976, owner 0, offset 0, num_refs 1 [ 114.867095][ T5966] __btrfs_mod_ref+0x9b1/0xe20 [ 114.872064][ T5966] btrfs_copy_root+0x851/0xce0 [ 114.877086][ T5966] create_reloc_root+0x244/0x9a0 [ 114.882244][ T5966] btrfs_init_reloc_root+0x329/0x4e0 [ 114.887800][ T5966] record_root_in_trans+0x2c9/0x360 [ 114.893211][ T5966] qgroup_account_snapshot+0xa9/0x340 [ 114.898843][ T5966] create_pending_snapshot+0x1050/0x28b0 [ 114.904736][ T5966] create_pending_snapshots+0x195/0x1d0 [ 114.910503][ T5966] btrfs_commit_transaction+0xf1c/0x3730 [ 114.916387][ T5966] create_snapshot+0x4a5/0x7e0 [ 114.921376][ T5966] btrfs_mksubvol+0x5d0/0x750 [ 114.926327][ T5966] btrfs_mksnapshot+0xb5/0xf0 [ 114.931229][ T5966] __btrfs_ioctl_snap_create+0x344/0x460 [pid 5966] <... ioctl resumed>) = ? [pid 5966] +++ exited with 0 +++ [ 114.937157][ T5966] btrfs_ioctl_snap_create+0x13c/0x190 [ 114.942825][ T5966] btrfs_ioctl+0xbbf/0xd40 [ 114.947485][ T5966] __se_sys_ioctl+0xf8/0x170 [pid 5949] <... ioctl resumed> ) = ? [pid 5949] +++ exited with 0 +++ [pid 5948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=68 /* 0.68 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 114.991058][ T5949] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 115.018102][ T5949] BTRFS info (device loop0): balance: canceled umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5967 attached , child_tidptr=0x5555560fc750) = 5967 [pid 5967] set_robust_list(0x5555560fc760, 24) = 0 [pid 5967] chdir("./49") = 0 [pid 5967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5967] setpgid(0, 0) = 0 [pid 5967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5967] write(3, "1000", 4) = 4 [pid 5967] close(3) = 0 [pid 5967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5967] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5967] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5967] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5968 attached [pid 5968] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5967] <... clone3 resumed> => {parent_tid=[5968]}, 88) = 5968 [pid 5968] <... rseq resumed>) = 0 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5968] set_robust_list(0x7f29736fa9a0, 24 [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5968] <... set_robust_list resumed>) = 0 [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] <... futex resumed>) = 0 [pid 5968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5968] memfd_create("syzkaller", 0) = 3 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5968] munmap(0x7f296b2da000, 138412032) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5968] close(3) = 0 [pid 5968] mkdir("./bus", 0777) = 0 [ 115.428942][ T5968] loop0: detected capacity change from 0 to 32768 [ 115.439098][ T5968] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5968) [ 115.455954][ T5968] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 115.464831][ T5968] BTRFS info (device loop0): doing ref verification [ 115.471452][ T5968] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 115.482388][ T5968] BTRFS info (device loop0): force zlib compression, level 3 [ 115.490108][ T5968] BTRFS info (device loop0): allowing degraded mounts [ 115.496972][ T5968] BTRFS info (device loop0): using free space tree [pid 5968] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5968] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5968] chdir("./bus") = 0 [pid 5968] ioctl(4, LOOP_CLR_FD) = 0 [pid 5968] close(4) = 0 [pid 5968] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5968] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] open("./file0", O_RDONLY [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... open resumed>) = 4 [pid 5968] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... futex resumed>) = 1 [pid 5968] creat("./file1", 000) = 5 [pid 5968] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] open("./file0", O_RDONLY [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... open resumed>) = 6 [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... ioctl resumed>) = 0 [pid 5968] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5968] creat("./bus", 012 [ 115.520463][ T5968] BTRFS info (device loop0): auto enabling async discard [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... creat resumed>) = 7 [pid 5968] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... futex resumed>) = 1 [pid 5968] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 5968] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] open("./file0", O_RDONLY [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... open resumed>) = 9 [pid 5968] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5968] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5968] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5968] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5967] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5967] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5967] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[5985]}, 88) = 5985 ./strace-static-x86_64: Process 5985 attached [pid 5985] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 5985] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5985] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 115.593302][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 115.619478][ T5968] BTRFS info (device loop0): balance: start -d -m [ 115.628604][ T5968] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5967] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5985] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 5985] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5985] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5967] <... futex resumed>) = 0 [ 115.682879][ T5968] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 115.705851][ T5985] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 115.716406][ T5985] BTRFS error (device loop0): dumping block entry [5398528 4096], num_refs 0, metadata 1, from disk 0 [pid 5967] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 115.727492][ T5985] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [ 115.736252][ T5985] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 115.747640][ T5985] __btrfs_cow_block+0x465/0x1a90 [ 115.753167][ T5985] btrfs_cow_block+0x35e/0xa10 [ 115.758196][ T5985] btrfs_search_slot+0xbf9/0x2f80 [ 115.763464][ T5985] btrfs_insert_empty_items+0x9c/0x180 [ 115.769255][ T5985] insert_with_overflow+0x150/0x3f0 [ 115.774698][ T5985] btrfs_insert_dir_item+0x243/0x630 [ 115.780296][ T5985] btrfs_add_link+0x270/0xc50 [ 115.785270][ T5985] btrfs_create_new_inode+0x1b3d/0x2710 [ 115.791030][ T5985] btrfs_create_common+0x1f9/0x300 [ 115.796470][ T5985] path_openat+0x13e7/0x3180 [ 115.801286][ T5985] do_filp_open+0x234/0x490 [ 115.806069][ T5985] do_sys_openat2+0x13e/0x1d0 [ 115.810963][ T5985] __x64_sys_creat+0x123/0x160 [ 115.815982][ T5985] do_syscall_64+0x41/0xc0 [ 115.820599][ T5985] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 115.826769][ T5985] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 115.839796][ T5985] __btrfs_cow_block+0xcca/0x1a90 [ 115.845100][ T5985] btrfs_cow_block+0x35e/0xa10 [ 115.850072][ T5985] btrfs_search_slot+0xbf9/0x2f80 [ 115.855358][ T5985] btrfs_lookup_inode+0xdc/0x480 [ 115.860529][ T5985] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 115.866690][ T5985] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 115.873495][ T5985] __btrfs_run_delayed_items+0x213/0x490 [pid 5967] exit_group(0) = ? [ 115.879410][ T5985] btrfs_commit_transaction+0x8a4/0x3730 [ 115.885281][ T5985] create_snapshot+0x4a5/0x7e0 [ 115.890242][ T5985] btrfs_mksubvol+0x5d0/0x750 [ 115.895185][ T5985] btrfs_mksnapshot+0xb5/0xf0 [ 115.900077][ T5985] __btrfs_ioctl_snap_create+0x344/0x460 [ 115.905969][ T5985] btrfs_ioctl_snap_create+0x13c/0x190 [ 115.911638][ T5985] btrfs_ioctl+0xbbf/0xd40 [ 115.916715][ T5985] __se_sys_ioctl+0xf8/0x170 [ 115.921531][ T5985] do_syscall_64+0x41/0xc0 [ 115.926187][ T5985] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [ 115.938051][ T5985] __btrfs_mod_ref+0x9b1/0xe20 [ 115.943036][ T5985] btrfs_copy_root+0x851/0xce0 [ 115.948065][ T5985] create_reloc_root+0x244/0x9a0 [ 115.953223][ T5985] btrfs_init_reloc_root+0x329/0x4e0 [ 115.958780][ T5985] record_root_in_trans+0x2c9/0x360 [ 115.964196][ T5985] qgroup_account_snapshot+0xa9/0x340 [ 115.969842][ T5985] create_pending_snapshot+0x1050/0x28b0 [ 115.975751][ T5985] create_pending_snapshots+0x195/0x1d0 [pid 5985] <... ioctl resumed>) = ? [pid 5985] +++ exited with 0 +++ [ 115.981505][ T5985] btrfs_commit_transaction+0xf1c/0x3730 [ 115.987379][ T5985] create_snapshot+0x4a5/0x7e0 [ 115.992366][ T5985] btrfs_mksubvol+0x5d0/0x750 [ 115.997307][ T5985] btrfs_mksnapshot+0xb5/0xf0 [ 116.002206][ T5985] __btrfs_ioctl_snap_create+0x344/0x460 [ 116.008139][ T5985] btrfs_ioctl_snap_create+0x13c/0x190 [ 116.013806][ T5985] btrfs_ioctl+0xbbf/0xd40 [ 116.018489][ T5985] __se_sys_ioctl+0xf8/0x170 [pid 5968] <... ioctl resumed> ) = ? [pid 5968] +++ exited with 0 +++ [pid 5967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5967, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=72 /* 0.72 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 116.053727][ T5968] BTRFS info (device loop0): balance: canceled umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5986 attached , child_tidptr=0x5555560fc750) = 5986 [pid 5986] set_robust_list(0x5555560fc760, 24) = 0 [pid 5986] chdir("./50") = 0 [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5986] setpgid(0, 0) = 0 [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5986] write(3, "1000", 4) = 4 [pid 5986] close(3) = 0 [pid 5986] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5986] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 5986] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 5986] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5986] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 5987 attached => {parent_tid=[5987]}, 88) = 5987 [pid 5987] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 5986] rt_sigprocmask(SIG_SETMASK, [], [pid 5987] <... rseq resumed>) = 0 [pid 5986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5987] set_robust_list(0x7f29736fa9a0, 24 [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... set_robust_list resumed>) = 0 [pid 5987] rt_sigprocmask(SIG_SETMASK, [], [pid 5986] <... futex resumed>) = 0 [pid 5987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5987] memfd_create("syzkaller", 0) = 3 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 5987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5987] munmap(0x7f296b2da000, 138412032) = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5987] close(3) = 0 [pid 5987] mkdir("./bus", 0777) = 0 [ 116.462157][ T5987] loop0: detected capacity change from 0 to 32768 [ 116.473239][ T5987] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (5987) [ 116.490976][ T5987] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 116.499782][ T5987] BTRFS info (device loop0): doing ref verification [ 116.506588][ T5987] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 116.517673][ T5987] BTRFS info (device loop0): force zlib compression, level 3 [ 116.525161][ T5987] BTRFS info (device loop0): allowing degraded mounts [ 116.532132][ T5987] BTRFS info (device loop0): using free space tree [pid 5987] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 5987] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5987] chdir("./bus") = 0 [pid 5987] ioctl(4, LOOP_CLR_FD) = 0 [pid 5987] close(4) = 0 [pid 5987] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5987] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5986] <... futex resumed>) = 0 [pid 5987] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5987] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5987] open("./file0", O_RDONLY [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] <... open resumed>) = 4 [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... futex resumed>) = 1 [pid 5987] creat("./file1", 000) = 5 [pid 5987] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... futex resumed>) = 1 [pid 5987] open("./file0", O_RDONLY) = 6 [pid 5987] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] <... futex resumed>) = 1 [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 5987] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... futex resumed>) = 1 [pid 5987] creat("./bus", 012) = 7 [ 116.556219][ T5987] BTRFS info (device loop0): auto enabling async discard [pid 5987] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 5987] <... futex resumed>) = 1 [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5986] <... futex resumed>) = 0 [pid 5987] <... openat resumed>) = 8 [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5986] <... futex resumed>) = 1 [pid 5987] open("./file0", O_RDONLY [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... open resumed>) = 9 [pid 5987] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5987] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... ioctl resumed>) = 0 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] <... futex resumed>) = 0 [pid 5987] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5986] <... futex resumed>) = 0 [pid 5987] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5986] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5986] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 5986] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5986] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6004]}, 88) = 6004 [pid 5986] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6004 attached NULL, 8) = 0 [pid 6004] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6004] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 5986] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 5986] <... futex resumed>) = 0 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5986] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6004] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6004] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = 0 [pid 6004] <... futex resumed>) = 1 [pid 5986] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 5986] <... futex resumed>) = 0 [ 116.629650][ T5987] BTRFS info (device loop0): balance: start -d -m [ 116.637957][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 116.651934][ T5987] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5986] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5986] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6004] <... ioctl resumed>) = 0 [pid 6004] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 116.777571][ T5987] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 116.843073][ T5987] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6004] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] exit_group(0 [pid 6004] <... futex resumed>) = ? [pid 6004] +++ exited with 0 +++ [pid 5986] <... exit_group resumed>) = ? [pid 5987] <... ioctl resumed> ) = ? [pid 5987] +++ exited with 0 +++ [pid 5986] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5986, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 116.890767][ T5987] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 116.925890][ T5987] BTRFS info (device loop0): balance: ended with status: 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6005 ./strace-static-x86_64: Process 6005 attached [pid 6005] set_robust_list(0x5555560fc760, 24) = 0 [pid 6005] chdir("./51") = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6005] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6005] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6005] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6005] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6005] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6006 attached => {parent_tid=[6006]}, 88) = 6006 [pid 6006] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] <... rseq resumed>) = 0 [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6006] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6006] memfd_create("syzkaller", 0) = 3 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6006] munmap(0x7f296b2da000, 138412032) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6006] close(3) = 0 [pid 6006] mkdir("./bus", 0777) = 0 [ 117.331173][ T6006] loop0: detected capacity change from 0 to 32768 [ 117.342518][ T6006] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6006) [ 117.361891][ T6006] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 117.370762][ T6006] BTRFS info (device loop0): doing ref verification [ 117.377454][ T6006] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 117.388827][ T6006] BTRFS info (device loop0): force zlib compression, level 3 [ 117.396633][ T6006] BTRFS info (device loop0): allowing degraded mounts [ 117.403436][ T6006] BTRFS info (device loop0): using free space tree [pid 6006] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6006] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6006] chdir("./bus") = 0 [pid 6006] ioctl(4, LOOP_CLR_FD) = 0 [pid 6006] close(4) = 0 [pid 6006] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6006] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 1 [pid 6006] open("./file0", O_RDONLY [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... open resumed>) = 4 [pid 6006] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6006] <... futex resumed>) = 1 [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] creat("./file1", 000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... creat resumed>) = 5 [ 117.428004][ T6006] BTRFS info (device loop0): auto enabling async discard [pid 6006] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6006] <... futex resumed>) = 1 [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] open("./file0", O_RDONLY [pid 6005] <... futex resumed>) = 0 [pid 6006] <... open resumed>) = 6 [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6005] <... futex resumed>) = 0 [pid 6006] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... ioctl resumed>) = 0 [pid 6006] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6006] <... futex resumed>) = 1 [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] creat("./bus", 012 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... creat resumed>) = 7 [pid 6006] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6006] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] <... openat resumed>) = 8 [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6006] <... futex resumed>) = 0 [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] open("./file0", O_RDONLY [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... open resumed>) = 9 [pid 6006] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6006] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6005] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6005] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6005] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6005] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6023]}, 88) = 6023 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6005] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6023 attached [pid 6005] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6023] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6023] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6023] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6005] <... futex resumed>) = 0 [ 117.544262][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 117.558449][ T6006] BTRFS info (device loop0): balance: start -d -m [ 117.568912][ T6006] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6005] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6023] <... ioctl resumed>) = 0 [pid 6023] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 117.682486][ T6006] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 117.747776][ T6006] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6023] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] exit_group(0 [pid 6023] <... futex resumed>) = ? [pid 6005] <... exit_group resumed>) = ? [pid 6023] +++ exited with 0 +++ [pid 6006] <... ioctl resumed> ) = ? [pid 6006] +++ exited with 0 +++ [pid 6005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=55 /* 0.55 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 117.793775][ T6006] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 117.830034][ T6006] BTRFS info (device loop0): balance: ended with status: 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6024 ./strace-static-x86_64: Process 6024 attached [pid 6024] set_robust_list(0x5555560fc760, 24) = 0 [pid 6024] chdir("./52") = 0 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6024] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6024] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6025 attached [pid 6025] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6024] <... clone3 resumed> => {parent_tid=[6025]}, 88) = 6025 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], [pid 6025] <... rseq resumed>) = 0 [pid 6024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6025] set_robust_list(0x7f29736fa9a0, 24 [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... set_robust_list resumed>) = 0 [pid 6025] rt_sigprocmask(SIG_SETMASK, [], [pid 6024] <... futex resumed>) = 0 [pid 6025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6025] memfd_create("syzkaller", 0 [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6025] <... memfd_create resumed>) = 3 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6025] munmap(0x7f296b2da000, 138412032) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6025] close(3) = 0 [pid 6025] mkdir("./bus", 0777) = 0 [ 118.226738][ T6025] loop0: detected capacity change from 0 to 32768 [ 118.237341][ T6025] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6025) [ 118.256186][ T6025] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 118.265008][ T6025] BTRFS info (device loop0): doing ref verification [ 118.271619][ T6025] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 118.282551][ T6025] BTRFS info (device loop0): force zlib compression, level 3 [ 118.289985][ T6025] BTRFS info (device loop0): allowing degraded mounts [ 118.296852][ T6025] BTRFS info (device loop0): using free space tree [ 118.320283][ T6025] BTRFS info (device loop0): auto enabling async discard [pid 6025] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6025] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6025] chdir("./bus") = 0 [pid 6025] ioctl(4, LOOP_CLR_FD) = 0 [pid 6025] close(4) = 0 [pid 6025] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = 0 [pid 6024] <... futex resumed>) = 1 [pid 6025] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6025] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] <... futex resumed>) = 0 [pid 6025] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] open("./file0", O_RDONLY) = 4 [pid 6025] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] creat("./file1", 000 [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... creat resumed>) = 5 [pid 6025] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] open("./file0", O_RDONLY [pid 6024] <... futex resumed>) = 0 [pid 6025] <... open resumed>) = 6 [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6025] <... futex resumed>) = 0 [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... ioctl resumed>) = 0 [pid 6025] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6025] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6025] creat("./bus", 012 [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... creat resumed>) = 7 [pid 6025] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6025] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6024] <... futex resumed>) = 0 [pid 6025] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... openat resumed>) = 8 [pid 6025] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6025] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6024] <... futex resumed>) = 0 [pid 6025] open("./file0", O_RDONLY [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... open resumed>) = 9 [pid 6025] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6025] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6024] <... futex resumed>) = 0 [pid 6025] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6025] <... ioctl resumed>) = 0 [pid 6025] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] <... futex resumed>) = 0 [pid 6025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6024] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6025] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 118.406358][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 6024] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6024] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6024] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6042]}, 88) = 6042 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6024] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6042 attached [pid 6042] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6042] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6042] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6042] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 118.459945][ T6025] BTRFS info (device loop0): balance: start -d -m [ 118.472138][ T6025] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6042] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 6042] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [ 118.577420][ T6025] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 118.637945][ T6025] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6042] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] exit_group(0 [pid 6042] <... futex resumed>) = ? [pid 6024] <... exit_group resumed>) = ? [pid 6042] +++ exited with 0 +++ [pid 6025] <... ioctl resumed> ) = ? [pid 6025] +++ exited with 0 +++ [pid 6024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=54 /* 0.54 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 118.690084][ T6025] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 118.726670][ T6025] BTRFS info (device loop0): balance: ended with status: 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6043 ./strace-static-x86_64: Process 6043 attached [pid 6043] set_robust_list(0x5555560fc760, 24) = 0 [pid 6043] chdir("./53") = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6043] setpgid(0, 0) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6043] write(3, "1000", 4) = 4 [pid 6043] close(3) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6043] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6043] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6044]}, 88) = 6044 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6044 attached NULL, 8) = 0 [pid 6044] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... rseq resumed>) = 0 [pid 6044] set_robust_list(0x7f29736fa9a0, 24 [pid 6043] <... futex resumed>) = 0 [pid 6044] <... set_robust_list resumed>) = 0 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6044] memfd_create("syzkaller", 0) = 3 [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6044] munmap(0x7f296b2da000, 138412032) = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6044] close(3) = 0 [pid 6044] mkdir("./bus", 0777) = 0 [ 119.141306][ T6044] loop0: detected capacity change from 0 to 32768 [ 119.151773][ T6044] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6044) [ 119.170038][ T6044] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 119.179074][ T6044] BTRFS info (device loop0): doing ref verification [pid 6044] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6044] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6044] chdir("./bus") = 0 [pid 6044] ioctl(4, LOOP_CLR_FD) = 0 [pid 6044] close(4) = 0 [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6044] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6043] <... futex resumed>) = 0 [pid 6044] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6044] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6043] <... futex resumed>) = 0 [pid 6044] open("./file0", O_RDONLY [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... open resumed>) = 4 [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6044] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6043] <... futex resumed>) = 0 [pid 6044] creat("./file1", 000 [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... creat resumed>) = 5 [ 119.185856][ T6044] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 119.196727][ T6044] BTRFS info (device loop0): force zlib compression, level 3 [ 119.204111][ T6044] BTRFS info (device loop0): allowing degraded mounts [ 119.211088][ T6044] BTRFS info (device loop0): using free space tree [ 119.234481][ T6044] BTRFS info (device loop0): auto enabling async discard [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6044] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6043] <... futex resumed>) = 0 [pid 6044] open("./file0", O_RDONLY [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... open resumed>) = 6 [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6043] <... futex resumed>) = 0 [pid 6044] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6043] <... futex resumed>) = 0 [pid 6044] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... ioctl resumed>) = 0 [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... futex resumed>) = 1 [pid 6044] creat("./bus", 012) = 7 [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... futex resumed>) = 1 [pid 6044] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... futex resumed>) = 1 [pid 6044] open("./file0", O_RDONLY) = 9 [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... futex resumed>) = 1 [pid 6044] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6044] <... futex resumed>) = 1 [pid 6044] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6043] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6043] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6043] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6043] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6061 attached [pid 6061] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6043] <... clone3 resumed> => {parent_tid=[6061]}, 88) = 6061 [pid 6061] <... rseq resumed>) = 0 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], [pid 6061] set_robust_list(0x7f29736d99a0, 24 [pid 6043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6043] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... set_robust_list resumed>) = 0 [pid 6061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6061] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6061] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] <... futex resumed>) = 0 [pid 6043] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6043] <... futex resumed>) = 1 [pid 6061] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 119.324547][ T6044] BTRFS info (device loop0): balance: start -d -m [ 119.325759][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 119.345953][ T6044] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6043] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6061] <... ioctl resumed>) = 0 [pid 6061] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 119.452102][ T6044] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 119.525801][ T6044] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6061] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6044] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] exit_group(0 [pid 6061] <... futex resumed>) = ? [pid 6061] +++ exited with 0 +++ [pid 6044] <... futex resumed>) = ? [pid 6043] <... exit_group resumed>) = ? [pid 6044] +++ exited with 0 +++ [pid 6043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=50 /* 0.50 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 119.575020][ T6044] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 119.610163][ T6044] BTRFS info (device loop0): balance: ended with status: 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6062 ./strace-static-x86_64: Process 6062 attached [pid 6062] set_robust_list(0x5555560fc760, 24) = 0 [pid 6062] chdir("./54") = 0 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6062] setpgid(0, 0) = 0 [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6062] write(3, "1000", 4) = 4 [pid 6062] close(3) = 0 [pid 6062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6062] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6062] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6063 attached => {parent_tid=[6063]}, 88) = 6063 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6063] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6063] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6063] memfd_create("syzkaller", 0) = 3 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6063] munmap(0x7f296b2da000, 138412032) = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6063] close(3) = 0 [pid 6063] mkdir("./bus", 0777) = 0 [ 120.044000][ T6063] loop0: detected capacity change from 0 to 32768 [ 120.054249][ T6063] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6063) [ 120.071623][ T6063] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 120.080473][ T6063] BTRFS info (device loop0): doing ref verification [ 120.087198][ T6063] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 120.098053][ T6063] BTRFS info (device loop0): force zlib compression, level 3 [ 120.105525][ T6063] BTRFS info (device loop0): allowing degraded mounts [ 120.112316][ T6063] BTRFS info (device loop0): using free space tree [pid 6063] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6063] chdir("./bus") = 0 [pid 6063] ioctl(4, LOOP_CLR_FD) = 0 [pid 6063] close(4) = 0 [pid 6063] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6063] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6062] <... futex resumed>) = 0 [pid 6063] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6063] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... futex resumed>) = 0 [pid 6063] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6063] open("./file0", O_RDONLY [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... open resumed>) = 4 [pid 6063] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6063] creat("./file1", 000 [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... creat resumed>) = 5 [pid 6063] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] open("./file0", O_RDONLY) = 6 [pid 6063] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 120.135828][ T6063] BTRFS info (device loop0): auto enabling async discard [pid 6063] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... ioctl resumed>) = 0 [pid 6063] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] <... futex resumed>) = 0 [pid 6063] creat("./bus", 012 [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... creat resumed>) = 7 [pid 6063] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] <... futex resumed>) = 0 [pid 6063] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... openat resumed>) = 8 [pid 6063] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] open("./file0", O_RDONLY [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... open resumed>) = 9 [pid 6063] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... ioctl resumed>) = 0 [pid 6063] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6063] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6062] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6062] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6062] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6080 attached [pid 6080] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6080] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6080] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] <... clone3 resumed> => {parent_tid=[6080]}, 88) = 6080 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6062] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6062] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [ 120.252481][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 120.277309][ T6063] BTRFS info (device loop0): balance: start -d -m [ 120.289344][ T6063] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6080] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6080] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6062] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] <... ioctl resumed>) = 0 [pid 6080] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6080] <... futex resumed>) = 1 [ 120.366221][ T6063] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 120.430801][ T6063] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6080] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] exit_group(0) = ? [pid 6080] <... futex resumed>) = ? [pid 6080] +++ exited with 0 +++ [pid 6063] <... ioctl resumed> ) = ? [pid 6063] +++ exited with 0 +++ [pid 6062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6062, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 120.474669][ T6063] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 120.510492][ T6063] BTRFS info (device loop0): balance: ended with status: 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6081 ./strace-static-x86_64: Process 6081 attached [pid 6081] set_robust_list(0x5555560fc760, 24) = 0 [pid 6081] chdir("./55") = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0) = 0 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6081] write(3, "1000", 4) = 4 [pid 6081] close(3) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6081] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6081] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6082 attached [pid 6082] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6081] <... clone3 resumed> => {parent_tid=[6082]}, 88) = 6082 [pid 6082] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], [pid 6082] rt_sigprocmask(SIG_SETMASK, [], [pid 6081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6082] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6081] <... futex resumed>) = 0 [pid 6082] memfd_create("syzkaller", 0 [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6082] <... memfd_create resumed>) = 3 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6082] munmap(0x7f296b2da000, 138412032) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6082] close(3) = 0 [pid 6082] mkdir("./bus", 0777) = 0 [ 120.925487][ T6082] loop0: detected capacity change from 0 to 32768 [ 120.936926][ T6082] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6082) [ 120.955391][ T6082] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 120.964115][ T6082] BTRFS info (device loop0): doing ref verification [ 120.971178][ T6082] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 120.982277][ T6082] BTRFS info (device loop0): force zlib compression, level 3 [ 120.990244][ T6082] BTRFS info (device loop0): allowing degraded mounts [ 120.997275][ T6082] BTRFS info (device loop0): using free space tree [pid 6082] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6082] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6082] chdir("./bus") = 0 [pid 6082] ioctl(4, LOOP_CLR_FD) = 0 [pid 6082] close(4) = 0 [pid 6082] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6082] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6082] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6082] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] open("./file0", O_RDONLY [pid 6081] <... futex resumed>) = 0 [pid 6082] <... open resumed>) = 4 [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6082] creat("./file1", 000 [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... creat resumed>) = 5 [pid 6082] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] open("./file0", O_RDONLY) = 6 [pid 6082] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 121.020732][ T6082] BTRFS info (device loop0): auto enabling async discard [pid 6082] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = 1 [pid 6082] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... ioctl resumed>) = 0 [pid 6082] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 1 [pid 6082] creat("./bus", 012) = 7 [pid 6082] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6082] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = 1 [pid 6082] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... openat resumed>) = 8 [pid 6082] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6082] open("./file0", O_RDONLY [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... open resumed>) = 9 [pid 6081] <... futex resumed>) = 0 [pid 6082] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6082] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... ioctl resumed>) = 0 [pid 6081] <... futex resumed>) = 0 [pid 6082] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6082] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6081] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6081] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6081] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6081] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6099 attached => {parent_tid=[6099]}, 88) = 6099 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6081] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6099] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6099] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6099] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6099] <... futex resumed>) = 1 [pid 6081] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6081] <... futex resumed>) = 0 [ 121.135345][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 121.148395][ T6082] BTRFS info (device loop0): balance: start -d -m [ 121.164628][ T6082] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6081] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6081] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6099] <... ioctl resumed>) = 0 [pid 6099] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 121.260800][ T6082] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 121.323678][ T6082] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6099] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] exit_group(0) = ? [pid 6099] <... futex resumed>) = ? [pid 6099] +++ exited with 0 +++ [pid 6082] <... ioctl resumed> ) = ? [pid 6082] +++ exited with 0 +++ [pid 6081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=50 /* 0.50 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 121.369531][ T6082] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 121.405578][ T6082] BTRFS info (device loop0): balance: ended with status: 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6100 ./strace-static-x86_64: Process 6100 attached [pid 6100] set_robust_list(0x5555560fc760, 24) = 0 [pid 6100] chdir("./56") = 0 [pid 6100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6100] setpgid(0, 0) = 0 [pid 6100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6100] write(3, "1000", 4) = 4 [pid 6100] close(3) = 0 [pid 6100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6100] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6100] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6101 attached [pid 6101] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6100] <... clone3 resumed> => {parent_tid=[6101]}, 88) = 6101 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], [pid 6101] <... rseq resumed>) = 0 [pid 6100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] set_robust_list(0x7f29736fa9a0, 24 [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... set_robust_list resumed>) = 0 [pid 6100] <... futex resumed>) = 0 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] memfd_create("syzkaller", 0) = 3 [pid 6101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6101] munmap(0x7f296b2da000, 138412032) = 0 [pid 6101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6101] close(3) = 0 [pid 6101] mkdir("./bus", 0777) = 0 [ 121.812381][ T6101] loop0: detected capacity change from 0 to 32768 [ 121.822030][ T6101] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6101) [ 121.839833][ T6101] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 121.848613][ T6101] BTRFS info (device loop0): doing ref verification [ 121.855388][ T6101] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 121.866192][ T6101] BTRFS info (device loop0): force zlib compression, level 3 [ 121.873598][ T6101] BTRFS info (device loop0): allowing degraded mounts [ 121.880462][ T6101] BTRFS info (device loop0): using free space tree [pid 6101] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6101] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6101] chdir("./bus") = 0 [pid 6101] ioctl(4, LOOP_CLR_FD) = 0 [pid 6101] close(4) = 0 [pid 6101] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6101] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6100] <... futex resumed>) = 0 [pid 6101] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6101] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6101] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6100] <... futex resumed>) = 0 [pid 6101] open("./file0", O_RDONLY [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... open resumed>) = 4 [pid 6101] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6101] <... futex resumed>) = 1 [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] creat("./file1", 000 [pid 6100] <... futex resumed>) = 0 [pid 6101] <... creat resumed>) = 5 [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6101] <... futex resumed>) = 0 [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] open("./file0", O_RDONLY [pid 6100] <... futex resumed>) = 0 [pid 6101] <... open resumed>) = 6 [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6101] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6100] <... futex resumed>) = 0 [pid 6101] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... ioctl resumed>) = 0 [ 121.904657][ T6101] BTRFS info (device loop0): auto enabling async discard [pid 6101] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6101] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6100] <... futex resumed>) = 0 [pid 6101] creat("./bus", 012 [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... creat resumed>) = 7 [pid 6101] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6101] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... openat resumed>) = 8 [pid 6101] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6101] <... futex resumed>) = 0 [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6100] <... futex resumed>) = 1 [pid 6101] open("./file0", O_RDONLY [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... open resumed>) = 9 [pid 6101] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6101] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... ioctl resumed>) = 0 [pid 6100] <... futex resumed>) = 0 [pid 6101] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6100] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6100] <... futex resumed>) = 1 [pid 6101] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 121.985494][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 122.025367][ T6101] BTRFS info (device loop0): balance: start -d -m [pid 6100] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6100] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6100] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6100] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6118]}, 88) = 6118 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6100] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6118 attached [pid 6100] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6118] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6118] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6118] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] <... futex resumed>) = 0 [pid 6118] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6100] <... futex resumed>) = 0 [pid 6118] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 122.034211][ T6101] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6100] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... ioctl resumed>) = 0 [pid 6118] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6118] <... futex resumed>) = 1 [ 122.136863][ T6101] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 122.204302][ T6101] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6118] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] exit_group(0) = ? [pid 6118] <... futex resumed>) = ? [pid 6118] +++ exited with 0 +++ [pid 6101] <... ioctl resumed> ) = ? [pid 6101] +++ exited with 0 +++ [pid 6100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6100, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 122.252087][ T6101] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 122.291030][ T6101] BTRFS info (device loop0): balance: ended with status: 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6119 ./strace-static-x86_64: Process 6119 attached [pid 6119] set_robust_list(0x5555560fc760, 24) = 0 [pid 6119] chdir("./57") = 0 [pid 6119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6119] setpgid(0, 0) = 0 [pid 6119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6119] write(3, "1000", 4) = 4 [pid 6119] close(3) = 0 [pid 6119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6119] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6119] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6120]}, 88) = 6120 [pid 6119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6120 attached [pid 6120] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6120] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6120] memfd_create("syzkaller", 0) = 3 [pid 6120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6120] munmap(0x7f296b2da000, 138412032) = 0 [pid 6120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6120] close(3) = 0 [pid 6120] mkdir("./bus", 0777) = 0 [ 122.711883][ T6120] loop0: detected capacity change from 0 to 32768 [ 122.721978][ T6120] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6120) [ 122.738110][ T6120] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 122.747011][ T6120] BTRFS info (device loop0): doing ref verification [pid 6120] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6120] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6120] chdir("./bus") = 0 [pid 6120] ioctl(4, LOOP_CLR_FD) = 0 [pid 6120] close(4) = 0 [pid 6120] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... futex resumed>) = 0 [pid 6120] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6120] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] open("./file0", O_RDONLY) = 4 [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] <... futex resumed>) = 0 [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] creat("./file1", 000) = 5 [pid 6120] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] open("./file0", O_RDONLY) = 6 [pid 6120] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] <... futex resumed>) = 0 [ 122.753712][ T6120] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 122.764704][ T6120] BTRFS info (device loop0): force zlib compression, level 3 [ 122.772112][ T6120] BTRFS info (device loop0): allowing degraded mounts [ 122.778960][ T6120] BTRFS info (device loop0): using free space tree [ 122.801730][ T6120] BTRFS info (device loop0): auto enabling async discard [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6120] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] creat("./bus", 012 [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... creat resumed>) = 7 [pid 6120] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6119] <... futex resumed>) = 1 [pid 6120] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... openat resumed>) = 8 [pid 6120] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] open("./file0", O_RDONLY) = 9 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6119] <... futex resumed>) = 1 [pid 6120] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... ioctl resumed>) = 0 [pid 6120] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6120] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6119] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6119] <... futex resumed>) = 0 [ 122.880914][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 122.909067][ T6120] BTRFS info (device loop0): balance: start -d -m [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6119] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6119] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6119] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6137]}, 88) = 6137 ./strace-static-x86_64: Process 6137 attached [pid 6119] rt_sigprocmask(SIG_SETMASK, [], [pid 6137] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6137] <... rseq resumed>) = 0 [pid 6119] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] set_robust_list(0x7f29736d99a0, 24 [pid 6119] <... futex resumed>) = 0 [pid 6137] <... set_robust_list resumed>) = 0 [pid 6119] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6137] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6137] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] <... futex resumed>) = 0 [pid 6137] <... futex resumed>) = 1 [pid 6119] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 122.923051][ T6120] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6119] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6137] <... ioctl resumed>) = 0 [pid 6137] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 123.023667][ T6120] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 123.096046][ T6120] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6137] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] exit_group(0) = ? [pid 6137] <... futex resumed>) = ? [pid 6137] +++ exited with 0 +++ [pid 6120] <... ioctl resumed> ) = ? [pid 6120] +++ exited with 0 +++ [pid 6119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6119, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=46 /* 0.46 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 123.143505][ T6120] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 123.178914][ T6120] BTRFS info (device loop0): balance: ended with status: 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6138 ./strace-static-x86_64: Process 6138 attached [pid 6138] set_robust_list(0x5555560fc760, 24) = 0 [pid 6138] chdir("./58") = 0 [pid 6138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6138] setpgid(0, 0) = 0 [pid 6138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6138] write(3, "1000", 4) = 4 [pid 6138] close(3) = 0 [pid 6138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6138] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6138] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6139 attached [pid 6139] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6138] <... clone3 resumed> => {parent_tid=[6139]}, 88) = 6139 [pid 6139] <... rseq resumed>) = 0 [pid 6138] rt_sigprocmask(SIG_SETMASK, [], [pid 6139] set_robust_list(0x7f29736fa9a0, 24 [pid 6138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6139] <... set_robust_list resumed>) = 0 [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] rt_sigprocmask(SIG_SETMASK, [], [pid 6138] <... futex resumed>) = 0 [pid 6139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6139] memfd_create("syzkaller", 0) = 3 [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6139] munmap(0x7f296b2da000, 138412032) = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6139] close(3) = 0 [pid 6139] mkdir("./bus", 0777) = 0 [ 123.573998][ T6139] loop0: detected capacity change from 0 to 32768 [ 123.583766][ T6139] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6139) [ 123.600395][ T6139] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 123.609265][ T6139] BTRFS info (device loop0): doing ref verification [ 123.616142][ T6139] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 123.627109][ T6139] BTRFS info (device loop0): force zlib compression, level 3 [ 123.634582][ T6139] BTRFS info (device loop0): allowing degraded mounts [ 123.641362][ T6139] BTRFS info (device loop0): using free space tree [pid 6139] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6139] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6139] chdir("./bus") = 0 [pid 6139] ioctl(4, LOOP_CLR_FD) = 0 [pid 6139] close(4) = 0 [pid 6139] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] open("./file0", O_RDONLY) = 4 [pid 6139] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6139] creat("./file1", 000 [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... creat resumed>) = 5 [pid 6139] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6138] <... futex resumed>) = 0 [pid 6139] open("./file0", O_RDONLY [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... open resumed>) = 6 [pid 6139] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... ioctl resumed>) = 0 [pid 6139] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6139] creat("./bus", 012 [ 123.664556][ T6139] BTRFS info (device loop0): auto enabling async discard [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... creat resumed>) = 7 [pid 6139] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [pid 6139] <... futex resumed>) = 1 [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6139] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... openat resumed>) = 8 [pid 6139] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6139] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] open("./file0", O_RDONLY) = 9 [pid 6139] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6139] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [pid 6139] <... futex resumed>) = 1 [pid 6138] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6138] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6138] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6156 attached [pid 6156] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6138] <... clone3 resumed> => {parent_tid=[6156]}, 88) = 6156 [pid 6156] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], [pid 6138] rt_sigprocmask(SIG_SETMASK, [], [pid 6156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6156] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6138] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 0 [pid 6138] <... futex resumed>) = 1 [pid 6156] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [ 123.737987][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 123.768215][ T6139] BTRFS info (device loop0): balance: start -d -m [ 123.777233][ T6139] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6138] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] <... openat resumed>) = 10 [pid 6156] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = 0 [pid 6138] <... futex resumed>) = 1 [pid 6156] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6138] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6156] <... ioctl resumed>) = 0 [pid 6156] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 123.876439][ T6139] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 123.952071][ T6139] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6156] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] exit_group(0 [pid 6156] <... futex resumed>) = ? [pid 6138] <... exit_group resumed>) = ? [pid 6156] +++ exited with 0 +++ [pid 6139] <... ioctl resumed> ) = ? [pid 6139] +++ exited with 0 +++ [pid 6138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6138, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=52 /* 0.52 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 123.999396][ T6139] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 124.036716][ T6139] BTRFS info (device loop0): balance: ended with status: 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6157 ./strace-static-x86_64: Process 6157 attached [pid 6157] set_robust_list(0x5555560fc760, 24) = 0 [pid 6157] chdir("./59") = 0 [pid 6157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6157] setpgid(0, 0) = 0 [pid 6157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6157] write(3, "1000", 4) = 4 [pid 6157] close(3) = 0 [pid 6157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6157] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6158]}, 88) = 6158 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6158 attached [pid 6158] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6158] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6158] memfd_create("syzkaller", 0) = 3 [pid 6158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6158] munmap(0x7f296b2da000, 138412032) = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6158] close(3) = 0 [pid 6158] mkdir("./bus", 0777) = 0 [ 124.437416][ T6158] loop0: detected capacity change from 0 to 32768 [ 124.448484][ T6158] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6158) [ 124.464593][ T6158] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 124.473624][ T6158] BTRFS info (device loop0): doing ref verification [ 124.480669][ T6158] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 124.491519][ T6158] BTRFS info (device loop0): force zlib compression, level 3 [ 124.499153][ T6158] BTRFS info (device loop0): allowing degraded mounts [ 124.505974][ T6158] BTRFS info (device loop0): using free space tree [pid 6158] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6158] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6158] chdir("./bus") = 0 [pid 6158] ioctl(4, LOOP_CLR_FD) = 0 [pid 6158] close(4) = 0 [pid 6158] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6157] <... futex resumed>) = 0 [pid 6158] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6158] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6158] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = 0 [pid 6158] open("./file0", O_RDONLY) = 4 [pid 6158] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] <... futex resumed>) = 1 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 6158] creat("./file1", 000 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... creat resumed>) = 5 [pid 6158] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... futex resumed>) = 1 [pid 6158] open("./file0", O_RDONLY) = 6 [pid 6158] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... futex resumed>) = 1 [pid 6158] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6158] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6158] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 6158] creat("./bus", 012) = 7 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... futex resumed>) = 1 [pid 6158] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6158] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... futex resumed>) = 1 [ 124.529232][ T6158] BTRFS info (device loop0): auto enabling async discard [pid 6158] open("./file0", O_RDONLY) = 9 [pid 6158] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] <... futex resumed>) = 1 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6158] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... futex resumed>) = 1 [pid 6158] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6157] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6157] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6157] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6157] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6175 attached [pid 6175] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6157] <... clone3 resumed> => {parent_tid=[6175]}, 88) = 6175 [pid 6175] <... rseq resumed>) = 0 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], [pid 6175] set_robust_list(0x7f29736d99a0, 24 [pid 6157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6157] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... set_robust_list resumed>) = 0 [pid 6175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6175] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... openat resumed>) = 10 [pid 6175] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6175] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 6175] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 124.619188][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 124.632968][ T6158] BTRFS info (device loop0): balance: start -d -m [ 124.655109][ T6158] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6157] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6175] <... ioctl resumed>) = 0 [pid 6175] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 124.763601][ T6158] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 124.828728][ T6158] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6175] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] exit_group(0) = ? [pid 6175] <... futex resumed>) = ? [pid 6175] +++ exited with 0 +++ [pid 6158] <... ioctl resumed> ) = ? [pid 6158] +++ exited with 0 +++ [pid 6157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6157, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 124.875968][ T6158] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 124.912010][ T6158] BTRFS info (device loop0): balance: ended with status: 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6176 ./strace-static-x86_64: Process 6176 attached [pid 6176] set_robust_list(0x5555560fc760, 24) = 0 [pid 6176] chdir("./60") = 0 [pid 6176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6176] setpgid(0, 0) = 0 [pid 6176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6176] write(3, "1000", 4) = 4 [pid 6176] close(3) = 0 [pid 6176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6176] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6177]}, 88) = 6177 [pid 6176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6177 attached [pid 6177] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6177] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6177] memfd_create("syzkaller", 0) = 3 [pid 6177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6177] munmap(0x7f296b2da000, 138412032) = 0 [pid 6177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6177] close(3) = 0 [pid 6177] mkdir("./bus", 0777) = 0 [ 125.320916][ T6177] loop0: detected capacity change from 0 to 32768 [ 125.331002][ T6177] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6177) [ 125.348234][ T6177] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 125.357184][ T6177] BTRFS info (device loop0): doing ref verification [ 125.363846][ T6177] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 125.374707][ T6177] BTRFS info (device loop0): force zlib compression, level 3 [ 125.382109][ T6177] BTRFS info (device loop0): allowing degraded mounts [ 125.388983][ T6177] BTRFS info (device loop0): using free space tree [pid 6177] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6177] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6177] chdir("./bus") = 0 [pid 6177] ioctl(4, LOOP_CLR_FD) = 0 [pid 6177] close(4) = 0 [pid 6177] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6176] <... futex resumed>) = 0 [pid 6177] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6176] <... futex resumed>) = 0 [pid 6177] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 0 [pid 6176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6177] open("./file0", O_RDONLY [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] <... open resumed>) = 4 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [pid 6177] creat("./file1", 000) = 5 [pid 6177] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 1 [pid 6177] open("./file0", O_RDONLY [pid 6176] <... futex resumed>) = 0 [pid 6177] <... open resumed>) = 6 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6177] <... futex resumed>) = 1 [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... ioctl resumed>) = 0 [ 125.413225][ T6177] BTRFS info (device loop0): auto enabling async discard [pid 6177] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6177] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6176] <... futex resumed>) = 1 [pid 6177] creat("./bus", 012 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... creat resumed>) = 7 [pid 6177] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [pid 6177] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6177] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [pid 6177] open("./file0", O_RDONLY) = 9 [pid 6177] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6176] <... futex resumed>) = 0 [pid 6177] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6177] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6177] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [pid 6177] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6176] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6176] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6176] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6194]}, 88) = 6194 ./strace-static-x86_64: Process 6194 attached [pid 6176] rt_sigprocmask(SIG_SETMASK, [], [pid 6194] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6194] <... rseq resumed>) = 0 [pid 6176] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6194] set_robust_list(0x7f29736d99a0, 24 [pid 6176] <... futex resumed>) = 0 [pid 6194] <... set_robust_list resumed>) = 0 [pid 6176] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6194] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6194] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6176] <... futex resumed>) = 0 [pid 6194] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6176] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6176] <... futex resumed>) = 0 [pid 6194] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 125.490627][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 125.515826][ T6177] BTRFS info (device loop0): balance: start -d -m [ 125.525105][ T6177] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6176] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6194] <... ioctl resumed>) = 0 [pid 6194] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 125.626567][ T6177] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 125.702455][ T6177] BTRFS info (device loop0): found 8 extents, stage: move data extents [pid 6194] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6176] exit_group(0 [pid 6194] <... futex resumed>) = ? [pid 6176] <... exit_group resumed>) = ? [pid 6194] +++ exited with 0 +++ [pid 6177] <... ioctl resumed> ) = ? [pid 6177] +++ exited with 0 +++ [pid 6176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6176, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=52 /* 0.52 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 125.748611][ T6177] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 125.783003][ T6177] BTRFS info (device loop0): balance: ended with status: 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6195 attached , child_tidptr=0x5555560fc750) = 6195 [pid 6195] set_robust_list(0x5555560fc760, 24) = 0 [pid 6195] chdir("./61") = 0 [pid 6195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6195] setpgid(0, 0) = 0 [pid 6195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6195] write(3, "1000", 4) = 4 [pid 6195] close(3) = 0 [pid 6195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6195] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6195] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6196]}, 88) = 6196 [pid 6195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6196 attached [pid 6196] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6196] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6196] memfd_create("syzkaller", 0) = 3 [pid 6196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6196] munmap(0x7f296b2da000, 138412032) = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6196] close(3) = 0 [pid 6196] mkdir("./bus", 0777) = 0 [ 126.180015][ T6196] loop0: detected capacity change from 0 to 32768 [ 126.191696][ T6196] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6196) [ 126.209658][ T6196] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 126.218781][ T6196] BTRFS info (device loop0): doing ref verification [pid 6196] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6196] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6196] chdir("./bus") = 0 [pid 6196] ioctl(4, LOOP_CLR_FD) = 0 [ 126.225459][ T6196] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 126.236327][ T6196] BTRFS info (device loop0): force zlib compression, level 3 [ 126.243733][ T6196] BTRFS info (device loop0): allowing degraded mounts [ 126.250561][ T6196] BTRFS info (device loop0): using free space tree [ 126.273389][ T6196] BTRFS info (device loop0): auto enabling async discard [pid 6196] close(4) = 0 [pid 6196] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6195] <... futex resumed>) = 0 [pid 6196] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6195] <... futex resumed>) = 0 [pid 6196] open("./file0", O_RDONLY [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... open resumed>) = 4 [pid 6196] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6196] <... futex resumed>) = 1 [pid 6196] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6195] <... futex resumed>) = 0 [pid 6196] creat("./file1", 000 [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... creat resumed>) = 5 [pid 6196] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... futex resumed>) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] open("./file0", O_RDONLY) = 6 [pid 6196] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6196] <... futex resumed>) = 1 [pid 6196] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... ioctl resumed>) = 0 [pid 6196] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] creat("./bus", 012 [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... creat resumed>) = 7 [pid 6196] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6196] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... openat resumed>) = 8 [pid 6196] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] open("./file0", O_RDONLY [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... open resumed>) = 9 [pid 6195] <... futex resumed>) = 0 [pid 6196] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] <... futex resumed>) = 0 [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6196] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6195] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6195] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6195] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6195] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6213 attached [pid 6213] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6195] <... clone3 resumed> => {parent_tid=[6213]}, 88) = 6213 [pid 6213] <... rseq resumed>) = 0 [pid 6195] rt_sigprocmask(SIG_SETMASK, [], [pid 6213] set_robust_list(0x7f29736d99a0, 24 [pid 6195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6213] <... set_robust_list resumed>) = 0 [pid 6195] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] rt_sigprocmask(SIG_SETMASK, [], [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6213] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6213] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6213] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6213] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6195] <... futex resumed>) = 0 [ 126.360473][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 126.371419][ T6196] BTRFS info (device loop0): balance: start -d -m [ 126.388855][ T6196] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6195] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6213] <... ioctl resumed>) = 0 [pid 6213] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [ 126.487716][ T6196] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 126.551846][ T6196] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6213] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] exit_group(0 [pid 6213] <... futex resumed>) = ? [pid 6213] +++ exited with 0 +++ [pid 6195] <... exit_group resumed>) = ? [pid 6196] <... ioctl resumed> ) = ? [pid 6196] +++ exited with 0 +++ [pid 6195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6195, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=49 /* 0.49 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 126.596955][ T6196] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 126.630907][ T6196] BTRFS info (device loop0): balance: ended with status: 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6214 ./strace-static-x86_64: Process 6214 attached [pid 6214] set_robust_list(0x5555560fc760, 24) = 0 [pid 6214] chdir("./62") = 0 [pid 6214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6214] setpgid(0, 0) = 0 [pid 6214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6214] write(3, "1000", 4) = 4 [pid 6214] close(3) = 0 [pid 6214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6214] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6215 attached [pid 6215] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6214] <... clone3 resumed> => {parent_tid=[6215]}, 88) = 6215 [pid 6215] <... rseq resumed>) = 0 [pid 6214] rt_sigprocmask(SIG_SETMASK, [], [pid 6215] set_robust_list(0x7f29736fa9a0, 24 [pid 6214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6215] <... set_robust_list resumed>) = 0 [pid 6215] rt_sigprocmask(SIG_SETMASK, [], [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6214] <... futex resumed>) = 0 [pid 6215] memfd_create("syzkaller", 0 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6215] <... memfd_create resumed>) = 3 [pid 6215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6215] munmap(0x7f296b2da000, 138412032) = 0 [pid 6215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6215] close(3) = 0 [pid 6215] mkdir("./bus", 0777) = 0 [ 127.021925][ T6215] loop0: detected capacity change from 0 to 32768 [ 127.031724][ T6215] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6215) [ 127.048896][ T6215] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 127.057698][ T6215] BTRFS info (device loop0): doing ref verification [ 127.064314][ T6215] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 127.075205][ T6215] BTRFS info (device loop0): force zlib compression, level 3 [ 127.082604][ T6215] BTRFS info (device loop0): allowing degraded mounts [ 127.089415][ T6215] BTRFS info (device loop0): using free space tree [pid 6215] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6215] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6215] chdir("./bus") = 0 [pid 6215] ioctl(4, LOOP_CLR_FD) = 0 [pid 6215] close(4) = 0 [pid 6215] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6215] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] open("./file0", O_RDONLY [pid 6214] <... futex resumed>) = 0 [pid 6215] <... open resumed>) = 4 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6215] creat("./file1", 000 [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] <... creat resumed>) = 5 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] open("./file0", O_RDONLY) = 6 [pid 6215] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] <... ioctl resumed>) = 0 [pid 6215] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6215] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 127.113657][ T6215] BTRFS info (device loop0): auto enabling async discard [pid 6215] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] creat("./bus", 012) = 7 [pid 6215] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6215] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = 0 [pid 6214] <... futex resumed>) = 1 [pid 6215] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] <... openat resumed>) = 8 [pid 6215] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] open("./file0", O_RDONLY [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] <... open resumed>) = 9 [pid 6215] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6214] <... futex resumed>) = 0 [pid 6215] <... ioctl resumed>) = 0 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6214] <... futex resumed>) = 0 [pid 6214] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6215] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6214] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6214] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6214] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6232 attached [pid 6232] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6214] <... clone3 resumed> => {parent_tid=[6232]}, 88) = 6232 [pid 6232] <... rseq resumed>) = 0 [pid 6214] rt_sigprocmask(SIG_SETMASK, [], [pid 6232] set_robust_list(0x7f29736d99a0, 24 [pid 6214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6232] <... set_robust_list resumed>) = 0 [pid 6214] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] rt_sigprocmask(SIG_SETMASK, [], [pid 6214] <... futex resumed>) = 0 [pid 6232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6214] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6232] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6214] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6214] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 127.232242][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 127.243612][ T6215] BTRFS info (device loop0): balance: start -d -m [ 127.265207][ T6215] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6232] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 6232] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6232] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6214] <... futex resumed>) = 0 [ 127.359862][ T6215] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 127.421489][ T6215] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6214] exit_group(0) = ? [pid 6232] <... futex resumed>) = ? [pid 6232] +++ exited with 0 +++ [pid 6215] <... ioctl resumed> ) = ? [pid 6215] +++ exited with 0 +++ [pid 6214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6214, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=54 /* 0.54 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 127.468889][ T6215] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 127.506156][ T6215] BTRFS info (device loop0): balance: ended with status: 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6233 ./strace-static-x86_64: Process 6233 attached [pid 6233] set_robust_list(0x5555560fc760, 24) = 0 [pid 6233] chdir("./63") = 0 [pid 6233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6233] setpgid(0, 0) = 0 [pid 6233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6233] write(3, "1000", 4) = 4 [pid 6233] close(3) = 0 [pid 6233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6233] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6233] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6234 attached => {parent_tid=[6234]}, 88) = 6234 [pid 6234] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6234] set_robust_list(0x7f29736fa9a0, 24 [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... set_robust_list resumed>) = 0 [pid 6234] rt_sigprocmask(SIG_SETMASK, [], [pid 6233] <... futex resumed>) = 0 [pid 6234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6234] memfd_create("syzkaller", 0) = 3 [pid 6234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6234] munmap(0x7f296b2da000, 138412032) = 0 [pid 6234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6234] close(3) = 0 [pid 6234] mkdir("./bus", 0777) = 0 [ 127.909054][ T6234] loop0: detected capacity change from 0 to 32768 [ 127.919975][ T6234] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6234) [ 127.935928][ T6234] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 127.944827][ T6234] BTRFS info (device loop0): doing ref verification [pid 6234] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6234] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6234] chdir("./bus") = 0 [pid 6234] ioctl(4, LOOP_CLR_FD) = 0 [pid 6234] close(4) = 0 [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6234] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 0 [pid 6233] <... futex resumed>) = 1 [pid 6234] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6234] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6233] <... futex resumed>) = 0 [pid 6234] open("./file0", O_RDONLY [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... open resumed>) = 4 [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6234] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 0 [pid 6233] <... futex resumed>) = 1 [pid 6234] creat("./file1", 000 [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... creat resumed>) = 5 [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 127.951418][ T6234] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 127.962327][ T6234] BTRFS info (device loop0): force zlib compression, level 3 [ 127.969810][ T6234] BTRFS info (device loop0): allowing degraded mounts [ 127.976653][ T6234] BTRFS info (device loop0): using free space tree [ 127.999305][ T6234] BTRFS info (device loop0): auto enabling async discard [pid 6234] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6234] <... futex resumed>) = 0 [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] open("./file0", O_RDONLY) = 6 [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6234] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6233] <... futex resumed>) = 0 [pid 6234] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... ioctl resumed>) = 0 [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6234] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6234] creat("./bus", 012 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... creat resumed>) = 7 [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6234] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6233] <... futex resumed>) = 0 [pid 6234] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... openat resumed>) = 8 [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] open("./file0", O_RDONLY) = 9 [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... futex resumed>) = 1 [pid 6234] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6233] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6233] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6233] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6233] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6251 attached => {parent_tid=[6251]}, 88) = 6251 [pid 6251] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6233] rt_sigprocmask(SIG_SETMASK, [], [pid 6251] set_robust_list(0x7f29736d99a0, 24 [pid 6233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6251] <... set_robust_list resumed>) = 0 [pid 6233] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] rt_sigprocmask(SIG_SETMASK, [], [pid 6233] <... futex resumed>) = 0 [pid 6251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6233] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6251] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6251] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6251] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6233] <... futex resumed>) = 0 [pid 6251] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 128.106168][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 128.119279][ T6234] BTRFS info (device loop0): balance: start -d -m [ 128.130312][ T6234] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6233] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6251] <... ioctl resumed>) = 0 [pid 6251] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 128.226009][ T6234] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 128.297328][ T6234] BTRFS info (device loop0): found 8 extents, stage: move data extents [pid 6251] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6234] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6234] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6234] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] exit_group(0 [pid 6251] <... futex resumed>) = ? [pid 6233] <... exit_group resumed>) = ? [pid 6251] +++ exited with 0 +++ [pid 6234] <... futex resumed>) = ? [pid 6234] +++ exited with 0 +++ [pid 6233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6233, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=56 /* 0.56 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 128.345114][ T6234] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 128.383333][ T6234] BTRFS info (device loop0): balance: ended with status: 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6252 ./strace-static-x86_64: Process 6252 attached [pid 6252] set_robust_list(0x5555560fc760, 24) = 0 [pid 6252] chdir("./64") = 0 [pid 6252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6252] setpgid(0, 0) = 0 [pid 6252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6252] write(3, "1000", 4) = 4 [pid 6252] close(3) = 0 [pid 6252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6252] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6252] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6253]}, 88) = 6253 [pid 6252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6253 attached [pid 6253] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6253] <... rseq resumed>) = 0 [pid 6253] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6253] memfd_create("syzkaller", 0) = 3 [pid 6253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6253] munmap(0x7f296b2da000, 138412032) = 0 [pid 6253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6253] close(3) = 0 [pid 6253] mkdir("./bus", 0777) = 0 [ 128.789007][ T6253] loop0: detected capacity change from 0 to 32768 [ 128.798945][ T6253] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6253) [ 128.814885][ T6253] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 128.823624][ T6253] BTRFS info (device loop0): doing ref verification [pid 6253] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6253] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6253] chdir("./bus") = 0 [pid 6253] ioctl(4, LOOP_CLR_FD) = 0 [pid 6253] close(4) = 0 [pid 6253] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6253] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6253] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6253] <... futex resumed>) = 0 [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] open("./file0", O_RDONLY) = 4 [ 128.830303][ T6253] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 128.841242][ T6253] BTRFS info (device loop0): force zlib compression, level 3 [ 128.848723][ T6253] BTRFS info (device loop0): allowing degraded mounts [ 128.855573][ T6253] BTRFS info (device loop0): using free space tree [ 128.878834][ T6253] BTRFS info (device loop0): auto enabling async discard [pid 6253] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6253] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... futex resumed>) = 0 [pid 6252] <... futex resumed>) = 1 [pid 6253] creat("./file1", 000 [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... creat resumed>) = 5 [pid 6253] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6253] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6253] open("./file0", O_RDONLY [pid 6252] <... futex resumed>) = 0 [pid 6253] <... open resumed>) = 6 [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6253] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 6253] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... ioctl resumed>) = 0 [pid 6253] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] creat("./bus", 012 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... creat resumed>) = 7 [pid 6253] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6253] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6253] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... futex resumed>) = 0 [pid 6253] open("./file0", O_RDONLY) = 9 [pid 6253] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6253] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] <... ioctl resumed>) = 0 [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6253] <... futex resumed>) = 0 [pid 6252] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6252] <... futex resumed>) = 0 [pid 6252] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6252] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6252] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6270]}, 88) = 6270 [pid 6252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6252] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6270 attached [pid 6270] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6270] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6270] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [ 128.970981][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 128.993938][ T6253] BTRFS info (device loop0): balance: start -d -m [ 129.005368][ T6253] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6270] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6270] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 6270] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6252] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6270] <... ioctl resumed>) = 0 [pid 6270] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.112098][ T6253] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 129.174504][ T6253] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6270] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] exit_group(0 [pid 6270] <... futex resumed>) = ? [pid 6270] +++ exited with 0 +++ [pid 6252] <... exit_group resumed>) = ? [pid 6253] <... ioctl resumed> ) = ? [pid 6253] +++ exited with 0 +++ [pid 6252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6252, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=55 /* 0.55 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 129.221410][ T6253] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 129.256087][ T6253] BTRFS info (device loop0): balance: ended with status: 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6271 ./strace-static-x86_64: Process 6271 attached [pid 6271] set_robust_list(0x5555560fc760, 24) = 0 [pid 6271] chdir("./65") = 0 [pid 6271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6271] setpgid(0, 0) = 0 [pid 6271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6271] write(3, "1000", 4) = 4 [pid 6271] close(3) = 0 [pid 6271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6271] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6271] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6271] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6271] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6272]}, 88) = 6272 [pid 6271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6272 attached [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6271] <... futex resumed>) = 0 [pid 6272] <... rseq resumed>) = 0 [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6272] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6272] memfd_create("syzkaller", 0) = 3 [pid 6272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6272] munmap(0x7f296b2da000, 138412032) = 0 [pid 6272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6272] close(3) = 0 [pid 6272] mkdir("./bus", 0777) = 0 [ 129.641915][ T6272] loop0: detected capacity change from 0 to 32768 [ 129.652179][ T6272] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6272) [ 129.669438][ T6272] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 129.678222][ T6272] BTRFS info (device loop0): doing ref verification [ 129.684992][ T6272] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 129.696032][ T6272] BTRFS info (device loop0): force zlib compression, level 3 [ 129.703424][ T6272] BTRFS info (device loop0): allowing degraded mounts [ 129.710597][ T6272] BTRFS info (device loop0): using free space tree [pid 6272] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6272] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6272] chdir("./bus") = 0 [pid 6272] ioctl(4, LOOP_CLR_FD) = 0 [pid 6272] close(4) = 0 [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6272] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] <... futex resumed>) = 0 [pid 6272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6271] <... futex resumed>) = 0 [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] <... futex resumed>) = 0 [pid 6272] <... futex resumed>) = 1 [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] open("./file0", O_RDONLY [pid 6271] <... futex resumed>) = 0 [pid 6272] <... open resumed>) = 4 [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] <... futex resumed>) = 0 [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] <... futex resumed>) = 1 [pid 6272] creat("./file1", 000) = 5 [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] <... futex resumed>) = 0 [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] <... futex resumed>) = 1 [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] open("./file0", O_RDONLY) = 6 [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6272] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6271] <... futex resumed>) = 0 [pid 6272] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] <... ioctl resumed>) = 0 [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6272] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6272] <... futex resumed>) = 0 [pid 6272] creat("./bus", 012 [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] <... creat resumed>) = 7 [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6272] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6271] <... futex resumed>) = 0 [pid 6272] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] <... openat resumed>) = 8 [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] <... futex resumed>) = 0 [pid 6272] <... futex resumed>) = 1 [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] open("./file0", O_RDONLY [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] <... open resumed>) = 9 [ 129.733079][ T6272] BTRFS info (device loop0): auto enabling async discard [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6271] <... futex resumed>) = 0 [pid 6272] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6272] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] <... futex resumed>) = 0 [pid 6272] <... futex resumed>) = 1 [pid 6271] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6271] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6271] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6271] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6289 attached => {parent_tid=[6289]}, 88) = 6289 [pid 6289] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6271] rt_sigprocmask(SIG_SETMASK, [], [pid 6289] <... rseq resumed>) = 0 [pid 6271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6289] set_robust_list(0x7f29736d99a0, 24 [pid 6271] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... set_robust_list resumed>) = 0 [pid 6271] <... futex resumed>) = 0 [pid 6289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6289] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 6271] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... openat resumed>) = 10 [pid 6289] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6289] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] <... futex resumed>) = 0 [pid 6271] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6289] <... futex resumed>) = 0 [pid 6289] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 129.806825][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 129.823079][ T6272] BTRFS info (device loop0): balance: start -d -m [ 129.831445][ T6272] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6271] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6289] <... ioctl resumed>) = 0 [pid 6289] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.939934][ T6272] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 130.012408][ T6272] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6289] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6272] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6272] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6271] exit_group(0 [pid 6289] <... futex resumed>) = ? [pid 6289] +++ exited with 0 +++ [pid 6271] <... exit_group resumed>) = ? [pid 6272] +++ exited with 0 +++ [pid 6271] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6271, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=49 /* 0.49 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 130.058549][ T6272] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 130.092775][ T6272] BTRFS info (device loop0): balance: ended with status: 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/bus") = 0 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6290 attached , child_tidptr=0x5555560fc750) = 6290 [pid 6290] set_robust_list(0x5555560fc760, 24) = 0 [pid 6290] chdir("./66") = 0 [pid 6290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6290] setpgid(0, 0) = 0 [pid 6290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6290] write(3, "1000", 4) = 4 [pid 6290] close(3) = 0 [pid 6290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6290] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6290] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6291]}, 88) = 6291 ./strace-static-x86_64: Process 6291 attached [pid 6290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6291] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6291] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6291] memfd_create("syzkaller", 0) = 3 [pid 6291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6291] munmap(0x7f296b2da000, 138412032) = 0 [pid 6291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6291] close(3) = 0 [pid 6291] mkdir("./bus", 0777) = 0 [ 130.464496][ T6291] loop0: detected capacity change from 0 to 32768 [ 130.475814][ T6291] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6291) [ 130.494624][ T6291] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 130.503634][ T6291] BTRFS info (device loop0): doing ref verification [ 130.510325][ T6291] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 130.521147][ T6291] BTRFS info (device loop0): force zlib compression, level 3 [ 130.528561][ T6291] BTRFS info (device loop0): allowing degraded mounts [ 130.535378][ T6291] BTRFS info (device loop0): using free space tree [ 130.557978][ T6291] BTRFS info (device loop0): auto enabling async discard [pid 6291] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6291] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6291] chdir("./bus") = 0 [pid 6291] ioctl(4, LOOP_CLR_FD) = 0 [pid 6291] close(4) = 0 [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... futex resumed>) = 0 [pid 6291] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... futex resumed>) = 0 [pid 6291] open("./file0", O_RDONLY [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... open resumed>) = 4 [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... futex resumed>) = 0 [pid 6291] creat("./file1", 000 [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... creat resumed>) = 5 [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... futex resumed>) = 0 [pid 6291] open("./file0", O_RDONLY [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... open resumed>) = 6 [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 0 [pid 6290] <... futex resumed>) = 1 [pid 6291] creat("./bus", 012 [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... creat resumed>) = 7 [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... futex resumed>) = 1 [pid 6291] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... futex resumed>) = 1 [pid 6291] open("./file0", O_RDONLY) = 9 [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... futex resumed>) = 1 [pid 6291] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 130.611630][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 130.632970][ T6291] BTRFS info (device loop0): balance: start -d -m [ 130.640769][ T6291] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6291] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6290] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6290] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6290] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6307 attached [pid 6307] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6307] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6307] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] <... clone3 resumed> => {parent_tid=[6307]}, 88) = 6307 [pid 6290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6290] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... futex resumed>) = 0 [pid 6290] <... futex resumed>) = 1 [pid 6307] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 6290] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... openat resumed>) = 10 [pid 6307] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6307] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... futex resumed>) = 0 [pid 6307] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 130.672039][ T6291] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6290] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... ioctl resumed>) = 0 [pid 6307] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = 0 [pid 6307] <... futex resumed>) = 1 [ 130.754164][ T6291] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6307] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6291] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6291] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] exit_group(0) = ? [pid 6291] <... futex resumed>) = ? [pid 6307] <... futex resumed>) = ? [pid 6291] +++ exited with 0 +++ [pid 6307] +++ exited with 0 +++ [pid 6290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6290, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=52 /* 0.52 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 130.801373][ T6291] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 130.835758][ T6291] BTRFS info (device loop0): balance: ended with status: 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/bus") = 0 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6308 ./strace-static-x86_64: Process 6308 attached [pid 6308] set_robust_list(0x5555560fc760, 24) = 0 [pid 6308] chdir("./67") = 0 [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6308] setpgid(0, 0) = 0 [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6308] write(3, "1000", 4) = 4 [pid 6308] close(3) = 0 [pid 6308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6308] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6308] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6309]}, 88) = 6309 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6309 attached [pid 6309] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6309] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6309] memfd_create("syzkaller", 0) = 3 [pid 6309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6309] munmap(0x7f296b2da000, 138412032) = 0 [pid 6309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6309] close(3) = 0 [pid 6309] mkdir("./bus", 0777) = 0 [ 131.210891][ T6309] loop0: detected capacity change from 0 to 32768 [ 131.221805][ T6309] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6309) [ 131.239566][ T6309] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 131.248380][ T6309] BTRFS info (device loop0): doing ref verification [pid 6309] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6309] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6309] chdir("./bus") = 0 [pid 6309] ioctl(4, LOOP_CLR_FD) = 0 [pid 6309] close(4) = 0 [pid 6309] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6308] <... futex resumed>) = 1 [pid 6309] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6309] <... futex resumed>) = 0 [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] open("./file0", O_RDONLY) = 4 [pid 6309] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [ 131.255037][ T6309] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 131.265857][ T6309] BTRFS info (device loop0): force zlib compression, level 3 [ 131.273226][ T6309] BTRFS info (device loop0): allowing degraded mounts [ 131.280333][ T6309] BTRFS info (device loop0): using free space tree [ 131.302137][ T6309] BTRFS info (device loop0): auto enabling async discard [pid 6309] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] <... futex resumed>) = 0 [pid 6309] creat("./file1", 000 [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... creat resumed>) = 5 [pid 6309] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... futex resumed>) = 1 [pid 6309] open("./file0", O_RDONLY) = 6 [pid 6309] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... futex resumed>) = 1 [pid 6309] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6309] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] creat("./bus", 012) = 7 [pid 6309] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6308] <... futex resumed>) = 1 [pid 6309] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6309] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] <... futex resumed>) = 0 [pid 6309] open("./file0", O_RDONLY [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... open resumed>) = 9 [pid 6309] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6309] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... ioctl resumed>) = 0 [pid 6308] <... futex resumed>) = 0 [pid 6309] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... futex resumed>) = 0 [pid 6308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6309] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] <... futex resumed>) = 0 [pid 6309] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6308] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6308] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6308] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6326 attached => {parent_tid=[6326]}, 88) = 6326 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6326] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6308] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6326] <... rseq resumed>) = 0 [pid 6326] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6326] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6326] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6326] <... futex resumed>) = 0 [ 131.414031][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 131.426366][ T6309] BTRFS info (device loop0): balance: start -d -m [ 131.444978][ T6309] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6326] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 6326] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6326] <... futex resumed>) = 1 [ 131.537109][ T6309] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 131.598835][ T6309] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6326] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6308] exit_group(0 [pid 6326] <... futex resumed>) = ? [pid 6308] <... exit_group resumed>) = ? [pid 6326] +++ exited with 0 +++ [pid 6309] +++ exited with 0 +++ [pid 6308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6308, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=47 /* 0.47 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 131.645148][ T6309] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 131.681909][ T6309] BTRFS info (device loop0): balance: ended with status: 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/bus") = 0 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6327 ./strace-static-x86_64: Process 6327 attached [pid 6327] set_robust_list(0x5555560fc760, 24) = 0 [pid 6327] chdir("./68") = 0 [pid 6327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6327] setpgid(0, 0) = 0 [pid 6327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6327] write(3, "1000", 4) = 4 [pid 6327] close(3) = 0 [pid 6327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6327] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6327] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6328]}, 88) = 6328 [pid 6327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6328 attached [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6328] <... rseq resumed>) = 0 [pid 6328] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] memfd_create("syzkaller", 0) = 3 [pid 6328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6328] munmap(0x7f296b2da000, 138412032) = 0 [pid 6328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6328] close(3) = 0 [pid 6328] mkdir("./bus", 0777) = 0 [ 132.084931][ T6328] loop0: detected capacity change from 0 to 32768 [ 132.095131][ T6328] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6328) [ 132.112733][ T6328] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 132.121805][ T6328] BTRFS info (device loop0): doing ref verification [ 132.129009][ T6328] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 132.139950][ T6328] BTRFS info (device loop0): force zlib compression, level 3 [ 132.147704][ T6328] BTRFS info (device loop0): allowing degraded mounts [ 132.154548][ T6328] BTRFS info (device loop0): using free space tree [ 132.178468][ T6328] BTRFS info (device loop0): auto enabling async discard [pid 6328] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6328] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6328] chdir("./bus") = 0 [pid 6328] ioctl(4, LOOP_CLR_FD) = 0 [pid 6328] close(4) = 0 [pid 6328] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6327] <... futex resumed>) = 1 [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6328] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... futex resumed>) = 0 [pid 6328] open("./file0", O_RDONLY) = 4 [pid 6328] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] <... futex resumed>) = 0 [pid 6328] creat("./file1", 000 [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... creat resumed>) = 5 [pid 6328] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6327] <... futex resumed>) = 1 [pid 6328] open("./file0", O_RDONLY [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... open resumed>) = 6 [pid 6328] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] <... futex resumed>) = 0 [pid 6328] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... ioctl resumed>) = 0 [pid 6328] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] creat("./bus", 012) = 7 [pid 6328] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6328] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6327] <... futex resumed>) = 1 [pid 6328] open("./file0", O_RDONLY [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... open resumed>) = 9 [pid 6328] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6327] <... futex resumed>) = 0 [pid 6328] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6327] <... futex resumed>) = 1 [pid 6328] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6327] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6327] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6327] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6345]}, 88) = 6345 [pid 6327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6345 attached [pid 6345] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6327] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] <... rseq resumed>) = 0 [pid 6345] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6345] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6345] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] <... futex resumed>) = 0 [ 132.256426][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 132.269870][ T6328] BTRFS info (device loop0): balance: start -d -m [ 132.280949][ T6328] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6345] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6327] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] <... futex resumed>) = 0 [pid 6327] <... futex resumed>) = 1 [pid 6345] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 132.337296][ T6328] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 132.357658][ T6345] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 132.368295][ T6345] BTRFS error (device loop0): dumping block entry [5398528 4096], num_refs 0, metadata 1, from disk 0 [pid 6327] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6327] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6327] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 132.379673][ T6345] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [ 132.388842][ T6345] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 132.400564][ T6345] __btrfs_cow_block+0x465/0x1a90 [ 132.406257][ T6345] btrfs_cow_block+0x35e/0xa10 [ 132.411243][ T6345] btrfs_search_slot+0xbf9/0x2f80 [ 132.416947][ T6345] btrfs_insert_empty_items+0x9c/0x180 [ 132.422624][ T6345] insert_with_overflow+0x150/0x3f0 [ 132.428488][ T6345] btrfs_insert_dir_item+0x243/0x630 [ 132.434001][ T6345] btrfs_add_link+0x270/0xc50 [ 132.439413][ T6345] btrfs_create_new_inode+0x1b3d/0x2710 [ 132.445646][ T6345] btrfs_create_common+0x1f9/0x300 [ 132.450995][ T6345] path_openat+0x13e7/0x3180 [ 132.456260][ T6345] do_filp_open+0x234/0x490 [ 132.460983][ T6345] do_sys_openat2+0x13e/0x1d0 [ 132.466330][ T6345] __x64_sys_creat+0x123/0x160 [ 132.471678][ T6345] do_syscall_64+0x41/0xc0 [ 132.476600][ T6345] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 132.482718][ T6345] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 132.495766][ T6345] __btrfs_cow_block+0xcca/0x1a90 [ 132.501028][ T6345] btrfs_cow_block+0x35e/0xa10 [ 132.506062][ T6345] btrfs_search_slot+0xbf9/0x2f80 [ 132.511304][ T6345] btrfs_lookup_inode+0xdc/0x480 [ 132.516521][ T6345] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 132.522621][ T6345] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 132.529485][ T6345] __btrfs_run_delayed_items+0x213/0x490 [pid 6327] exit_group(0) = ? [ 132.535435][ T6345] btrfs_commit_transaction+0x8a4/0x3730 [ 132.541261][ T6345] create_snapshot+0x4a5/0x7e0 [ 132.546266][ T6345] btrfs_mksubvol+0x5d0/0x750 [ 132.551230][ T6345] btrfs_mksnapshot+0xb5/0xf0 [ 132.556181][ T6345] __btrfs_ioctl_snap_create+0x344/0x460 [ 132.562023][ T6345] btrfs_ioctl_snap_create+0x13c/0x190 [ 132.567779][ T6345] btrfs_ioctl+0xbbf/0xd40 [ 132.572397][ T6345] __se_sys_ioctl+0xf8/0x170 [ 132.577231][ T6345] do_syscall_64+0x41/0xc0 [ 132.581852][ T6345] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [ 132.593715][ T6345] __btrfs_mod_ref+0x9b1/0xe20 [ 132.598769][ T6345] btrfs_copy_root+0x851/0xce0 [ 132.603752][ T6345] create_reloc_root+0x244/0x9a0 [ 132.608949][ T6345] btrfs_init_reloc_root+0x329/0x4e0 [ 132.614500][ T6345] record_root_in_trans+0x2c9/0x360 [ 132.619895][ T6345] qgroup_account_snapshot+0xa9/0x340 [ 132.625500][ T6345] create_pending_snapshot+0x1050/0x28b0 [ 132.631336][ T6345] create_pending_snapshots+0x195/0x1d0 [pid 6345] <... ioctl resumed>) = ? [pid 6345] +++ exited with 0 +++ [ 132.637152][ T6345] btrfs_commit_transaction+0xf1c/0x3730 [ 132.643076][ T6345] create_snapshot+0x4a5/0x7e0 [ 132.648080][ T6345] btrfs_mksubvol+0x5d0/0x750 [ 132.653073][ T6345] btrfs_mksnapshot+0xb5/0xf0 [ 132.658050][ T6345] __btrfs_ioctl_snap_create+0x344/0x460 [ 132.663901][ T6345] btrfs_ioctl_snap_create+0x13c/0x190 [ 132.669597][ T6345] btrfs_ioctl+0xbbf/0xd40 [ 132.674212][ T6345] __se_sys_ioctl+0xf8/0x170 [pid 6328] <... ioctl resumed> ) = ? [pid 6328] +++ exited with 0 +++ [pid 6327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6327, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=73 /* 0.73 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 132.710357][ T6328] BTRFS info (device loop0): balance: canceled umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/bus") = 0 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6346 ./strace-static-x86_64: Process 6346 attached [pid 6346] set_robust_list(0x5555560fc760, 24) = 0 [pid 6346] chdir("./69") = 0 [pid 6346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6346] setpgid(0, 0) = 0 [pid 6346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6346] write(3, "1000", 4) = 4 [pid 6346] close(3) = 0 [pid 6346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6346] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6346] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6346] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6347]}, 88) = 6347 [pid 6346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6347 attached [pid 6347] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6347] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6347] memfd_create("syzkaller", 0) = 3 [pid 6347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6347] munmap(0x7f296b2da000, 138412032) = 0 [pid 6347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6347] close(3) = 0 [pid 6347] mkdir("./bus", 0777) = 0 [ 133.088832][ T6347] loop0: detected capacity change from 0 to 32768 [ 133.100343][ T6347] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6347) [ 133.118594][ T6347] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 133.127393][ T6347] BTRFS info (device loop0): doing ref verification [pid 6347] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6347] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6347] chdir("./bus") = 0 [pid 6347] ioctl(4, LOOP_CLR_FD) = 0 [pid 6347] close(4) = 0 [pid 6347] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6347] <... futex resumed>) = 0 [pid 6347] open("./file0", O_RDONLY [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... open resumed>) = 4 [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] <... futex resumed>) = 1 [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] creat("./file1", 000) = 5 [pid 6347] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = 0 [pid 6347] <... futex resumed>) = 1 [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] open("./file0", O_RDONLY) = 6 [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... futex resumed>) = 0 [pid 6347] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [ 133.134011][ T6347] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 133.144924][ T6347] BTRFS info (device loop0): force zlib compression, level 3 [ 133.152336][ T6347] BTRFS info (device loop0): allowing degraded mounts [ 133.159167][ T6347] BTRFS info (device loop0): using free space tree [ 133.181754][ T6347] BTRFS info (device loop0): auto enabling async discard [pid 6347] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... futex resumed>) = 0 [pid 6347] creat("./bus", 012) = 7 [pid 6347] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] <... futex resumed>) = 0 [pid 6347] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6346] <... futex resumed>) = 0 [pid 6347] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... openat resumed>) = 8 [pid 6347] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] <... futex resumed>) = 0 [pid 6347] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... futex resumed>) = 0 [pid 6346] <... futex resumed>) = 1 [pid 6347] open("./file0", O_RDONLY [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... open resumed>) = 9 [pid 6347] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] <... futex resumed>) = 0 [pid 6347] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... futex resumed>) = 0 [pid 6347] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6346] <... futex resumed>) = 1 [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... ioctl resumed>) = 0 [pid 6347] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6346] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6346] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6346] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6364]}, 88) = 6364 ./strace-static-x86_64: Process 6364 attached [pid 6346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6346] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6364] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6364] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6364] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] <... futex resumed>) = 0 [pid 6364] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = 0 [pid 6346] <... futex resumed>) = 1 [pid 6364] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6346] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] <... ioctl resumed>) = 0 [ 133.286052][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 133.299873][ T6347] BTRFS info (device loop0): balance: start -d -m [ 133.311074][ T6347] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6364] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6346] <... futex resumed>) = 0 [ 133.395495][ T6347] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 133.482505][ T6347] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6364] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] exit_group(0) = ? [pid 6364] <... futex resumed>) = ? [pid 6364] +++ exited with 0 +++ [pid 6347] <... ioctl resumed> ) = ? [pid 6347] +++ exited with 0 +++ [pid 6346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6346, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 133.532894][ T6347] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 133.568791][ T6347] BTRFS info (device loop0): balance: ended with status: 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/bus") = 0 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6365 ./strace-static-x86_64: Process 6365 attached [pid 6365] set_robust_list(0x5555560fc760, 24) = 0 [pid 6365] chdir("./70") = 0 [pid 6365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6365] setpgid(0, 0) = 0 [pid 6365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6365] write(3, "1000", 4) = 4 [pid 6365] close(3) = 0 [pid 6365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6365] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6365] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6366 attached [pid 6366] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6366] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6366] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] <... clone3 resumed> => {parent_tid=[6366]}, 88) = 6366 [pid 6365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = 1 [pid 6366] memfd_create("syzkaller", 0 [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6366] <... memfd_create resumed>) = 3 [pid 6366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6366] munmap(0x7f296b2da000, 138412032) = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6366] close(3) = 0 [pid 6366] mkdir("./bus", 0777) = 0 [ 133.959580][ T6366] loop0: detected capacity change from 0 to 32768 [ 133.969564][ T6366] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6366) [ 133.984790][ T6366] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 133.993509][ T6366] BTRFS info (device loop0): doing ref verification [pid 6366] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6366] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6366] chdir("./bus") = 0 [pid 6366] ioctl(4, LOOP_CLR_FD) = 0 [pid 6366] close(4) = 0 [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = 1 [pid 6366] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6366] <... futex resumed>) = 1 [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] open("./file0", O_RDONLY [pid 6365] <... futex resumed>) = 0 [pid 6366] <... open resumed>) = 4 [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... futex resumed>) = 1 [pid 6366] creat("./file1", 000) = 5 [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 1 [pid 6366] open("./file0", O_RDONLY [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... open resumed>) = 6 [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 1 [pid 6365] <... futex resumed>) = 0 [pid 6366] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... ioctl resumed>) = 0 [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6366] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = 1 [ 134.000176][ T6366] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 134.011058][ T6366] BTRFS info (device loop0): force zlib compression, level 3 [ 134.018579][ T6366] BTRFS info (device loop0): allowing degraded mounts [ 134.025404][ T6366] BTRFS info (device loop0): using free space tree [ 134.049478][ T6366] BTRFS info (device loop0): auto enabling async discard [pid 6366] creat("./bus", 012 [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... creat resumed>) = 7 [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... futex resumed>) = 1 [pid 6366] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... futex resumed>) = 1 [pid 6366] open("./file0", O_RDONLY) = 9 [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6365] <... futex resumed>) = 0 [pid 6366] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... ioctl resumed>) = 0 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6365] <... futex resumed>) = 0 [pid 6366] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6365] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6365] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6365] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6383]}, 88) = 6383 [pid 6365] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6383 attached [pid 6383] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6383] <... rseq resumed>) = 0 [pid 6383] set_robust_list(0x7f29736d99a0, 24 [pid 6365] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... set_robust_list resumed>) = 0 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6383] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6383] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6365] <... futex resumed>) = 0 [pid 6383] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6365] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 134.131054][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 134.142357][ T6366] BTRFS info (device loop0): balance: start -d -m [ 134.152545][ T6366] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6365] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6383] <... ioctl resumed>) = 0 [pid 6383] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 134.250204][ T6366] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 134.332452][ T6366] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6383] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6366] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] exit_group(0 [pid 6383] <... futex resumed>) = ? [pid 6365] <... exit_group resumed>) = ? [pid 6383] +++ exited with 0 +++ [pid 6366] <... futex resumed>) = ? [pid 6366] +++ exited with 0 +++ [pid 6365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6365, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=52 /* 0.52 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 134.375251][ T6366] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 134.408889][ T6366] BTRFS info (device loop0): balance: ended with status: 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/bus") = 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6384 ./strace-static-x86_64: Process 6384 attached [pid 6384] set_robust_list(0x5555560fc760, 24) = 0 [pid 6384] chdir("./71") = 0 [pid 6384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6384] setpgid(0, 0) = 0 [pid 6384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6384] write(3, "1000", 4) = 4 [pid 6384] close(3) = 0 [pid 6384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6384] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6384] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6385]}, 88) = 6385 ./strace-static-x86_64: Process 6385 attached [pid 6384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6385] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6385] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6385] memfd_create("syzkaller", 0) = 3 [pid 6385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6385] munmap(0x7f296b2da000, 138412032) = 0 [pid 6385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6385] close(3) = 0 [pid 6385] mkdir("./bus", 0777) = 0 [ 134.814044][ T6385] loop0: detected capacity change from 0 to 32768 [ 134.825207][ T6385] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6385) [ 134.841598][ T6385] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 134.850645][ T6385] BTRFS info (device loop0): doing ref verification [ 134.857328][ T6385] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 134.868451][ T6385] BTRFS info (device loop0): force zlib compression, level 3 [ 134.875963][ T6385] BTRFS info (device loop0): allowing degraded mounts [ 134.882745][ T6385] BTRFS info (device loop0): using free space tree [pid 6385] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6385] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6385] chdir("./bus") = 0 [pid 6385] ioctl(4, LOOP_CLR_FD) = 0 [pid 6385] close(4) = 0 [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6385] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... futex resumed>) = 0 [pid 6385] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6385] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] open("./file0", O_RDONLY) = 4 [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6385] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... futex resumed>) = 0 [pid 6385] creat("./file1", 000 [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... creat resumed>) = 5 [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6385] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... futex resumed>) = 0 [pid 6385] open("./file0", O_RDONLY [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... open resumed>) = 6 [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6385] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... futex resumed>) = 0 [pid 6385] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... ioctl resumed>) = 0 [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 134.905358][ T6385] BTRFS info (device loop0): auto enabling async discard [pid 6384] <... futex resumed>) = 0 [pid 6385] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... futex resumed>) = 0 [pid 6385] creat("./bus", 012 [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... creat resumed>) = 7 [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6385] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... futex resumed>) = 0 [pid 6385] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... openat resumed>) = 8 [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6385] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] open("./file0", O_RDONLY) = 9 [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6385] <... futex resumed>) = 1 [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6384] <... futex resumed>) = 0 [pid 6385] <... ioctl resumed>) = 0 [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6384] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6384] <... futex resumed>) = 0 [ 134.984707][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 135.017297][ T6385] BTRFS info (device loop0): balance: start -d -m [ 135.026201][ T6385] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6384] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6384] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6384] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6402 attached [pid 6402] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6384] <... clone3 resumed> => {parent_tid=[6402]}, 88) = 6402 [pid 6402] <... rseq resumed>) = 0 [pid 6384] rt_sigprocmask(SIG_SETMASK, [], [pid 6402] set_robust_list(0x7f29736d99a0, 24 [pid 6384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6402] <... set_robust_list resumed>) = 0 [pid 6384] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] rt_sigprocmask(SIG_SETMASK, [], [pid 6384] <... futex resumed>) = 0 [pid 6402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6384] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6402] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6402] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6402] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... futex resumed>) = 0 [pid 6402] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6384] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6402] <... ioctl resumed>) = 0 [pid 6402] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 135.138522][ T6385] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 135.200943][ T6385] BTRFS info (device loop0): found 8 extents, stage: move data extents [pid 6402] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6385] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] exit_group(0 [pid 6385] <... futex resumed>) = ? [pid 6384] <... exit_group resumed>) = ? [pid 6402] <... futex resumed>) = ? [pid 6385] +++ exited with 0 +++ [pid 6402] +++ exited with 0 +++ [pid 6384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6384, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=55 /* 0.55 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 135.246859][ T6385] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 135.283393][ T6385] BTRFS info (device loop0): balance: ended with status: 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/bus") = 0 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6403 ./strace-static-x86_64: Process 6403 attached [pid 6403] set_robust_list(0x5555560fc760, 24) = 0 [pid 6403] chdir("./72") = 0 [pid 6403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6403] setpgid(0, 0) = 0 [pid 6403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6403] write(3, "1000", 4) = 4 [pid 6403] close(3) = 0 [pid 6403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6403] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6403] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6404 attached [pid 6404] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6403] <... clone3 resumed> => {parent_tid=[6404]}, 88) = 6404 [pid 6404] set_robust_list(0x7f29736fa9a0, 24 [pid 6403] rt_sigprocmask(SIG_SETMASK, [], [pid 6404] <... set_robust_list resumed>) = 0 [pid 6403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] memfd_create("syzkaller", 0 [pid 6403] <... futex resumed>) = 0 [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6404] <... memfd_create resumed>) = 3 [pid 6404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6404] munmap(0x7f296b2da000, 138412032) = 0 [pid 6404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6404] close(3) = 0 [pid 6404] mkdir("./bus", 0777) = 0 [ 135.673700][ T6404] loop0: detected capacity change from 0 to 32768 [ 135.684760][ T6404] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6404) [ 135.701337][ T6404] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 135.710203][ T6404] BTRFS info (device loop0): doing ref verification [ 135.716866][ T6404] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 135.727750][ T6404] BTRFS info (device loop0): force zlib compression, level 3 [ 135.735263][ T6404] BTRFS info (device loop0): allowing degraded mounts [ 135.742060][ T6404] BTRFS info (device loop0): using free space tree [pid 6404] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6404] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6404] chdir("./bus") = 0 [pid 6404] ioctl(4, LOOP_CLR_FD) = 0 [pid 6404] close(4) = 0 [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6404] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6404] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6404] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] <... futex resumed>) = 0 [pid 6403] <... futex resumed>) = 1 [pid 6404] open("./file0", O_RDONLY [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] <... open resumed>) = 4 [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... futex resumed>) = 0 [pid 6404] <... futex resumed>) = 1 [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] creat("./file1", 000 [pid 6403] <... futex resumed>) = 0 [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] <... creat resumed>) = 5 [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6404] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] <... futex resumed>) = 0 [pid 6403] <... futex resumed>) = 1 [pid 6404] open("./file0", O_RDONLY [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] <... open resumed>) = 6 [ 135.764781][ T6404] BTRFS info (device loop0): auto enabling async discard [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6404] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6403] <... futex resumed>) = 0 [pid 6404] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] <... ioctl resumed>) = 0 [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] creat("./bus", 012 [pid 6403] <... futex resumed>) = 0 [pid 6404] <... creat resumed>) = 7 [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6404] <... futex resumed>) = 0 [pid 6404] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6404] <... futex resumed>) = 0 [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6404] open("./file0", O_RDONLY [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] <... open resumed>) = 9 [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6404] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6403] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6403] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6403] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6421 attached [pid 6421] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6403] <... clone3 resumed> => {parent_tid=[6421]}, 88) = 6421 [pid 6421] <... rseq resumed>) = 0 [pid 6403] rt_sigprocmask(SIG_SETMASK, [], [pid 6421] set_robust_list(0x7f29736d99a0, 24 [pid 6403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6421] <... set_robust_list resumed>) = 0 [pid 6403] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6421] rt_sigprocmask(SIG_SETMASK, [], [pid 6403] <... futex resumed>) = 0 [pid 6421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6403] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6421] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] <... futex resumed>) = 0 [pid 6421] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6403] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6403] <... futex resumed>) = 0 [pid 6421] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 135.903805][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 135.917516][ T6404] BTRFS info (device loop0): balance: start -d -m [ 135.930023][ T6404] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6403] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6421] <... ioctl resumed>) = 0 [pid 6421] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.025130][ T6404] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 136.088012][ T6404] BTRFS info (device loop0): found 8 extents, stage: move data extents [pid 6421] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6404] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6404] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] exit_group(0 [pid 6404] <... futex resumed>) = 0 [pid 6421] <... futex resumed>) = ? [pid 6403] <... exit_group resumed>) = ? [pid 6421] +++ exited with 0 +++ [pid 6404] +++ exited with 0 +++ [pid 6403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6403, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 136.131215][ T6404] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 136.163345][ T6404] BTRFS info (device loop0): balance: ended with status: 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/bus") = 0 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6422 attached , child_tidptr=0x5555560fc750) = 6422 [pid 6422] set_robust_list(0x5555560fc760, 24) = 0 [pid 6422] chdir("./73") = 0 [pid 6422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6422] setpgid(0, 0) = 0 [pid 6422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6422] write(3, "1000", 4) = 4 [pid 6422] close(3) = 0 [pid 6422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6422] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6422] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6423 attached => {parent_tid=[6423]}, 88) = 6423 [pid 6423] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6422] rt_sigprocmask(SIG_SETMASK, [], [pid 6423] <... rseq resumed>) = 0 [pid 6422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6423] set_robust_list(0x7f29736fa9a0, 24 [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... set_robust_list resumed>) = 0 [pid 6422] <... futex resumed>) = 0 [pid 6423] rt_sigprocmask(SIG_SETMASK, [], [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6423] memfd_create("syzkaller", 0) = 3 [pid 6423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6423] munmap(0x7f296b2da000, 138412032) = 0 [pid 6423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6423] close(3) = 0 [pid 6423] mkdir("./bus", 0777) = 0 [ 136.556591][ T6423] loop0: detected capacity change from 0 to 32768 [ 136.567992][ T6423] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6423) [ 136.584219][ T6423] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 136.593079][ T6423] BTRFS info (device loop0): doing ref verification [pid 6423] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6423] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6423] chdir("./bus") = 0 [pid 6423] ioctl(4, LOOP_CLR_FD) = 0 [pid 6423] close(4) = 0 [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6423] <... futex resumed>) = 1 [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6422] <... futex resumed>) = 0 [pid 6423] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 0 [pid 6422] <... futex resumed>) = 0 [pid 6423] open("./file0", O_RDONLY [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... open resumed>) = 4 [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6423] <... futex resumed>) = 1 [pid 6423] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] creat("./file1", 000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... creat resumed>) = 5 [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... futex resumed>) = 1 [pid 6423] open("./file0", O_RDONLY) = 6 [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... futex resumed>) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6423] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 136.599810][ T6423] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 136.610711][ T6423] BTRFS info (device loop0): force zlib compression, level 3 [ 136.618178][ T6423] BTRFS info (device loop0): allowing degraded mounts [ 136.625003][ T6423] BTRFS info (device loop0): using free space tree [ 136.646961][ T6423] BTRFS info (device loop0): auto enabling async discard [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... ioctl resumed>) = 0 [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... futex resumed>) = 1 [pid 6423] creat("./bus", 012) = 7 [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... futex resumed>) = 1 [pid 6423] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] open("./file0", O_RDONLY) = 9 [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6422] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6422] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6422] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6440 attached => {parent_tid=[6440]}, 88) = 6440 [pid 6422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6440] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6422] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... rseq resumed>) = 0 [pid 6422] <... futex resumed>) = 0 [pid 6440] set_robust_list(0x7f29736d99a0, 24 [pid 6422] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6440] <... set_robust_list resumed>) = 0 [pid 6440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6440] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6440] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6440] <... futex resumed>) = 1 [ 136.733118][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 136.747836][ T6423] BTRFS info (device loop0): balance: start -d -m [ 136.758485][ T6423] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6440] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6422] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6440] <... ioctl resumed>) = 0 [pid 6440] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.860383][ T6423] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 136.922455][ T6423] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6440] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6423] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6423] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6422] exit_group(0 [pid 6440] <... futex resumed>) = ? [pid 6423] <... futex resumed>) = ? [pid 6440] +++ exited with 0 +++ [pid 6423] +++ exited with 0 +++ [pid 6422] <... exit_group resumed>) = ? [pid 6422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6422, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=51 /* 0.51 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 136.967712][ T6423] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 137.003144][ T6423] BTRFS info (device loop0): balance: ended with status: 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/bus") = 0 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6441 attached , child_tidptr=0x5555560fc750) = 6441 [pid 6441] set_robust_list(0x5555560fc760, 24) = 0 [pid 6441] chdir("./74") = 0 [pid 6441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6441] setpgid(0, 0) = 0 [pid 6441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6441] write(3, "1000", 4) = 4 [pid 6441] close(3) = 0 [pid 6441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6441] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6442 attached => {parent_tid=[6442]}, 88) = 6442 [pid 6442] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6441] rt_sigprocmask(SIG_SETMASK, [], [pid 6442] <... rseq resumed>) = 0 [pid 6441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6442] set_robust_list(0x7f29736fa9a0, 24 [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... set_robust_list resumed>) = 0 [pid 6441] <... futex resumed>) = 0 [pid 6442] rt_sigprocmask(SIG_SETMASK, [], [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6442] memfd_create("syzkaller", 0) = 3 [pid 6442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6442] munmap(0x7f296b2da000, 138412032) = 0 [pid 6442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6442] close(3) = 0 [pid 6442] mkdir("./bus", 0777) = 0 [ 137.390175][ T6442] loop0: detected capacity change from 0 to 32768 [ 137.400684][ T6442] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6442) [ 137.418208][ T6442] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 137.427371][ T6442] BTRFS info (device loop0): doing ref verification [pid 6442] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6442] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6442] chdir("./bus") = 0 [pid 6442] ioctl(4, LOOP_CLR_FD) = 0 [pid 6442] close(4) = 0 [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6442] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6442] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6442] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6442] open("./file0", O_RDONLY [pid 6441] <... futex resumed>) = 0 [pid 6442] <... open resumed>) = 4 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6442] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] creat("./file1", 000 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] <... creat resumed>) = 5 [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] open("./file0", O_RDONLY [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] <... open resumed>) = 6 [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [ 137.433990][ T6442] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 137.444825][ T6442] BTRFS info (device loop0): force zlib compression, level 3 [ 137.452205][ T6442] BTRFS info (device loop0): allowing degraded mounts [ 137.459541][ T6442] BTRFS info (device loop0): using free space tree [ 137.480953][ T6442] BTRFS info (device loop0): auto enabling async discard [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] <... ioctl resumed>) = 0 [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] creat("./bus", 012 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] <... creat resumed>) = 7 [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6442] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6442] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6441] <... futex resumed>) = 0 [pid 6442] <... openat resumed>) = 8 [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] <... futex resumed>) = 0 [pid 6441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] open("./file0", O_RDONLY) = 9 [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6442] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... futex resumed>) = 0 [pid 6441] <... futex resumed>) = 1 [pid 6442] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6442] <... futex resumed>) = 0 [pid 6442] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6442] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6441] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6441] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6441] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 137.563239][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 137.580142][ T6442] BTRFS info (device loop0): balance: start -d -m [ 137.591335][ T6442] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6459]}, 88) = 6459 ./strace-static-x86_64: Process 6459 attached [pid 6459] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6459] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6459] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6441] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6459] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6459] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [pid 6441] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6441] <... futex resumed>) = 0 [ 137.636529][ T6442] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6441] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6459] <... ioctl resumed>) = 0 [pid 6459] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6441] <... futex resumed>) = 0 [ 137.740422][ T6442] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6459] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6442] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6442] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6441] exit_group(0 [pid 6459] <... futex resumed>) = ? [pid 6441] <... exit_group resumed>) = ? [pid 6459] +++ exited with 0 +++ [pid 6442] <... futex resumed>) = ? [pid 6442] +++ exited with 0 +++ [pid 6441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6441, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 137.785603][ T6442] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 137.820143][ T6442] BTRFS info (device loop0): balance: ended with status: 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/bus") = 0 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6460 ./strace-static-x86_64: Process 6460 attached [pid 6460] set_robust_list(0x5555560fc760, 24) = 0 [pid 6460] chdir("./75") = 0 [pid 6460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6460] setpgid(0, 0) = 0 [pid 6460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6460] write(3, "1000", 4) = 4 [pid 6460] close(3) = 0 [pid 6460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6460] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6460] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6461 attached [pid 6461] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6460] <... clone3 resumed> => {parent_tid=[6461]}, 88) = 6461 [pid 6461] <... rseq resumed>) = 0 [pid 6460] rt_sigprocmask(SIG_SETMASK, [], [pid 6461] set_robust_list(0x7f29736fa9a0, 24 [pid 6460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6461] <... set_robust_list resumed>) = 0 [pid 6461] rt_sigprocmask(SIG_SETMASK, [], [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6460] <... futex resumed>) = 0 [pid 6461] memfd_create("syzkaller", 0 [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6461] <... memfd_create resumed>) = 3 [pid 6461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6461] munmap(0x7f296b2da000, 138412032) = 0 [pid 6461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6461] close(3) = 0 [pid 6461] mkdir("./bus", 0777) = 0 [ 138.219188][ T6461] loop0: detected capacity change from 0 to 32768 [ 138.230107][ T6461] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6461) [ 138.246671][ T6461] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 138.255519][ T6461] BTRFS info (device loop0): doing ref verification [ 138.262141][ T6461] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 138.272962][ T6461] BTRFS info (device loop0): force zlib compression, level 3 [ 138.280808][ T6461] BTRFS info (device loop0): allowing degraded mounts [ 138.287723][ T6461] BTRFS info (device loop0): using free space tree [pid 6461] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6461] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6461] chdir("./bus") = 0 [pid 6461] ioctl(4, LOOP_CLR_FD) = 0 [pid 6461] close(4) = 0 [pid 6461] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6460] <... futex resumed>) = 0 [pid 6461] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6461] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6461] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] <... futex resumed>) = 1 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] open("./file0", O_RDONLY) = 4 [pid 6461] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] <... futex resumed>) = 1 [pid 6460] <... futex resumed>) = 0 [pid 6461] creat("./file1", 000 [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] <... creat resumed>) = 5 [pid 6461] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] <... futex resumed>) = 1 [pid 6461] open("./file0", O_RDONLY) = 6 [pid 6461] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] <... futex resumed>) = 1 [pid 6461] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6461] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6460] <... futex resumed>) = 0 [pid 6461] creat("./bus", 012 [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] <... creat resumed>) = 7 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 138.310612][ T6461] BTRFS info (device loop0): auto enabling async discard [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] <... futex resumed>) = 1 [pid 6461] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6461] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] <... futex resumed>) = 1 [pid 6461] open("./file0", O_RDONLY) = 9 [pid 6461] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] <... futex resumed>) = 1 [pid 6461] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6461] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6461] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] <... futex resumed>) = 0 [pid 6460] <... futex resumed>) = 1 [pid 6461] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6460] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6460] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6460] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6478]}, 88) = 6478 ./strace-static-x86_64: Process 6478 attached [pid 6460] rt_sigprocmask(SIG_SETMASK, [], [pid 6478] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6478] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6478] rt_sigprocmask(SIG_SETMASK, [], [pid 6460] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6478] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6460] <... futex resumed>) = 0 [ 138.413302][ T6461] BTRFS info (device loop0): balance: start -d -m [ 138.414105][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 138.423389][ T6461] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6460] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6478] <... ioctl resumed>) = 0 [pid 6478] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 138.532211][ T6461] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 138.603425][ T6461] BTRFS info (device loop0): found 13 extents, stage: move data extents [pid 6478] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6460] exit_group(0) = ? [pid 6478] <... futex resumed>) = ? [pid 6478] +++ exited with 0 +++ [pid 6461] <... ioctl resumed> ) = ? [pid 6461] +++ exited with 0 +++ [pid 6460] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6460, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=52 /* 0.52 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 138.646558][ T6461] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 138.682634][ T6461] BTRFS info (device loop0): balance: ended with status: 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/bus") = 0 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6479 attached , child_tidptr=0x5555560fc750) = 6479 [pid 6479] set_robust_list(0x5555560fc760, 24) = 0 [pid 6479] chdir("./76") = 0 [pid 6479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6479] setpgid(0, 0) = 0 [pid 6479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6479] write(3, "1000", 4) = 4 [pid 6479] close(3) = 0 [pid 6479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6479] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6479] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6480]}, 88) = 6480 [pid 6479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6480 attached [pid 6480] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6480] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6480] memfd_create("syzkaller", 0) = 3 [pid 6480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6480] munmap(0x7f296b2da000, 138412032) = 0 [pid 6480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6480] close(3) = 0 [pid 6480] mkdir("./bus", 0777) = 0 [ 139.082017][ T6480] loop0: detected capacity change from 0 to 32768 [ 139.091919][ T6480] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6480) [ 139.108033][ T6480] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 139.117751][ T6480] BTRFS info (device loop0): doing ref verification [pid 6480] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6480] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6480] chdir("./bus") = 0 [pid 6480] ioctl(4, LOOP_CLR_FD) = 0 [pid 6480] close(4) = 0 [pid 6480] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] <... futex resumed>) = 0 [pid 6480] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6480] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6480] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6480] open("./file0", O_RDONLY) = 4 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] creat("./file1", 000) = 5 [pid 6480] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... futex resumed>) = 1 [pid 6480] open("./file0", O_RDONLY) = 6 [pid 6480] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... futex resumed>) = 1 [ 139.124522][ T6480] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 139.135360][ T6480] BTRFS info (device loop0): force zlib compression, level 3 [ 139.142754][ T6480] BTRFS info (device loop0): allowing degraded mounts [ 139.149600][ T6480] BTRFS info (device loop0): using free space tree [ 139.172278][ T6480] BTRFS info (device loop0): auto enabling async discard [pid 6480] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6480] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... futex resumed>) = 0 [pid 6479] <... futex resumed>) = 1 [pid 6480] creat("./bus", 012 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... creat resumed>) = 7 [pid 6480] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... futex resumed>) = 1 [pid 6480] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6480] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... futex resumed>) = 1 [pid 6480] open("./file0", O_RDONLY) = 9 [pid 6480] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6480] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6479] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6479] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6479] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6497 attached => {parent_tid=[6497]}, 88) = 6497 [pid 6479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6479] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6497] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6497] <... rseq resumed>) = 0 [pid 6497] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6497] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6497] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 139.250975][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 139.270458][ T6480] BTRFS info (device loop0): balance: start -d -m [ 139.281504][ T6480] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6497] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6479] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6479] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6497] <... ioctl resumed>) = 0 [pid 6497] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 139.367772][ T6480] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 139.438132][ T6480] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6497] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6479] exit_group(0 [pid 6497] <... futex resumed>) = ? [pid 6497] +++ exited with 0 +++ [pid 6479] <... exit_group resumed>) = ? [pid 6480] <... ioctl resumed> ) = ? [pid 6480] +++ exited with 0 +++ [pid 6479] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6479, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 139.485323][ T6480] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 139.520983][ T6480] BTRFS info (device loop0): balance: ended with status: 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/bus") = 0 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6498 attached [pid 6498] set_robust_list(0x5555560fc760, 24) = 0 [pid 6498] chdir("./77") = 0 [pid 6498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6498] setpgid(0, 0) = 0 [pid 6498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5027] <... clone resumed>, child_tidptr=0x5555560fc750) = 6498 [pid 6498] <... openat resumed>) = 3 [pid 6498] write(3, "1000", 4) = 4 [pid 6498] close(3) = 0 [pid 6498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6498] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6498] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6499]}, 88) = 6499 [pid 6498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6499 attached [pid 6499] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6499] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6499] memfd_create("syzkaller", 0) = 3 [pid 6499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6499] munmap(0x7f296b2da000, 138412032) = 0 [pid 6499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6499] close(3) = 0 [pid 6499] mkdir("./bus", 0777) = 0 [ 139.911717][ T6499] loop0: detected capacity change from 0 to 32768 [ 139.921630][ T6499] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6499) [ 139.938809][ T6499] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 139.947603][ T6499] BTRFS info (device loop0): doing ref verification [pid 6499] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6499] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6499] chdir("./bus") = 0 [pid 6499] ioctl(4, LOOP_CLR_FD) = 0 [pid 6499] close(4) = 0 [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] open("./file0", O_RDONLY) = 4 [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] creat("./file1", 000) = 5 [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 1 [pid 6499] open("./file0", O_RDONLY) = 6 [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6498] <... futex resumed>) = 0 [ 139.954209][ T6499] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 139.965318][ T6499] BTRFS info (device loop0): force zlib compression, level 3 [ 139.972697][ T6499] BTRFS info (device loop0): allowing degraded mounts [ 139.979767][ T6499] BTRFS info (device loop0): using free space tree [ 140.001395][ T6499] BTRFS info (device loop0): auto enabling async discard [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... ioctl resumed>) = 0 [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6499] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] <... futex resumed>) = 0 [pid 6498] <... futex resumed>) = 1 [pid 6499] creat("./bus", 012 [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... creat resumed>) = 7 [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6499] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] open("./file0", O_RDONLY) = 9 [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... futex resumed>) = 0 [pid 6499] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6499] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6498] <... futex resumed>) = 0 [pid 6499] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6498] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6498] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6498] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6516]}, 88) = 6516 [pid 6498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6498] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6516 attached [ 140.087046][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 140.113207][ T6499] BTRFS info (device loop0): balance: start -d -m [ 140.125021][ T6499] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6516] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6516] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6516] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6516] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6516] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6498] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6516] <... ioctl resumed>) = 0 [pid 6516] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6516] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] <... futex resumed>) = 0 [ 140.180989][ T6499] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 140.282263][ T6499] BTRFS info (device loop0): found 5 extents, stage: move data extents [pid 6499] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6499] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] exit_group(0) = ? [pid 6516] <... futex resumed>) = ? [pid 6516] +++ exited with 0 +++ [pid 6499] +++ exited with 0 +++ [pid 6498] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6498, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 140.324652][ T6499] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 140.356431][ T6499] BTRFS info (device loop0): balance: ended with status: 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/bus") = 0 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6517 attached , child_tidptr=0x5555560fc750) = 6517 [pid 6517] set_robust_list(0x5555560fc760, 24) = 0 [pid 6517] chdir("./78") = 0 [pid 6517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6517] setpgid(0, 0) = 0 [pid 6517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6517] write(3, "1000", 4) = 4 [pid 6517] close(3) = 0 [pid 6517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6517] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6518]}, 88) = 6518 ./strace-static-x86_64: Process 6518 attached [pid 6517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6518] <... rseq resumed>) = 0 [pid 6518] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6518] memfd_create("syzkaller", 0) = 3 [pid 6518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6518] munmap(0x7f296b2da000, 138412032) = 0 [pid 6518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6518] close(3) = 0 [pid 6518] mkdir("./bus", 0777) = 0 [ 140.770433][ T6518] loop0: detected capacity change from 0 to 32768 [ 140.780378][ T6518] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6518) [ 140.795748][ T6518] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 140.804544][ T6518] BTRFS info (device loop0): doing ref verification [pid 6518] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6518] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6518] chdir("./bus") = 0 [pid 6518] ioctl(4, LOOP_CLR_FD) = 0 [pid 6518] close(4) = 0 [pid 6518] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6518] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6517] <... futex resumed>) = 0 [pid 6518] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6518] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6518] open("./file0", O_RDONLY [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] <... open resumed>) = 4 [pid 6517] <... futex resumed>) = 0 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 140.811151][ T6518] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 140.821951][ T6518] BTRFS info (device loop0): force zlib compression, level 3 [ 140.829383][ T6518] BTRFS info (device loop0): allowing degraded mounts [ 140.836309][ T6518] BTRFS info (device loop0): using free space tree [ 140.859129][ T6518] BTRFS info (device loop0): auto enabling async discard [pid 6518] creat("./file1", 000) = 5 [pid 6518] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... futex resumed>) = 0 [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] <... futex resumed>) = 1 [pid 6518] open("./file0", O_RDONLY) = 6 [pid 6518] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6517] <... futex resumed>) = 0 [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] <... futex resumed>) = 0 [pid 6518] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6517] <... futex resumed>) = 1 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] <... ioctl resumed>) = 0 [pid 6518] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6518] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6517] <... futex resumed>) = 0 [pid 6518] creat("./bus", 012 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] <... creat resumed>) = 7 [pid 6518] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6518] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6517] <... futex resumed>) = 0 [pid 6518] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] <... openat resumed>) = 8 [pid 6518] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] open("./file0", O_RDONLY) = 9 [pid 6518] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6518] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] <... ioctl resumed>) = 0 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6518] <... futex resumed>) = 0 [pid 6517] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6517] <... futex resumed>) = 0 [pid 6517] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6517] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6517] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6535]}, 88) = 6535 ./strace-static-x86_64: Process 6535 attached [pid 6535] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6517] rt_sigprocmask(SIG_SETMASK, [], [ 140.960424][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 140.982000][ T6518] BTRFS info (device loop0): balance: start -d -m [ 140.993354][ T6518] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6535] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6517] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 6517] <... futex resumed>) = 0 [pid 6517] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6535] <... openat resumed>) = 10 [pid 6535] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6517] <... futex resumed>) = 0 [pid 6535] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6517] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6517] <... futex resumed>) = 0 [pid 6535] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 141.041201][ T6518] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 141.065799][ T6518] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 141.076383][ T6518] BTRFS error (device loop0): dumping block entry [5373952 4096], num_refs 0, metadata 1, from disk 0 [pid 6517] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 141.087465][ T6518] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [ 141.096233][ T6518] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 141.107751][ T6518] __btrfs_cow_block+0x465/0x1a90 [ 141.113004][ T6518] btrfs_cow_block+0x35e/0xa10 [ 141.118804][ T6518] btrfs_search_slot+0xbf9/0x2f80 [ 141.124060][ T6518] btrfs_insert_empty_items+0x9c/0x180 [ 141.129856][ T6518] insert_with_overflow+0x150/0x3f0 [ 141.135294][ T6518] btrfs_insert_dir_item+0x243/0x630 [ 141.140785][ T6518] btrfs_add_link+0x270/0xc50 [ 141.145694][ T6518] btrfs_create_new_inode+0x1b3d/0x2710 [ 141.151443][ T6518] btrfs_create_common+0x1f9/0x300 [ 141.156841][ T6518] path_openat+0x13e7/0x3180 [ 141.161646][ T6518] do_filp_open+0x234/0x490 [ 141.166384][ T6518] do_sys_openat2+0x13e/0x1d0 [ 141.171271][ T6518] __x64_sys_creat+0x123/0x160 [ 141.176302][ T6518] do_syscall_64+0x41/0xc0 [ 141.180935][ T6518] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 141.187066][ T6518] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 141.200044][ T6518] __btrfs_cow_block+0xcca/0x1a90 [ 141.205284][ T6518] btrfs_cow_block+0x35e/0xa10 [ 141.210267][ T6518] btrfs_search_slot+0xbf9/0x2f80 [ 141.215527][ T6518] btrfs_lookup_inode+0xdc/0x480 [ 141.220684][ T6518] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 141.226833][ T6518] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 141.233618][ T6518] __btrfs_run_delayed_items+0x213/0x490 [pid 6517] exit_group(0) = ? [ 141.239511][ T6518] btrfs_commit_transaction+0x8a4/0x3730 [ 141.245394][ T6518] prepare_to_relocate+0x3c5/0x4c0 [ 141.250715][ T6518] relocate_block_group+0x17f/0xcd0 [ 141.256176][ T6518] btrfs_relocate_block_group+0x7ab/0xd70 [ 141.262114][ T6518] btrfs_relocate_chunk+0x12c/0x3b0 [ 141.267548][ T6518] __btrfs_balance+0x1b06/0x2690 [ 141.272968][ T6518] btrfs_balance+0xbd8/0x10d0 [ 141.277863][ T6518] btrfs_ioctl_balance+0x496/0x7c0 [ 141.283186][ T6518] __se_sys_ioctl+0xf8/0x170 [ 141.288039][ T6518] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [ 141.299879][ T6518] __btrfs_mod_ref+0x9b1/0xe20 [ 141.304882][ T6518] btrfs_copy_root+0x851/0xce0 [ 141.309849][ T6518] create_reloc_root+0x244/0x9a0 [ 141.315005][ T6518] btrfs_init_reloc_root+0x329/0x4e0 [ 141.320496][ T6518] record_root_in_trans+0x2c9/0x360 [ 141.325929][ T6518] qgroup_account_snapshot+0xa9/0x340 [ 141.331493][ T6518] create_pending_snapshot+0x1050/0x28b0 [pid 6535] <... ioctl resumed>) = ? [pid 6535] +++ exited with 0 +++ [ 141.337335][ T6518] create_pending_snapshots+0x195/0x1d0 [ 141.343077][ T6518] btrfs_commit_transaction+0xf1c/0x3730 [ 141.348925][ T6518] prepare_to_relocate+0x3c5/0x4c0 [ 141.354237][ T6518] relocate_block_group+0x17f/0xcd0 [ 141.359659][ T6518] btrfs_relocate_block_group+0x7ab/0xd70 [ 141.365640][ T6518] btrfs_relocate_chunk+0x12c/0x3b0 [ 141.371036][ T6518] __btrfs_balance+0x1b06/0x2690 [ 141.376207][ T6518] btrfs_balance+0xbd8/0x10d0 [ 141.381095][ T6518] btrfs_ioctl_balance+0x496/0x7c0 [pid 6518] <... ioctl resumed> ) = ? [pid 6518] +++ exited with 0 +++ [pid 6517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6517, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=71 /* 0.71 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 141.422089][ T6518] BTRFS info (device loop0): balance: canceled umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/bus") = 0 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6536 ./strace-static-x86_64: Process 6536 attached [pid 6536] set_robust_list(0x5555560fc760, 24) = 0 [pid 6536] chdir("./79") = 0 [pid 6536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6536] setpgid(0, 0) = 0 [pid 6536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6536] write(3, "1000", 4) = 4 [pid 6536] close(3) = 0 [pid 6536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6536] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6536] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6537 attached => {parent_tid=[6537]}, 88) = 6537 [pid 6537] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6536] rt_sigprocmask(SIG_SETMASK, [], [pid 6537] <... rseq resumed>) = 0 [pid 6537] set_robust_list(0x7f29736fa9a0, 24 [pid 6536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6537] <... set_robust_list resumed>) = 0 [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], [pid 6536] <... futex resumed>) = 0 [pid 6537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6537] memfd_create("syzkaller", 0) = 3 [pid 6537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6537] munmap(0x7f296b2da000, 138412032) = 0 [pid 6537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6537] close(3) = 0 [pid 6537] mkdir("./bus", 0777) = 0 [ 141.810350][ T6537] loop0: detected capacity change from 0 to 32768 [ 141.821116][ T6537] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6537) [ 141.837006][ T6537] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 141.847780][ T6537] BTRFS info (device loop0): doing ref verification [pid 6537] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6537] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6537] chdir("./bus") = 0 [pid 6537] ioctl(4, LOOP_CLR_FD) = 0 [pid 6537] close(4) = 0 [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6537] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6536] <... futex resumed>) = 0 [pid 6537] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6537] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6536] <... futex resumed>) = 0 [pid 6537] open("./file0", O_RDONLY [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... open resumed>) = 4 [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] creat("./file1", 000 [pid 6536] <... futex resumed>) = 0 [pid 6537] <... creat resumed>) = 5 [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] open("./file0", O_RDONLY) = 6 [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6537] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6537] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6536] <... futex resumed>) = 0 [ 141.854838][ T6537] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 141.865837][ T6537] BTRFS info (device loop0): force zlib compression, level 3 [ 141.873224][ T6537] BTRFS info (device loop0): allowing degraded mounts [ 141.880415][ T6537] BTRFS info (device loop0): using free space tree [ 141.901883][ T6537] BTRFS info (device loop0): auto enabling async discard [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... ioctl resumed>) = 0 [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] creat("./bus", 012 [pid 6536] <... futex resumed>) = 0 [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... creat resumed>) = 7 [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6537] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6537] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... openat resumed>) = 8 [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6537] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] open("./file0", O_RDONLY) = 9 [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6536] <... futex resumed>) = 0 [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... ioctl resumed>) = 0 [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6537] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6536] <... futex resumed>) = 0 [pid 6537] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 141.973117][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 6536] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6536] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6536] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6554 attached => {parent_tid=[6554]}, 88) = 6554 [pid 6554] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6536] rt_sigprocmask(SIG_SETMASK, [], [pid 6554] <... rseq resumed>) = 0 [pid 6536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6554] set_robust_list(0x7f29736d99a0, 24 [pid 6536] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... set_robust_list resumed>) = 0 [pid 6536] <... futex resumed>) = 0 [pid 6554] rt_sigprocmask(SIG_SETMASK, [], [pid 6536] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6554] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6554] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6554] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6536] <... futex resumed>) = 0 [pid 6554] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 142.015416][ T6537] BTRFS info (device loop0): balance: start -d -m [ 142.035263][ T6537] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6536] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6554] <... ioctl resumed>) = 0 [pid 6554] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [ 142.119397][ T6537] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 142.194306][ T6537] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6554] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6537] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6537] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6537] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] exit_group(0 [pid 6554] <... futex resumed>) = ? [pid 6554] +++ exited with 0 +++ [pid 6536] <... exit_group resumed>) = ? [pid 6537] <... futex resumed>) = ? [pid 6537] +++ exited with 0 +++ [pid 6536] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6536, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=51 /* 0.51 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 142.239067][ T6537] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 142.272078][ T6537] BTRFS info (device loop0): balance: ended with status: 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/bus") = 0 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6555 ./strace-static-x86_64: Process 6555 attached [pid 6555] set_robust_list(0x5555560fc760, 24) = 0 [pid 6555] chdir("./80") = 0 [pid 6555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6555] setpgid(0, 0) = 0 [pid 6555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6555] write(3, "1000", 4) = 4 [pid 6555] close(3) = 0 [pid 6555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6555] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6555] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6556]}, 88) = 6556 [pid 6555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6556 attached [pid 6556] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6556] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6556] memfd_create("syzkaller", 0) = 3 [pid 6556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6556] munmap(0x7f296b2da000, 138412032) = 0 [pid 6556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6556] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6556] close(3) = 0 [pid 6556] mkdir("./bus", 0777) = 0 [ 142.646038][ T6556] loop0: detected capacity change from 0 to 32768 [ 142.655757][ T6556] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6556) [ 142.672913][ T6556] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 142.681746][ T6556] BTRFS info (device loop0): doing ref verification [pid 6556] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6556] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6556] chdir("./bus") = 0 [pid 6556] ioctl(4, LOOP_CLR_FD) = 0 [pid 6556] close(4) = 0 [pid 6556] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6556] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6555] <... futex resumed>) = 0 [pid 6556] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6556] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6556] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6556] open("./file0", O_RDONLY [pid 6555] <... futex resumed>) = 0 [pid 6556] <... open resumed>) = 4 [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... futex resumed>) = 1 [pid 6556] creat("./file1", 000) = 5 [pid 6556] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6556] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6555] <... futex resumed>) = 0 [pid 6556] open("./file0", O_RDONLY [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... open resumed>) = 6 [pid 6556] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = 0 [pid 6556] <... futex resumed>) = 1 [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... ioctl resumed>) = 0 [pid 6556] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6556] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = 0 [pid 6555] <... futex resumed>) = 1 [pid 6556] creat("./bus", 012 [ 142.688391][ T6556] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 142.699532][ T6556] BTRFS info (device loop0): force zlib compression, level 3 [ 142.707245][ T6556] BTRFS info (device loop0): allowing degraded mounts [ 142.714016][ T6556] BTRFS info (device loop0): using free space tree [ 142.735125][ T6556] BTRFS info (device loop0): auto enabling async discard [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... creat resumed>) = 7 [pid 6556] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6556] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] <... openat resumed>) = 8 [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] open("./file0", O_RDONLY [pid 6555] <... futex resumed>) = 0 [pid 6556] <... open resumed>) = 9 [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = 0 [pid 6555] <... futex resumed>) = 1 [pid 6556] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] <... ioctl resumed>) = 0 [pid 6556] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6556] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6555] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6555] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6555] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6555] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 142.800225][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 142.828194][ T6556] BTRFS info (device loop0): balance: start -d -m [ 142.837642][ T6556] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6573]}, 88) = 6573 [pid 6555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6555] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6573 attached [pid 6573] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6573] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6573] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6573] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6573] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6555] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6573] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 6573] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6555] <... futex resumed>) = 0 [pid 6573] <... futex resumed>) = 1 [ 142.938894][ T6556] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6573] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6555] exit_group(0) = ? [pid 6573] <... futex resumed>) = ? [pid 6573] +++ exited with 0 +++ [ 143.044778][ T6556] BTRFS info (device loop0): found 11 extents, stage: move data extents [ 143.125970][ T6556] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6556] <... ioctl resumed> ) = ? [pid 6556] +++ exited with 0 +++ [pid 6555] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6555, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 143.178758][ T6556] BTRFS info (device loop0): balance: ended with status: 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/bus") = 0 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6574 attached , child_tidptr=0x5555560fc750) = 6574 [pid 6574] set_robust_list(0x5555560fc760, 24) = 0 [pid 6574] chdir("./81") = 0 [pid 6574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6574] setpgid(0, 0) = 0 [pid 6574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6574] write(3, "1000", 4) = 4 [pid 6574] close(3) = 0 [pid 6574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6574] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6574] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6574] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6574] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6575]}, 88) = 6575 [pid 6574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6575 attached [pid 6575] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6575] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6575] memfd_create("syzkaller", 0) = 3 [pid 6575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6575] munmap(0x7f296b2da000, 138412032) = 0 [pid 6575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6575] close(3) = 0 [pid 6575] mkdir("./bus", 0777) = 0 [ 143.699618][ T6575] loop0: detected capacity change from 0 to 32768 [ 143.710806][ T6575] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6575) [ 143.728306][ T6575] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 143.737151][ T6575] BTRFS info (device loop0): doing ref verification [pid 6575] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6575] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6575] chdir("./bus") = 0 [pid 6575] ioctl(4, LOOP_CLR_FD) = 0 [pid 6575] close(4) = 0 [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] <... futex resumed>) = 0 [pid 6575] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] <... futex resumed>) = 0 [pid 6574] <... futex resumed>) = 1 [pid 6575] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] <... futex resumed>) = 0 [pid 6575] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6574] <... futex resumed>) = 0 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] open("./file0", O_RDONLY) = 4 [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6574] <... futex resumed>) = 0 [pid 6575] <... futex resumed>) = 1 [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] creat("./file1", 000 [pid 6574] <... futex resumed>) = 0 [pid 6575] <... creat resumed>) = 5 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] <... futex resumed>) = 0 [ 143.743896][ T6575] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 143.754807][ T6575] BTRFS info (device loop0): force zlib compression, level 3 [ 143.762248][ T6575] BTRFS info (device loop0): allowing degraded mounts [ 143.769149][ T6575] BTRFS info (device loop0): using free space tree [ 143.791602][ T6575] BTRFS info (device loop0): auto enabling async discard [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] open("./file0", O_RDONLY) = 6 [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] <... futex resumed>) = 0 [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6574] <... futex resumed>) = 0 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] <... ioctl resumed>) = 0 [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] <... futex resumed>) = 0 [pid 6575] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6574] <... futex resumed>) = 0 [pid 6575] creat("./bus", 012 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] <... creat resumed>) = 7 [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] <... futex resumed>) = 0 [pid 6575] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6574] <... futex resumed>) = 0 [pid 6575] <... openat resumed>) = 8 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] <... futex resumed>) = 0 [pid 6575] open("./file0", O_RDONLY [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] <... open resumed>) = 9 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6575] <... futex resumed>) = 0 [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6574] <... futex resumed>) = 0 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6575] <... ioctl resumed>) = 0 [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6574] <... futex resumed>) = 0 [pid 6575] <... futex resumed>) = 1 [pid 6574] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6574] <... futex resumed>) = 0 [pid 6574] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6574] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6574] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6574] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6592 attached [pid 6592] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6592] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6592] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6574] <... clone3 resumed> => {parent_tid=[6592]}, 88) = 6592 [pid 6574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6574] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6592] <... futex resumed>) = 0 [pid 6592] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [ 143.869436][ T48] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 143.897669][ T6575] BTRFS info (device loop0): balance: start -d -m [ 143.908207][ T6575] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6574] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] <... openat resumed>) = 10 [pid 6592] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6592] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6574] <... futex resumed>) = 0 [pid 6574] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6592] <... futex resumed>) = 0 [pid 6574] <... futex resumed>) = 1 [pid 6574] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 6574] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6592] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 144.012005][ T6575] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 144.086364][ T6575] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6592] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6575] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6574] exit_group(0 [pid 6592] <... futex resumed>) = ? [pid 6574] <... exit_group resumed>) = ? [pid 6592] +++ exited with 0 +++ [pid 6575] <... futex resumed>) = ? [pid 6575] +++ exited with 0 +++ [pid 6574] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6574, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 144.131437][ T6575] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 144.168268][ T6575] BTRFS info (device loop0): balance: ended with status: 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/bus") = 0 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6593 ./strace-static-x86_64: Process 6593 attached [pid 6593] set_robust_list(0x5555560fc760, 24) = 0 [pid 6593] chdir("./82") = 0 [pid 6593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6593] setpgid(0, 0) = 0 [pid 6593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6593] write(3, "1000", 4) = 4 [pid 6593] close(3) = 0 [pid 6593] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6593] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6593] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6593] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6593] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6593] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6594 attached => {parent_tid=[6594]}, 88) = 6594 [pid 6594] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6594] <... rseq resumed>) = 0 [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6594] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6594] memfd_create("syzkaller", 0) = 3 [pid 6594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6594] munmap(0x7f296b2da000, 138412032) = 0 [pid 6594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6594] close(3) = 0 [pid 6594] mkdir("./bus", 0777) = 0 [ 144.568009][ T6594] loop0: detected capacity change from 0 to 32768 [ 144.577948][ T6594] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6594) [ 144.594649][ T6594] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 144.603375][ T6594] BTRFS info (device loop0): doing ref verification [pid 6594] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6594] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6594] chdir("./bus") = 0 [pid 6594] ioctl(4, LOOP_CLR_FD) = 0 [pid 6594] close(4) = 0 [pid 6594] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6594] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] <... futex resumed>) = 0 [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6594] <... futex resumed>) = 0 [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6594] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6593] <... futex resumed>) = 0 [pid 6594] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6593] <... futex resumed>) = 0 [pid 6594] open("./file0", O_RDONLY [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] <... open resumed>) = 4 [pid 6594] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6593] <... futex resumed>) = 0 [pid 6594] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6593] <... futex resumed>) = 0 [pid 6594] creat("./file1", 000 [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] <... creat resumed>) = 5 [pid 6594] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6593] <... futex resumed>) = 0 [pid 6594] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6593] <... futex resumed>) = 0 [pid 6594] open("./file0", O_RDONLY [ 144.610518][ T6594] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 144.621357][ T6594] BTRFS info (device loop0): force zlib compression, level 3 [ 144.628829][ T6594] BTRFS info (device loop0): allowing degraded mounts [ 144.635660][ T6594] BTRFS info (device loop0): using free space tree [ 144.657712][ T6594] BTRFS info (device loop0): auto enabling async discard [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] <... open resumed>) = 6 [pid 6594] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6593] <... futex resumed>) = 0 [pid 6594] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6593] <... futex resumed>) = 0 [pid 6594] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] <... ioctl resumed>) = 0 [pid 6594] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6593] <... futex resumed>) = 0 [pid 6594] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6593] <... futex resumed>) = 0 [pid 6594] creat("./bus", 012 [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] <... creat resumed>) = 7 [pid 6594] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6593] <... futex resumed>) = 0 [pid 6594] <... futex resumed>) = 1 [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6593] <... futex resumed>) = 0 [pid 6594] <... openat resumed>) = 8 [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6594] <... futex resumed>) = 0 [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] open("./file0", O_RDONLY [pid 6593] <... futex resumed>) = 0 [pid 6594] <... open resumed>) = 9 [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6594] <... futex resumed>) = 0 [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6593] <... futex resumed>) = 0 [pid 6594] <... ioctl resumed>) = 0 [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6594] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6593] <... futex resumed>) = 0 [pid 6594] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6593] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6593] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6593] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6593] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6593] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6611]}, 88) = 6611 [pid 6593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6593] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6611 attached [pid 6611] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6611] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6611] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6611] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6593] <... futex resumed>) = 0 [pid 6593] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6611] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6593] <... futex resumed>) = 0 [ 144.765818][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 144.779618][ T6594] BTRFS info (device loop0): balance: start -d -m [ 144.795005][ T6594] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6593] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6611] <... ioctl resumed>) = 0 [pid 6593] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6611] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 144.882534][ T6594] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 144.945439][ T6594] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6611] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] exit_group(0 [pid 6611] <... futex resumed>) = ? [pid 6593] <... exit_group resumed>) = ? [pid 6611] +++ exited with 0 +++ [pid 6594] <... ioctl resumed> ) = ? [pid 6594] +++ exited with 0 +++ [pid 6593] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6593, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 144.991232][ T6594] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 145.026626][ T6594] BTRFS info (device loop0): balance: ended with status: 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/bus") = 0 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6612 ./strace-static-x86_64: Process 6612 attached [pid 6612] set_robust_list(0x5555560fc760, 24) = 0 [pid 6612] chdir("./83") = 0 [pid 6612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6612] setpgid(0, 0) = 0 [pid 6612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6612] write(3, "1000", 4) = 4 [pid 6612] close(3) = 0 [pid 6612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6612] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6612] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6613 attached => {parent_tid=[6613]}, 88) = 6613 [pid 6612] rt_sigprocmask(SIG_SETMASK, [], [pid 6613] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6613] <... rseq resumed>) = 0 [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] set_robust_list(0x7f29736fa9a0, 24 [pid 6612] <... futex resumed>) = 0 [pid 6613] <... set_robust_list resumed>) = 0 [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6613] memfd_create("syzkaller", 0) = 3 [pid 6613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6613] munmap(0x7f296b2da000, 138412032) = 0 [pid 6613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6613] close(3) = 0 [pid 6613] mkdir("./bus", 0777) = 0 [ 145.407911][ T6613] loop0: detected capacity change from 0 to 32768 [ 145.417880][ T6613] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6613) [ 145.434668][ T6613] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 145.443866][ T6613] BTRFS info (device loop0): doing ref verification [ 145.450939][ T6613] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 145.461814][ T6613] BTRFS info (device loop0): force zlib compression, level 3 [ 145.469361][ T6613] BTRFS info (device loop0): allowing degraded mounts [ 145.476185][ T6613] BTRFS info (device loop0): using free space tree [pid 6613] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6613] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6613] chdir("./bus") = 0 [pid 6613] ioctl(4, LOOP_CLR_FD) = 0 [pid 6613] close(4) = 0 [pid 6613] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6612] <... futex resumed>) = 0 [pid 6613] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] <... futex resumed>) = 0 [pid 6612] <... futex resumed>) = 1 [pid 6613] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6613] <... futex resumed>) = 0 [pid 6613] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6612] <... futex resumed>) = 0 [pid 6613] open("./file0", O_RDONLY [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... open resumed>) = 4 [pid 6613] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... futex resumed>) = 1 [pid 6613] creat("./file1", 000) = 5 [pid 6613] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6612] <... futex resumed>) = 0 [pid 6613] open("./file0", O_RDONLY [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... open resumed>) = 6 [pid 6613] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 145.498696][ T6613] BTRFS info (device loop0): auto enabling async discard [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... ioctl resumed>) = 0 [pid 6613] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6613] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] <... futex resumed>) = 0 [pid 6612] <... futex resumed>) = 1 [pid 6613] creat("./bus", 012 [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] <... creat resumed>) = 7 [pid 6613] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6613] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6613] <... futex resumed>) = 0 [pid 6613] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6613] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] <... futex resumed>) = 0 [pid 6612] <... futex resumed>) = 1 [pid 6613] open("./file0", O_RDONLY) = 9 [pid 6613] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] <... futex resumed>) = 0 [pid 6612] <... futex resumed>) = 1 [pid 6613] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6613] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6613] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6612] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6613] <... futex resumed>) = 0 [pid 6612] <... futex resumed>) = 1 [pid 6613] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 145.590591][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 145.622870][ T6613] BTRFS info (device loop0): balance: start -d -m [pid 6612] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6612] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6612] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6630]}, 88) = 6630 [pid 6612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6612] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6612] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6630 attached [pid 6630] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6630] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6630] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6630] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6630] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6612] <... futex resumed>) = 0 [pid 6630] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6612] <... futex resumed>) = 0 [pid 6630] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 145.636197][ T6613] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6612] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6630] <... ioctl resumed>) = 0 [pid 6630] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6612] <... futex resumed>) = 0 [ 145.712297][ T6613] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 145.771048][ T6613] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6630] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] exit_group(0 [pid 6630] <... futex resumed>) = ? [pid 6612] <... exit_group resumed>) = ? [pid 6630] +++ exited with 0 +++ [pid 6613] <... ioctl resumed> ) = ? [pid 6613] +++ exited with 0 +++ [pid 6612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6612, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 145.813961][ T6613] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 145.847476][ T6613] BTRFS info (device loop0): balance: ended with status: 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/bus") = 0 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6631 ./strace-static-x86_64: Process 6631 attached [pid 6631] set_robust_list(0x5555560fc760, 24) = 0 [pid 6631] chdir("./84") = 0 [pid 6631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6631] setpgid(0, 0) = 0 [pid 6631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6631] write(3, "1000", 4) = 4 [pid 6631] close(3) = 0 [pid 6631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6631] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6631] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6631] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6631] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6631] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6632]}, 88) = 6632 [pid 6631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6632 attached ) = 0 [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6632] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6632] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6632] memfd_create("syzkaller", 0) = 3 [pid 6632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6632] munmap(0x7f296b2da000, 138412032) = 0 [pid 6632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6632] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6632] close(3) = 0 [pid 6632] mkdir("./bus", 0777) = 0 [ 146.224840][ T6632] loop0: detected capacity change from 0 to 32768 [ 146.235177][ T6632] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6632) [ 146.251452][ T6632] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 146.260240][ T6632] BTRFS info (device loop0): doing ref verification [pid 6632] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6632] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6632] chdir("./bus") = 0 [pid 6632] ioctl(4, LOOP_CLR_FD) = 0 [pid 6632] close(4) = 0 [pid 6632] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] <... futex resumed>) = 0 [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = 0 [pid 6631] <... futex resumed>) = 1 [pid 6632] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6632] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = 0 [pid 6631] <... futex resumed>) = 1 [pid 6632] open("./file0", O_RDONLY [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] <... open resumed>) = 4 [pid 6632] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] <... futex resumed>) = 0 [pid 6632] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = 0 [pid 6631] <... futex resumed>) = 1 [pid 6632] creat("./file1", 000 [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] <... creat resumed>) = 5 [pid 6632] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] <... futex resumed>) = 0 [pid 6632] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = 0 [pid 6632] open("./file0", O_RDONLY [pid 6631] <... futex resumed>) = 1 [pid 6632] <... open resumed>) = 6 [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6632] <... futex resumed>) = 0 [ 146.266869][ T6632] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 146.277664][ T6632] BTRFS info (device loop0): force zlib compression, level 3 [ 146.285166][ T6632] BTRFS info (device loop0): allowing degraded mounts [ 146.291930][ T6632] BTRFS info (device loop0): using free space tree [ 146.313518][ T6632] BTRFS info (device loop0): auto enabling async discard [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6631] <... futex resumed>) = 0 [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] <... ioctl resumed>) = 0 [pid 6632] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] <... futex resumed>) = 0 [pid 6632] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6631] <... futex resumed>) = 0 [pid 6632] creat("./bus", 012 [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] <... creat resumed>) = 7 [pid 6632] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] <... futex resumed>) = 0 [pid 6632] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6631] <... futex resumed>) = 0 [pid 6632] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] <... openat resumed>) = 8 [pid 6632] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] <... futex resumed>) = 0 [pid 6632] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6631] <... futex resumed>) = 0 [pid 6632] open("./file0", O_RDONLY [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] <... open resumed>) = 9 [pid 6632] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] <... futex resumed>) = 0 [pid 6632] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6631] <... futex resumed>) = 0 [pid 6632] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] <... ioctl resumed>) = 0 [pid 6632] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6631] <... futex resumed>) = 0 [pid 6632] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6631] <... futex resumed>) = 0 [pid 6632] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6631] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6631] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6631] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6631] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 146.409351][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 146.432134][ T6632] BTRFS info (device loop0): balance: start -d -m [ 146.442529][ T6632] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6649 attached => {parent_tid=[6649]}, 88) = 6649 [pid 6631] rt_sigprocmask(SIG_SETMASK, [], [pid 6649] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6631] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... rseq resumed>) = 0 [pid 6649] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6649] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6649] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6649] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 6631] <... futex resumed>) = 1 [pid 6649] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6631] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = 0 [pid 6631] <... futex resumed>) = 1 [pid 6649] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 146.483403][ T6632] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 146.502834][ T6649] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 146.513474][ T6649] BTRFS error (device loop0): dumping block entry [5373952 4096], num_refs 0, metadata 1, from disk 0 [ 146.524603][ T6649] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [pid 6631] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 146.533299][ T6649] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 146.544870][ T6649] __btrfs_cow_block+0x465/0x1a90 [ 146.550105][ T6649] btrfs_cow_block+0x35e/0xa10 [ 146.555090][ T6649] btrfs_search_slot+0xbf9/0x2f80 [ 146.560307][ T6649] btrfs_insert_empty_items+0x9c/0x180 [ 146.566014][ T6649] insert_with_overflow+0x150/0x3f0 [ 146.571425][ T6649] btrfs_insert_dir_item+0x243/0x630 [ 146.577012][ T6649] btrfs_add_link+0x270/0xc50 [ 146.581895][ T6649] btrfs_create_new_inode+0x1b3d/0x2710 [ 146.587728][ T6649] btrfs_create_common+0x1f9/0x300 [ 146.593058][ T6649] path_openat+0x13e7/0x3180 [ 146.598083][ T6649] do_filp_open+0x234/0x490 [ 146.602798][ T6649] do_sys_openat2+0x13e/0x1d0 [ 146.607722][ T6649] __x64_sys_creat+0x123/0x160 [ 146.612699][ T6649] do_syscall_64+0x41/0xc0 [ 146.617355][ T6649] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 146.623452][ T6649] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 146.636434][ T6649] __btrfs_cow_block+0xcca/0x1a90 [ 146.641676][ T6649] btrfs_cow_block+0x35e/0xa10 [ 146.646724][ T6649] btrfs_search_slot+0xbf9/0x2f80 [ 146.651962][ T6649] btrfs_lookup_inode+0xdc/0x480 [ 146.657147][ T6649] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 146.663266][ T6649] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 146.670087][ T6649] __btrfs_run_delayed_items+0x213/0x490 [ 146.675955][ T6649] btrfs_commit_transaction+0x8a4/0x3730 [ 146.681837][ T6649] create_snapshot+0x4a5/0x7e0 [ 146.686849][ T6649] btrfs_mksubvol+0x5d0/0x750 [ 146.691752][ T6649] btrfs_mksnapshot+0xb5/0xf0 [ 146.696707][ T6649] __btrfs_ioctl_snap_create+0x344/0x460 [ 146.702573][ T6649] btrfs_ioctl_snap_create+0x13c/0x190 [ 146.708300][ T6649] btrfs_ioctl+0xbbf/0xd40 [ 146.712946][ T6649] __se_sys_ioctl+0xf8/0x170 [ 146.717799][ T6649] do_syscall_64+0x41/0xc0 [ 146.722424][ T6649] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [pid 6631] exit_group(0) = ? [ 146.734302][ T6649] __btrfs_mod_ref+0x9b1/0xe20 [ 146.739324][ T6649] btrfs_copy_root+0x851/0xce0 [ 146.744948][ T6649] create_reloc_root+0x244/0x9a0 [ 146.750104][ T6649] btrfs_init_reloc_root+0x329/0x4e0 [ 146.755630][ T6649] record_root_in_trans+0x2c9/0x360 [ 146.761054][ T6649] qgroup_account_snapshot+0xa9/0x340 [ 146.766706][ T6649] create_pending_snapshot+0x1050/0x28b0 [ 146.772533][ T6649] create_pending_snapshots+0x195/0x1d0 [ 146.778295][ T6649] btrfs_commit_transaction+0xf1c/0x3730 [pid 6649] <... ioctl resumed>) = ? [pid 6649] +++ exited with 0 +++ [ 146.784126][ T6649] create_snapshot+0x4a5/0x7e0 [ 146.789147][ T6649] btrfs_mksubvol+0x5d0/0x750 [ 146.794041][ T6649] btrfs_mksnapshot+0xb5/0xf0 [ 146.798944][ T6649] __btrfs_ioctl_snap_create+0x344/0x460 [ 146.804810][ T6649] btrfs_ioctl_snap_create+0x13c/0x190 [ 146.810446][ T6649] btrfs_ioctl+0xbbf/0xd40 [ 146.815100][ T6649] __se_sys_ioctl+0xf8/0x170 [pid 6632] <... ioctl resumed> ) = ? [pid 6632] +++ exited with 0 +++ [pid 6631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6631, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=60 /* 0.60 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 146.846492][ T6632] BTRFS info (device loop0): balance: canceled umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/bus") = 0 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6650 attached , child_tidptr=0x5555560fc750) = 6650 [pid 6650] set_robust_list(0x5555560fc760, 24) = 0 [pid 6650] chdir("./85") = 0 [pid 6650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6650] setpgid(0, 0) = 0 [pid 6650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6650] write(3, "1000", 4) = 4 [pid 6650] close(3) = 0 [pid 6650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6650] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6650] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6650] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6650] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6651]}, 88) = 6651 [pid 6650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6651 attached [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6651] <... rseq resumed>) = 0 [pid 6651] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6651] memfd_create("syzkaller", 0) = 3 [pid 6651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6651] munmap(0x7f296b2da000, 138412032) = 0 [pid 6651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6651] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6651] close(3) = 0 [pid 6651] mkdir("./bus", 0777) = 0 [ 147.220827][ T6651] loop0: detected capacity change from 0 to 32768 [ 147.231281][ T6651] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6651) [ 147.247520][ T6651] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 147.256903][ T6651] BTRFS info (device loop0): doing ref verification [pid 6651] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6651] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6651] chdir("./bus") = 0 [pid 6651] ioctl(4, LOOP_CLR_FD) = 0 [pid 6651] close(4) = 0 [pid 6651] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6650] <... futex resumed>) = 0 [pid 6651] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6650] <... futex resumed>) = 0 [pid 6651] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6651] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] open("./file0", O_RDONLY) = 4 [pid 6651] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] creat("./file1", 000) = 5 [pid 6651] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] <... futex resumed>) = 1 [pid 6651] open("./file0", O_RDONLY) = 6 [pid 6651] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] <... futex resumed>) = 1 [pid 6651] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6651] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6651] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6650] <... futex resumed>) = 0 [ 147.263737][ T6651] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 147.274648][ T6651] BTRFS info (device loop0): force zlib compression, level 3 [ 147.282065][ T6651] BTRFS info (device loop0): allowing degraded mounts [ 147.288936][ T6651] BTRFS info (device loop0): using free space tree [ 147.309742][ T6651] BTRFS info (device loop0): auto enabling async discard [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6650] <... futex resumed>) = 1 [pid 6651] creat("./bus", 012 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] <... creat resumed>) = 7 [pid 6651] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] <... futex resumed>) = 1 [pid 6651] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6651] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] <... futex resumed>) = 1 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] open("./file0", O_RDONLY) = 9 [pid 6651] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6650] <... futex resumed>) = 0 [pid 6651] <... ioctl resumed>) = 0 [pid 6651] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6651] <... futex resumed>) = 0 [pid 6650] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6650] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6650] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6650] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6650] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6668 attached [pid 6668] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6650] <... clone3 resumed> => {parent_tid=[6668]}, 88) = 6668 [pid 6668] <... rseq resumed>) = 0 [pid 6650] rt_sigprocmask(SIG_SETMASK, [], [pid 6668] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6668] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6650] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6668] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6668] <... openat resumed>) = 10 [pid 6668] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6650] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6668] <... futex resumed>) = 0 [pid 6668] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6650] <... futex resumed>) = 0 [ 147.382087][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 147.396661][ T6651] BTRFS info (device loop0): balance: start -d -m [ 147.407882][ T6651] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6650] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6668] <... ioctl resumed>) = 0 [pid 6668] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6650] <... futex resumed>) = 0 [ 147.496522][ T6651] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 147.570174][ T6651] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6668] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6650] exit_group(0 [pid 6668] <... futex resumed>) = ? [pid 6650] <... exit_group resumed>) = ? [pid 6668] +++ exited with 0 +++ [pid 6651] <... ioctl resumed> ) = ? [pid 6651] +++ exited with 0 +++ [pid 6650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6650, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 147.614035][ T6651] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 147.649169][ T6651] BTRFS info (device loop0): balance: ended with status: 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/bus") = 0 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6669 ./strace-static-x86_64: Process 6669 attached [pid 6669] set_robust_list(0x5555560fc760, 24) = 0 [pid 6669] chdir("./86") = 0 [pid 6669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6669] setpgid(0, 0) = 0 [pid 6669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6669] write(3, "1000", 4) = 4 [pid 6669] close(3) = 0 [pid 6669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6669] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6669] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6670]}, 88) = 6670 [pid 6669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6670 attached [pid 6670] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6670] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6670] memfd_create("syzkaller", 0) = 3 [pid 6670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6670] munmap(0x7f296b2da000, 138412032) = 0 [pid 6670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6670] close(3) = 0 [pid 6670] mkdir("./bus", 0777) = 0 [ 148.031590][ T6670] loop0: detected capacity change from 0 to 32768 [ 148.041693][ T6670] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6670) [ 148.060316][ T6670] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 148.069156][ T6670] BTRFS info (device loop0): doing ref verification [pid 6670] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6670] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6670] chdir("./bus") = 0 [pid 6670] ioctl(4, LOOP_CLR_FD) = 0 [pid 6670] close(4) = 0 [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6670] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] open("./file0", O_RDONLY [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] <... open resumed>) = 4 [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = 0 [pid 6670] <... futex resumed>) = 1 [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] creat("./file1", 000 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] <... creat resumed>) = 5 [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] open("./file0", O_RDONLY [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] <... open resumed>) = 6 [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 148.075889][ T6670] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 148.086737][ T6670] BTRFS info (device loop0): force zlib compression, level 3 [ 148.094129][ T6670] BTRFS info (device loop0): allowing degraded mounts [ 148.100966][ T6670] BTRFS info (device loop0): using free space tree [ 148.122523][ T6670] BTRFS info (device loop0): auto enabling async discard [pid 6670] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6670] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] creat("./bus", 012 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] <... creat resumed>) = 7 [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = 0 [pid 6670] <... futex resumed>) = 1 [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] <... openat resumed>) = 8 [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] open("./file0", O_RDONLY [pid 6669] <... futex resumed>) = 0 [pid 6670] <... open resumed>) = 9 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6670] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6669] <... futex resumed>) = 0 [pid 6670] <... ioctl resumed>) = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6670] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6669] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6669] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 148.206126][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 148.235778][ T6670] BTRFS info (device loop0): balance: start -d -m [ 148.245754][ T6670] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6687 attached [pid 6687] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6669] <... clone3 resumed> => {parent_tid=[6687]}, 88) = 6687 [pid 6687] <... rseq resumed>) = 0 [pid 6669] rt_sigprocmask(SIG_SETMASK, [], [pid 6687] set_robust_list(0x7f29736d99a0, 24 [pid 6669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6687] <... set_robust_list resumed>) = 0 [pid 6669] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6687] rt_sigprocmask(SIG_SETMASK, [], [pid 6669] <... futex resumed>) = 0 [pid 6687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6669] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6687] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6687] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6687] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6669] <... futex resumed>) = 0 [pid 6687] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6669] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] <... ioctl resumed>) = 0 [pid 6669] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6687] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 148.344514][ T6670] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 148.409226][ T6670] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6687] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6670] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6670] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] exit_group(0) = ? [pid 6670] <... futex resumed>) = ? [pid 6687] <... futex resumed>) = ? [pid 6670] +++ exited with 0 +++ [pid 6687] +++ exited with 0 +++ [pid 6669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6669, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=52 /* 0.52 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 148.452396][ T6670] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 148.486915][ T6670] BTRFS info (device loop0): balance: ended with status: 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/bus") = 0 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6688 ./strace-static-x86_64: Process 6688 attached [pid 6688] set_robust_list(0x5555560fc760, 24) = 0 [pid 6688] chdir("./87") = 0 [pid 6688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6688] setpgid(0, 0) = 0 [pid 6688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6688] write(3, "1000", 4) = 4 [pid 6688] close(3) = 0 [pid 6688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6688] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6688] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6688] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6689]}, 88) = 6689 [pid 6688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6689 attached [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6688] <... futex resumed>) = 0 [pid 6689] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6689] memfd_create("syzkaller", 0) = 3 [pid 6689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6689] munmap(0x7f296b2da000, 138412032) = 0 [pid 6689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6689] close(3) = 0 [pid 6689] mkdir("./bus", 0777) = 0 [ 148.886511][ T6689] loop0: detected capacity change from 0 to 32768 [ 148.897784][ T6689] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6689) [ 148.913465][ T6689] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 148.922483][ T6689] BTRFS info (device loop0): doing ref verification [ 148.929292][ T6689] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 148.940203][ T6689] BTRFS info (device loop0): force zlib compression, level 3 [ 148.947992][ T6689] BTRFS info (device loop0): allowing degraded mounts [ 148.954992][ T6689] BTRFS info (device loop0): using free space tree [pid 6689] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6689] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6689] chdir("./bus") = 0 [pid 6689] ioctl(4, LOOP_CLR_FD) = 0 [pid 6689] close(4) = 0 [pid 6689] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] <... futex resumed>) = 0 [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] <... futex resumed>) = 0 [pid 6689] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] <... futex resumed>) = 0 [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] open("./file0", O_RDONLY) = 4 [pid 6689] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] <... futex resumed>) = 0 [pid 6689] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... futex resumed>) = 0 [pid 6688] <... futex resumed>) = 1 [pid 6689] creat("./file1", 000) = 5 [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] <... futex resumed>) = 0 [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] open("./file0", O_RDONLY) = 6 [pid 6689] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] <... futex resumed>) = 0 [pid 6689] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6688] <... futex resumed>) = 0 [pid 6689] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 148.977520][ T6689] BTRFS info (device loop0): auto enabling async discard [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] <... ioctl resumed>) = 0 [pid 6689] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] <... futex resumed>) = 0 [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... futex resumed>) = 0 [pid 6689] creat("./bus", 012) = 7 [pid 6688] <... futex resumed>) = 1 [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] <... futex resumed>) = 0 [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] <... futex resumed>) = 0 [pid 6689] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6689] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] <... futex resumed>) = 0 [pid 6689] open("./file0", O_RDONLY) = 9 [pid 6689] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] <... futex resumed>) = 0 [pid 6689] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6689] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6688] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] <... futex resumed>) = 0 [pid 6689] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6688] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6688] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6688] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6706]}, 88) = 6706 [pid 6688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6688] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 149.061161][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 149.089710][ T6689] BTRFS info (device loop0): balance: start -d -m [ 149.100643][ T6689] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6688] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6706 attached [pid 6706] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6706] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6706] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6706] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6688] <... futex resumed>) = 0 [pid 6688] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6688] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 149.152546][ T6689] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 149.173253][ T6706] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 149.183847][ T6706] BTRFS error (device loop0): dumping block entry [5398528 4096], num_refs 0, metadata 1, from disk 0 [pid 6706] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6688] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 149.195016][ T6706] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [ 149.203745][ T6706] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 149.215103][ T6706] __btrfs_cow_block+0x465/0x1a90 [ 149.220349][ T6706] btrfs_cow_block+0x35e/0xa10 [ 149.225670][ T6706] btrfs_search_slot+0xbf9/0x2f80 [ 149.231359][ T6706] btrfs_insert_empty_items+0x9c/0x180 [ 149.237161][ T6706] insert_with_overflow+0x150/0x3f0 [ 149.242588][ T6706] btrfs_insert_dir_item+0x243/0x630 [ 149.248147][ T6706] btrfs_add_link+0x270/0xc50 [ 149.253029][ T6706] btrfs_create_new_inode+0x1b3d/0x2710 [ 149.258820][ T6706] btrfs_create_common+0x1f9/0x300 [ 149.264135][ T6706] path_openat+0x13e7/0x3180 [ 149.268964][ T6706] do_filp_open+0x234/0x490 [ 149.273673][ T6706] do_sys_openat2+0x13e/0x1d0 [ 149.278583][ T6706] __x64_sys_creat+0x123/0x160 [ 149.283739][ T6706] do_syscall_64+0x41/0xc0 [ 149.288421][ T6706] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 149.294560][ T6706] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 149.307539][ T6706] __btrfs_cow_block+0xcca/0x1a90 [ 149.312766][ T6706] btrfs_cow_block+0x35e/0xa10 [ 149.317785][ T6706] btrfs_search_slot+0xbf9/0x2f80 [ 149.323010][ T6706] btrfs_lookup_inode+0xdc/0x480 [ 149.328201][ T6706] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 149.334305][ T6706] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 149.341130][ T6706] __btrfs_run_delayed_items+0x213/0x490 [ 149.347004][ T6706] btrfs_commit_transaction+0x8a4/0x3730 [pid 6688] exit_group(0) = ? [ 149.352841][ T6706] create_snapshot+0x4a5/0x7e0 [ 149.357853][ T6706] btrfs_mksubvol+0x5d0/0x750 [ 149.362741][ T6706] btrfs_mksnapshot+0xb5/0xf0 [ 149.367689][ T6706] __btrfs_ioctl_snap_create+0x344/0x460 [ 149.373537][ T6706] btrfs_ioctl_snap_create+0x13c/0x190 [ 149.379595][ T6706] btrfs_ioctl+0xbbf/0xd40 [ 149.384210][ T6706] __se_sys_ioctl+0xf8/0x170 [ 149.389058][ T6706] do_syscall_64+0x41/0xc0 [ 149.393675][ T6706] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [ 149.405521][ T6706] __btrfs_mod_ref+0x9b1/0xe20 [ 149.410503][ T6706] btrfs_copy_root+0x851/0xce0 [ 149.415516][ T6706] create_reloc_root+0x244/0x9a0 [ 149.420674][ T6706] btrfs_init_reloc_root+0x329/0x4e0 [ 149.426201][ T6706] record_root_in_trans+0x2c9/0x360 [ 149.431604][ T6706] qgroup_account_snapshot+0xa9/0x340 [ 149.437198][ T6706] create_pending_snapshot+0x1050/0x28b0 [ 149.443027][ T6706] create_pending_snapshots+0x195/0x1d0 [pid 6706] <... ioctl resumed>) = ? [pid 6706] +++ exited with 0 +++ [ 149.448809][ T6706] btrfs_commit_transaction+0xf1c/0x3730 [ 149.454706][ T6706] create_snapshot+0x4a5/0x7e0 [ 149.459672][ T6706] btrfs_mksubvol+0x5d0/0x750 [ 149.464575][ T6706] btrfs_mksnapshot+0xb5/0xf0 [ 149.469464][ T6706] __btrfs_ioctl_snap_create+0x344/0x460 [ 149.475339][ T6706] btrfs_ioctl_snap_create+0x13c/0x190 [ 149.480985][ T6706] btrfs_ioctl+0xbbf/0xd40 [ 149.485612][ T6706] __se_sys_ioctl+0xf8/0x170 [pid 6689] <... ioctl resumed> ) = ? [pid 6689] +++ exited with 0 +++ [pid 6688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6688, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=65 /* 0.65 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 149.516826][ T6689] BTRFS info (device loop0): balance: canceled umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/bus") = 0 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6707 ./strace-static-x86_64: Process 6707 attached [pid 6707] set_robust_list(0x5555560fc760, 24) = 0 [pid 6707] chdir("./88") = 0 [pid 6707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6707] setpgid(0, 0) = 0 [pid 6707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6707] write(3, "1000", 4) = 4 [pid 6707] close(3) = 0 [pid 6707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6707] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6707] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6707] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6708]}, 88) = 6708 [pid 6707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6708 attached [pid 6708] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... rseq resumed>) = 0 [pid 6708] set_robust_list(0x7f29736fa9a0, 24 [pid 6707] <... futex resumed>) = 0 [pid 6708] <... set_robust_list resumed>) = 0 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6708] memfd_create("syzkaller", 0) = 3 [pid 6708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6708] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6708] munmap(0x7f296b2da000, 138412032) = 0 [pid 6708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6708] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6708] close(3) = 0 [pid 6708] mkdir("./bus", 0777) = 0 [ 149.902261][ T6708] loop0: detected capacity change from 0 to 32768 [ 149.912952][ T6708] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6708) [ 149.929892][ T6708] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 149.938784][ T6708] BTRFS info (device loop0): doing ref verification [ 149.945429][ T6708] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 149.956487][ T6708] BTRFS info (device loop0): force zlib compression, level 3 [ 149.963896][ T6708] BTRFS info (device loop0): allowing degraded mounts [ 149.970743][ T6708] BTRFS info (device loop0): using free space tree [pid 6708] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6708] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6708] chdir("./bus") = 0 [pid 6708] ioctl(4, LOOP_CLR_FD) = 0 [pid 6708] close(4) = 0 [pid 6708] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... futex resumed>) = 0 [pid 6708] <... futex resumed>) = 1 [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6707] <... futex resumed>) = 0 [pid 6708] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] <... futex resumed>) = 0 [pid 6707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6708] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6707] <... futex resumed>) = 0 [pid 6708] open("./file0", O_RDONLY) = 4 [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] <... futex resumed>) = 1 [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] creat("./file1", 000) = 5 [pid 6708] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] open("./file0", O_RDONLY) = 6 [pid 6708] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] <... futex resumed>) = 0 [pid 6708] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6707] <... futex resumed>) = 0 [pid 6708] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] <... ioctl resumed>) = 0 [pid 6708] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = 0 [pid 6707] <... futex resumed>) = 1 [pid 6708] creat("./bus", 012 [ 149.993021][ T6708] BTRFS info (device loop0): auto enabling async discard [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] <... creat resumed>) = 7 [pid 6708] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] <... futex resumed>) = 0 [pid 6708] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6708] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] open("./file0", O_RDONLY [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] <... open resumed>) = 9 [pid 6708] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6708] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] <... futex resumed>) = 0 [pid 6708] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6707] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6707] <... futex resumed>) = 0 [pid 6708] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6707] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6707] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6707] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6725 attached => {parent_tid=[6725]}, 88) = 6725 [pid 6725] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6707] rt_sigprocmask(SIG_SETMASK, [], [pid 6725] <... rseq resumed>) = 0 [pid 6707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6725] set_robust_list(0x7f29736d99a0, 24 [pid 6707] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] <... set_robust_list resumed>) = 0 [pid 6707] <... futex resumed>) = 0 [pid 6725] rt_sigprocmask(SIG_SETMASK, [], [pid 6707] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6725] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6725] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] <... futex resumed>) = 0 [pid 6725] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6707] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6707] <... futex resumed>) = 0 [pid 6725] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 150.067824][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 150.091849][ T6708] BTRFS info (device loop0): balance: start -d -m [ 150.101057][ T6708] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6707] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6725] <... ioctl resumed>) = 0 [pid 6725] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] <... futex resumed>) = 0 [ 150.189901][ T6708] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 150.265142][ T6708] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6725] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6707] exit_group(0 [pid 6725] <... futex resumed>) = ? [pid 6707] <... exit_group resumed>) = ? [pid 6725] +++ exited with 0 +++ [pid 6708] <... ioctl resumed> ) = ? [pid 6708] +++ exited with 0 +++ [pid 6707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6707, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 150.308961][ T6708] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 150.343405][ T6708] BTRFS info (device loop0): balance: ended with status: 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/bus") = 0 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6726 attached , child_tidptr=0x5555560fc750) = 6726 [pid 6726] set_robust_list(0x5555560fc760, 24) = 0 [pid 6726] chdir("./89") = 0 [pid 6726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6726] setpgid(0, 0) = 0 [pid 6726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6726] write(3, "1000", 4) = 4 [pid 6726] close(3) = 0 [pid 6726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6726] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6726] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6727 attached => {parent_tid=[6727]}, 88) = 6727 [pid 6727] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6727] <... rseq resumed>) = 0 [pid 6727] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6727] rt_sigprocmask(SIG_SETMASK, [], [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6727] memfd_create("syzkaller", 0) = 3 [pid 6727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6727] munmap(0x7f296b2da000, 138412032) = 0 [pid 6727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6727] close(3) = 0 [pid 6727] mkdir("./bus", 0777) = 0 [ 150.752509][ T6727] loop0: detected capacity change from 0 to 32768 [ 150.763453][ T6727] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6727) [ 150.781497][ T6727] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 150.790262][ T6727] BTRFS info (device loop0): doing ref verification [ 150.796950][ T6727] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 150.808856][ T6727] BTRFS info (device loop0): force zlib compression, level 3 [ 150.816336][ T6727] BTRFS info (device loop0): allowing degraded mounts [ 150.823317][ T6727] BTRFS info (device loop0): using free space tree [pid 6727] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6727] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6727] chdir("./bus") = 0 [pid 6727] ioctl(4, LOOP_CLR_FD) = 0 [pid 6727] close(4) = 0 [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6727] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6727] open("./file0", O_RDONLY [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... open resumed>) = 4 [pid 6726] <... futex resumed>) = 0 [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6727] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] <... futex resumed>) = 0 [pid 6727] creat("./file1", 000 [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... creat resumed>) = 5 [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [ 150.846223][ T6727] BTRFS info (device loop0): auto enabling async discard [pid 6727] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] <... futex resumed>) = 0 [pid 6727] open("./file0", O_RDONLY [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... open resumed>) = 6 [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] <... futex resumed>) = 0 [pid 6727] <... futex resumed>) = 1 [pid 6727] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... ioctl resumed>) = 0 [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6727] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] <... futex resumed>) = 0 [pid 6727] creat("./bus", 012 [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... creat resumed>) = 7 [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6727] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6727] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6726] <... futex resumed>) = 0 [pid 6727] <... openat resumed>) = 8 [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6727] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] <... futex resumed>) = 0 [pid 6727] open("./file0", O_RDONLY [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... open resumed>) = 9 [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6726] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6726] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6726] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6744 attached => {parent_tid=[6744]}, 88) = 6744 [pid 6744] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6726] rt_sigprocmask(SIG_SETMASK, [], [pid 6744] <... rseq resumed>) = 0 [pid 6744] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6726] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6744] rt_sigprocmask(SIG_SETMASK, [], [pid 6726] <... futex resumed>) = 0 [pid 6744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6726] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6744] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6744] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] <... futex resumed>) = 0 [pid 6744] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 150.961731][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 150.972711][ T6727] BTRFS info (device loop0): balance: start -d -m [pid 6726] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] <... ioctl resumed>) = 0 [pid 6744] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6744] <... futex resumed>) = 0 [ 151.034631][ T6727] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 151.076275][ T6727] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 151.132636][ T6727] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6744] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6727] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6727] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] exit_group(0 [pid 6744] <... futex resumed>) = ? [pid 6726] <... exit_group resumed>) = ? [pid 6744] +++ exited with 0 +++ [pid 6727] +++ exited with 0 +++ [pid 6726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6726, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 151.177353][ T6727] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 151.209636][ T6727] BTRFS info (device loop0): balance: ended with status: 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/bus") = 0 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6745 attached , child_tidptr=0x5555560fc750) = 6745 [pid 6745] set_robust_list(0x5555560fc760, 24) = 0 [pid 6745] chdir("./90") = 0 [pid 6745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6745] setpgid(0, 0) = 0 [pid 6745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6745] write(3, "1000", 4) = 4 [pid 6745] close(3) = 0 [pid 6745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6745] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6745] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6746 attached => {parent_tid=[6746]}, 88) = 6746 [pid 6746] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6745] rt_sigprocmask(SIG_SETMASK, [], [pid 6746] <... rseq resumed>) = 0 [pid 6745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6746] set_robust_list(0x7f29736fa9a0, 24 [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] <... set_robust_list resumed>) = 0 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6746] memfd_create("syzkaller", 0) = 3 [pid 6746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6746] munmap(0x7f296b2da000, 138412032) = 0 [pid 6746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6746] close(3) = 0 [pid 6746] mkdir("./bus", 0777) = 0 [ 151.611935][ T6746] loop0: detected capacity change from 0 to 32768 [ 151.622088][ T6746] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6746) [ 151.638198][ T6746] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 151.647044][ T6746] BTRFS info (device loop0): doing ref verification [pid 6746] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6746] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6746] chdir("./bus") = 0 [pid 6746] ioctl(4, LOOP_CLR_FD) = 0 [pid 6746] close(4) = 0 [pid 6746] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6746] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] <... futex resumed>) = 0 [ 151.653640][ T6746] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 151.664484][ T6746] BTRFS info (device loop0): force zlib compression, level 3 [ 151.671881][ T6746] BTRFS info (device loop0): allowing degraded mounts [ 151.678736][ T6746] BTRFS info (device loop0): using free space tree [ 151.702249][ T6746] BTRFS info (device loop0): auto enabling async discard [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6746] <... futex resumed>) = 0 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6746] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] open("./file0", O_RDONLY [pid 6745] <... futex resumed>) = 0 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] <... open resumed>) = 4 [pid 6746] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6746] creat("./file1", 000 [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] <... creat resumed>) = 5 [pid 6746] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6746] open("./file0", O_RDONLY [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] <... open resumed>) = 6 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6746] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] <... ioctl resumed>) = 0 [pid 6746] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6746] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6745] <... futex resumed>) = 0 [pid 6746] creat("./bus", 012 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] <... creat resumed>) = 7 [pid 6746] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6745] <... futex resumed>) = 0 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6746] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] open("./file0", O_RDONLY) = 9 [pid 6746] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6746] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6745] <... futex resumed>) = 0 [pid 6746] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] <... ioctl resumed>) = 0 [pid 6746] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] <... futex resumed>) = 0 [pid 6746] <... futex resumed>) = 1 [pid 6745] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6745] <... futex resumed>) = 0 [pid 6745] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6745] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6745] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6763 attached [pid 6763] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6745] <... clone3 resumed> => {parent_tid=[6763]}, 88) = 6763 [pid 6763] <... rseq resumed>) = 0 [pid 6763] set_robust_list(0x7f29736d99a0, 24 [pid 6745] rt_sigprocmask(SIG_SETMASK, [], [pid 6763] <... set_robust_list resumed>) = 0 [pid 6745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6763] rt_sigprocmask(SIG_SETMASK, [], [pid 6745] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6745] <... futex resumed>) = 0 [pid 6763] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 6745] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] <... openat resumed>) = 10 [pid 6763] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6763] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6763] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6745] <... futex resumed>) = 0 [ 151.819153][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 151.835032][ T6746] BTRFS info (device loop0): balance: start -d -m [ 151.843032][ T6746] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6745] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6763] <... ioctl resumed>) = 0 [pid 6763] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 151.953007][ T6746] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 152.016210][ T6746] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6763] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] exit_group(0 [pid 6763] <... futex resumed>) = ? [pid 6763] +++ exited with 0 +++ [pid 6745] <... exit_group resumed>) = ? [pid 6746] <... ioctl resumed> ) = ? [pid 6746] +++ exited with 0 +++ [pid 6745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6745, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=44 /* 0.44 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 152.061421][ T6746] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 152.097243][ T6746] BTRFS info (device loop0): balance: ended with status: 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/bus") = 0 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6764 ./strace-static-x86_64: Process 6764 attached [pid 6764] set_robust_list(0x5555560fc760, 24) = 0 [pid 6764] chdir("./91") = 0 [pid 6764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6764] setpgid(0, 0) = 0 [pid 6764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6764] write(3, "1000", 4) = 4 [pid 6764] close(3) = 0 [pid 6764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6764] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6764] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6764] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6764] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6764] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6765 attached => {parent_tid=[6765]}, 88) = 6765 [pid 6765] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6765] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] rt_sigprocmask(SIG_SETMASK, [], [pid 6764] <... futex resumed>) = 0 [pid 6765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6765] memfd_create("syzkaller", 0) = 3 [pid 6765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6765] munmap(0x7f296b2da000, 138412032) = 0 [pid 6765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6765] close(3) = 0 [pid 6765] mkdir("./bus", 0777) = 0 [ 152.481291][ T6765] loop0: detected capacity change from 0 to 32768 [ 152.492517][ T6765] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6765) [ 152.509261][ T6765] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 152.518512][ T6765] BTRFS info (device loop0): doing ref verification [pid 6765] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6765] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6765] chdir("./bus") = 0 [pid 6765] ioctl(4, LOOP_CLR_FD) = 0 [pid 6765] close(4) = 0 [pid 6765] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... futex resumed>) = 0 [pid 6765] <... futex resumed>) = 1 [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6765] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] open("./file0", O_RDONLY [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... open resumed>) = 4 [pid 6765] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6764] <... futex resumed>) = 0 [pid 6765] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6764] <... futex resumed>) = 1 [pid 6765] creat("./file1", 000 [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... creat resumed>) = 5 [pid 6765] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... futex resumed>) = 0 [pid 6765] <... futex resumed>) = 1 [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] open("./file0", O_RDONLY [pid 6764] <... futex resumed>) = 0 [pid 6765] <... open resumed>) = 6 [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... futex resumed>) = 0 [pid 6765] <... futex resumed>) = 1 [pid 6765] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6764] <... futex resumed>) = 0 [ 152.525613][ T6765] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 152.536739][ T6765] BTRFS info (device loop0): force zlib compression, level 3 [ 152.544169][ T6765] BTRFS info (device loop0): allowing degraded mounts [ 152.551316][ T6765] BTRFS info (device loop0): using free space tree [ 152.573088][ T6765] BTRFS info (device loop0): auto enabling async discard [pid 6765] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... ioctl resumed>) = 0 [pid 6765] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6764] <... futex resumed>) = 0 [pid 6765] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6764] <... futex resumed>) = 0 [pid 6765] creat("./bus", 012 [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... creat resumed>) = 7 [pid 6765] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... futex resumed>) = 1 [pid 6765] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6765] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... futex resumed>) = 1 [pid 6765] open("./file0", O_RDONLY) = 9 [pid 6765] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... futex resumed>) = 1 [pid 6765] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6765] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... futex resumed>) = 1 [pid 6765] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6764] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6764] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6764] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6764] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6764] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6764] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6782 attached [pid 6782] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6764] <... clone3 resumed> => {parent_tid=[6782]}, 88) = 6782 [pid 6782] <... rseq resumed>) = 0 [pid 6764] rt_sigprocmask(SIG_SETMASK, [], [pid 6782] set_robust_list(0x7f29736d99a0, 24 [pid 6764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6782] <... set_robust_list resumed>) = 0 [pid 6764] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] rt_sigprocmask(SIG_SETMASK, [], [pid 6764] <... futex resumed>) = 0 [pid 6782] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6764] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6782] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6782] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6782] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] <... futex resumed>) = 0 [pid 6764] <... futex resumed>) = 1 [pid 6782] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 152.638113][ T6765] BTRFS info (device loop0): balance: start -d -m [ 152.640592][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 152.659878][ T6765] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6764] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6782] <... ioctl resumed>) = 0 [pid 6782] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... futex resumed>) = 0 [pid 6782] <... futex resumed>) = 1 [ 152.758211][ T6765] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6782] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] exit_group(0 [pid 6782] <... futex resumed>) = ? [pid 6764] <... exit_group resumed>) = ? [pid 6782] +++ exited with 0 +++ [ 152.859109][ T6765] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6765] <... ioctl resumed> ) = ? [pid 6765] +++ exited with 0 +++ [pid 6764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6764, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=46 /* 0.46 s */} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 152.905877][ T6765] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 152.939361][ T6765] BTRFS info (device loop0): balance: ended with status: 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/bus") = 0 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6783 attached , child_tidptr=0x5555560fc750) = 6783 [pid 6783] set_robust_list(0x5555560fc760, 24) = 0 [pid 6783] chdir("./92") = 0 [pid 6783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6783] setpgid(0, 0) = 0 [pid 6783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6783] write(3, "1000", 4) = 4 [pid 6783] close(3) = 0 [pid 6783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6783] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6783] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6784 attached => {parent_tid=[6784]}, 88) = 6784 [pid 6783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6784] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6784] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6784] memfd_create("syzkaller", 0) = 3 [pid 6784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6784] munmap(0x7f296b2da000, 138412032) = 0 [pid 6784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6784] close(3) = 0 [pid 6784] mkdir("./bus", 0777) = 0 [ 153.329694][ T6784] loop0: detected capacity change from 0 to 32768 [ 153.339661][ T6784] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6784) [ 153.356154][ T6784] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 153.366316][ T6784] BTRFS info (device loop0): doing ref verification [ 153.372920][ T6784] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 153.383777][ T6784] BTRFS info (device loop0): force zlib compression, level 3 [ 153.391204][ T6784] BTRFS info (device loop0): allowing degraded mounts [ 153.398045][ T6784] BTRFS info (device loop0): using free space tree [pid 6784] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6784] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6784] chdir("./bus") = 0 [pid 6784] ioctl(4, LOOP_CLR_FD) = 0 [pid 6784] close(4) = 0 [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6784] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6784] <... futex resumed>) = 0 [pid 6784] open("./file0", O_RDONLY) = 4 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] creat("./file1", 000) = 5 [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6784] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6784] open("./file0", O_RDONLY) = 6 [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6784] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6784] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... futex resumed>) = 0 [pid 6784] <... futex resumed>) = 1 [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] creat("./bus", 012 [pid 6783] <... futex resumed>) = 0 [ 153.420583][ T6784] BTRFS info (device loop0): auto enabling async discard [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... creat resumed>) = 7 [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6784] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] <... openat resumed>) = 8 [pid 6783] <... futex resumed>) = 0 [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... futex resumed>) = 0 [pid 6783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6784] open("./file0", O_RDONLY [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] <... open resumed>) = 9 [pid 6783] <... futex resumed>) = 0 [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] <... futex resumed>) = 0 [pid 6783] <... futex resumed>) = 1 [pid 6784] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] <... ioctl resumed>) = 0 [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6784] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6784] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6783] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6783] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6801 attached => {parent_tid=[6801]}, 88) = 6801 [pid 6801] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6783] rt_sigprocmask(SIG_SETMASK, [], [pid 6801] <... rseq resumed>) = 0 [pid 6783] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6801] set_robust_list(0x7f29736d99a0, 24 [pid 6783] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6801] <... set_robust_list resumed>) = 0 [pid 6783] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6801] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6801] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6801] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6801] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6783] <... futex resumed>) = 0 [pid 6801] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 153.513667][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 153.514835][ T6784] BTRFS info (device loop0): balance: start -d -m [ 153.536297][ T6784] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6783] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6801] <... ioctl resumed>) = 0 [pid 6801] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... futex resumed>) = 0 [pid 6801] <... futex resumed>) = 1 [ 153.641360][ T6784] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 153.712314][ T6784] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6801] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6784] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6784] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] exit_group(0 [pid 6784] <... futex resumed>) = ? [pid 6783] <... exit_group resumed>) = ? [pid 6801] <... futex resumed>) = ? [pid 6801] +++ exited with 0 +++ [pid 6784] +++ exited with 0 +++ [pid 6783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6783, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=44 /* 0.44 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 153.758912][ T6784] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 153.792334][ T6784] BTRFS info (device loop0): balance: ended with status: 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/bus") = 0 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6802 attached [pid 6802] set_robust_list(0x5555560fc760, 24 [pid 5027] <... clone resumed>, child_tidptr=0x5555560fc750) = 6802 [pid 6802] <... set_robust_list resumed>) = 0 [pid 6802] chdir("./93") = 0 [pid 6802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6802] setpgid(0, 0) = 0 [pid 6802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6802] write(3, "1000", 4) = 4 [pid 6802] close(3) = 0 [pid 6802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6802] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6802] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6802] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6802] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6803]}, 88) = 6803 [pid 6802] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6803 attached ) = 0 [pid 6803] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6803] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6803] memfd_create("syzkaller", 0) = 3 [pid 6803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6803] munmap(0x7f296b2da000, 138412032) = 0 [pid 6803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6803] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6803] close(3) = 0 [pid 6803] mkdir("./bus", 0777) = 0 [ 154.181634][ T6803] loop0: detected capacity change from 0 to 32768 [ 154.192514][ T6803] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6803) [ 154.209974][ T6803] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 154.220731][ T6803] BTRFS info (device loop0): doing ref verification [ 154.227684][ T6803] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 154.238819][ T6803] BTRFS info (device loop0): force zlib compression, level 3 [ 154.246419][ T6803] BTRFS info (device loop0): allowing degraded mounts [ 154.253214][ T6803] BTRFS info (device loop0): using free space tree [pid 6803] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6803] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6803] chdir("./bus") = 0 [pid 6803] ioctl(4, LOOP_CLR_FD) = 0 [pid 6803] close(4) = 0 [pid 6803] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6803] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6802] <... futex resumed>) = 0 [pid 6803] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6803] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6803] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6802] <... futex resumed>) = 0 [pid 6803] open("./file0", O_RDONLY [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... open resumed>) = 4 [pid 6803] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6803] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6802] <... futex resumed>) = 0 [pid 6803] creat("./file1", 000 [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... creat resumed>) = 5 [pid 6803] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... futex resumed>) = 0 [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... futex resumed>) = 1 [pid 6803] open("./file0", O_RDONLY) = 6 [pid 6803] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6803] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... ioctl resumed>) = 0 [pid 6803] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [ 154.277108][ T6803] BTRFS info (device loop0): auto enabling async discard [pid 6803] creat("./bus", 012 [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... creat resumed>) = 7 [pid 6803] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6802] <... futex resumed>) = 0 [pid 6803] <... openat resumed>) = 8 [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6803] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6802] <... futex resumed>) = 0 [pid 6803] open("./file0", O_RDONLY [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... open resumed>) = 9 [pid 6803] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6803] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6803] <... futex resumed>) = 0 [pid 6803] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... ioctl resumed>) = 0 [pid 6803] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6803] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6802] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6802] <... futex resumed>) = 0 [pid 6803] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 154.351006][ T1076] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 154.385344][ T6803] BTRFS info (device loop0): balance: start -d -m [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6802] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6802] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6802] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6802] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6820 attached [pid 6820] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6802] <... clone3 resumed> => {parent_tid=[6820]}, 88) = 6820 [pid 6820] <... rseq resumed>) = 0 [pid 6802] rt_sigprocmask(SIG_SETMASK, [], [pid 6820] set_robust_list(0x7f29736d99a0, 24 [pid 6802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6820] <... set_robust_list resumed>) = 0 [pid 6802] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] rt_sigprocmask(SIG_SETMASK, [], [pid 6802] <... futex resumed>) = 0 [pid 6820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6802] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6820] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... futex resumed>) = 0 [pid 6802] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] <... futex resumed>) = 1 [ 154.405026][ T6803] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6820] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6802] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6820] <... ioctl resumed>) = 0 [pid 6820] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 154.539588][ T6803] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6820] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6802] exit_group(0) = ? [pid 6820] <... futex resumed>) = ? [pid 6820] +++ exited with 0 +++ [ 154.603519][ T6803] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 6803] <... ioctl resumed> ) = ? [pid 6803] +++ exited with 0 +++ [pid 6802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6802, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=52 /* 0.52 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 154.651299][ T6803] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 154.688841][ T6803] BTRFS info (device loop0): balance: ended with status: 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/bus") = 0 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6821 attached [pid 6821] set_robust_list(0x5555560fc760, 24) = 0 [pid 5027] <... clone resumed>, child_tidptr=0x5555560fc750) = 6821 [pid 6821] chdir("./94") = 0 [pid 6821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6821] setpgid(0, 0) = 0 [pid 6821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6821] write(3, "1000", 4) = 4 [pid 6821] close(3) = 0 [pid 6821] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6821] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6821] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6821] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6822 attached [pid 6822] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6821] <... clone3 resumed> => {parent_tid=[6822]}, 88) = 6822 [pid 6822] <... rseq resumed>) = 0 [pid 6821] rt_sigprocmask(SIG_SETMASK, [], [pid 6822] set_robust_list(0x7f29736fa9a0, 24 [pid 6821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6822] <... set_robust_list resumed>) = 0 [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] rt_sigprocmask(SIG_SETMASK, [], [pid 6821] <... futex resumed>) = 0 [pid 6822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6822] memfd_create("syzkaller", 0) = 3 [pid 6822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6822] munmap(0x7f296b2da000, 138412032) = 0 [pid 6822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6822] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6822] close(3) = 0 [pid 6822] mkdir("./bus", 0777) = 0 [ 155.076243][ T6822] loop0: detected capacity change from 0 to 32768 [ 155.087658][ T6822] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6822) [ 155.104120][ T6822] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 155.115008][ T6822] BTRFS info (device loop0): doing ref verification [ 155.121628][ T6822] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 155.132815][ T6822] BTRFS info (device loop0): force zlib compression, level 3 [ 155.140527][ T6822] BTRFS info (device loop0): allowing degraded mounts [ 155.147826][ T6822] BTRFS info (device loop0): using free space tree [pid 6822] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6822] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6822] chdir("./bus") = 0 [pid 6822] ioctl(4, LOOP_CLR_FD) = 0 [pid 6822] close(4) = 0 [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... futex resumed>) = 0 [pid 6822] <... futex resumed>) = 1 [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6821] <... futex resumed>) = 0 [pid 6822] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 155.171225][ T6822] BTRFS info (device loop0): auto enabling async discard [pid 6822] open("./file0", O_RDONLY [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... open resumed>) = 4 [pid 6821] <... futex resumed>) = 0 [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] <... futex resumed>) = 0 [pid 6821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] creat("./file1", 000) = 5 [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6822] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6821] <... futex resumed>) = 0 [pid 6822] open("./file0", O_RDONLY [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] <... open resumed>) = 6 [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6822] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6821] <... futex resumed>) = 0 [pid 6822] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] <... ioctl resumed>) = 0 [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... futex resumed>) = 0 [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... futex resumed>) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6822] creat("./bus", 012 [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] <... creat resumed>) = 7 [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6821] <... futex resumed>) = 0 [pid 6822] <... openat resumed>) = 8 [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... futex resumed>) = 0 [pid 6821] <... futex resumed>) = 0 [pid 6822] open("./file0", O_RDONLY [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] <... open resumed>) = 9 [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6822] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... ioctl resumed>) = 0 [pid 6821] <... futex resumed>) = 0 [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] <... futex resumed>) = 0 [pid 6821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6822] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6821] <... futex resumed>) = 0 [pid 6822] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6821] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6821] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6821] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6839]}, 88) = 6839 ./strace-static-x86_64: Process 6839 attached [pid 6839] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6821] rt_sigprocmask(SIG_SETMASK, [], [ 155.273382][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 155.296267][ T6822] BTRFS info (device loop0): balance: start -d -m [ 155.304943][ T6822] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6839] set_robust_list(0x7f29736d99a0, 24 [pid 6821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6839] <... set_robust_list resumed>) = 0 [pid 6839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6839] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6839] <... futex resumed>) = 0 [pid 6821] <... futex resumed>) = 1 [pid 6821] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6839] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6839] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6839] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] <... futex resumed>) = 0 [pid 6821] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6839] <... futex resumed>) = 0 [pid 6821] <... futex resumed>) = 1 [pid 6839] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 155.349428][ T6822] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6821] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6839] <... ioctl resumed>) = 0 [pid 6839] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... futex resumed>) = 0 [pid 6839] <... futex resumed>) = 1 [ 155.448356][ T6822] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6839] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6822] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] exit_group(0 [pid 6822] <... futex resumed>) = ? [pid 6821] <... exit_group resumed>) = ? [pid 6822] +++ exited with 0 +++ [pid 6839] <... futex resumed>) = ? [pid 6839] +++ exited with 0 +++ [pid 6821] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6821, si_uid=0, si_status=0, si_utime=0, si_stime=49 /* 0.49 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 155.490250][ T6822] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 155.523059][ T6822] BTRFS info (device loop0): balance: ended with status: 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/bus") = 0 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6840 attached , child_tidptr=0x5555560fc750) = 6840 [pid 6840] set_robust_list(0x5555560fc760, 24) = 0 [pid 6840] chdir("./95") = 0 [pid 6840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6840] setpgid(0, 0) = 0 [pid 6840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6840] write(3, "1000", 4) = 4 [pid 6840] close(3) = 0 [pid 6840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6840] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6841 attached => {parent_tid=[6841]}, 88) = 6841 [pid 6840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6841] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6841] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6841] memfd_create("syzkaller", 0) = 3 [pid 6841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6841] munmap(0x7f296b2da000, 138412032) = 0 [pid 6841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6841] close(3) = 0 [pid 6841] mkdir("./bus", 0777) = 0 [ 155.909853][ T6841] loop0: detected capacity change from 0 to 32768 [ 155.920512][ T6841] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6841) [ 155.936912][ T6841] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 155.947079][ T6841] BTRFS info (device loop0): doing ref verification [pid 6841] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6841] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6841] chdir("./bus") = 0 [pid 6841] ioctl(4, LOOP_CLR_FD) = 0 [pid 6841] close(4) = 0 [pid 6841] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] <... futex resumed>) = 0 [pid 6841] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6841] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] <... futex resumed>) = 0 [pid 6841] <... futex resumed>) = 1 [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] open("./file0", O_RDONLY [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... open resumed>) = 4 [pid 6841] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... futex resumed>) = 1 [pid 6841] creat("./file1", 000) = 5 [pid 6841] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6841] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... futex resumed>) = 0 [pid 6841] open("./file0", O_RDONLY) = 6 [pid 6841] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6841] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] <... futex resumed>) = 1 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... futex resumed>) = 0 [pid 6841] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6840] <... futex resumed>) = 1 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... ioctl resumed>) = 0 [pid 6841] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [ 155.953696][ T6841] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 155.964559][ T6841] BTRFS info (device loop0): force zlib compression, level 3 [ 155.971960][ T6841] BTRFS info (device loop0): allowing degraded mounts [ 155.978797][ T6841] BTRFS info (device loop0): using free space tree [ 155.999991][ T6841] BTRFS info (device loop0): auto enabling async discard [pid 6841] creat("./bus", 012 [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... creat resumed>) = 7 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... futex resumed>) = 1 [pid 6841] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6841] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6841] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] <... futex resumed>) = 0 [pid 6841] open("./file0", O_RDONLY [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... open resumed>) = 9 [pid 6841] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... futex resumed>) = 1 [pid 6841] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6841] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] <... futex resumed>) = 1 [pid 6841] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6840] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6840] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6840] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6858]}, 88) = 6858 [pid 6840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6840] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6858 attached [pid 6858] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6858] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6858] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6858] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6858] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] <... futex resumed>) = 0 [pid 6858] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 156.065955][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 156.079598][ T6841] BTRFS info (device loop0): balance: start -d -m [ 156.088661][ T6841] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6840] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6858] <... ioctl resumed>) = 0 [pid 6840] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6858] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 156.186299][ T6841] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 156.270689][ T6841] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6858] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] exit_group(0) = ? [pid 6858] <... futex resumed>) = ? [pid 6858] +++ exited with 0 +++ [pid 6841] <... ioctl resumed> ) = ? [pid 6841] +++ exited with 0 +++ [pid 6840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6840, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=58 /* 0.58 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 156.313124][ T6841] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 156.349448][ T6841] BTRFS info (device loop0): balance: ended with status: 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/bus") = 0 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6859 ./strace-static-x86_64: Process 6859 attached [pid 6859] set_robust_list(0x5555560fc760, 24) = 0 [pid 6859] chdir("./96") = 0 [pid 6859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6859] setpgid(0, 0) = 0 [pid 6859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6859] write(3, "1000", 4) = 4 [pid 6859] close(3) = 0 [pid 6859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6859] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6859] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6859] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6860 attached => {parent_tid=[6860]}, 88) = 6860 [pid 6859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6859] <... futex resumed>) = 0 [pid 6860] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6860] memfd_create("syzkaller", 0) = 3 [pid 6860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6860] munmap(0x7f296b2da000, 138412032) = 0 [pid 6860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6860] close(3) = 0 [pid 6860] mkdir("./bus", 0777) = 0 [ 156.728423][ T6860] loop0: detected capacity change from 0 to 32768 [ 156.738864][ T6860] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6860) [ 156.755335][ T6860] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 156.764548][ T6860] BTRFS info (device loop0): doing ref verification [ 156.771333][ T6860] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 156.782453][ T6860] BTRFS info (device loop0): force zlib compression, level 3 [ 156.790245][ T6860] BTRFS info (device loop0): allowing degraded mounts [ 156.797231][ T6860] BTRFS info (device loop0): using free space tree [pid 6860] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6860] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6860] chdir("./bus") = 0 [pid 6860] ioctl(4, LOOP_CLR_FD) = 0 [pid 6860] close(4) = 0 [pid 6860] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = 0 [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6860] <... futex resumed>) = 1 [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6860] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6860] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] <... futex resumed>) = 0 [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6860] <... futex resumed>) = 0 [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] open("./file0", O_RDONLY) = 4 [pid 6860] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6860] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6859] <... futex resumed>) = 0 [pid 6860] creat("./file1", 000 [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] <... creat resumed>) = 5 [pid 6860] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = 0 [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] <... futex resumed>) = 1 [pid 6860] open("./file0", O_RDONLY) = 6 [pid 6860] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = 0 [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] <... futex resumed>) = 1 [pid 6860] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0 [pid 6860] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6860] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6860] <... futex resumed>) = 0 [pid 6860] creat("./bus", 012 [ 156.819847][ T6860] BTRFS info (device loop0): auto enabling async discard [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] <... creat resumed>) = 7 [pid 6860] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6859] <... futex resumed>) = 0 [pid 6860] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] <... futex resumed>) = 0 [pid 6859] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6860] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6860] open("./file0", O_RDONLY) = 9 [pid 6860] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6860] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6859] <... futex resumed>) = 0 [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] <... ioctl resumed>) = 0 [pid 6860] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6860] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... futex resumed>) = 0 [pid 6859] <... futex resumed>) = 1 [pid 6860] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6859] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6859] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6859] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6877 attached => {parent_tid=[6877]}, 88) = 6877 [pid 6859] rt_sigprocmask(SIG_SETMASK, [], [pid 6877] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6859] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] <... rseq resumed>) = 0 [pid 6877] set_robust_list(0x7f29736d99a0, 24) = 0 [ 156.892387][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 156.921761][ T6860] BTRFS info (device loop0): balance: start -d -m [ 156.932363][ T6860] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6877] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6877] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6877] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6859] <... futex resumed>) = 0 [pid 6859] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 6877] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = 0 [pid 6877] <... futex resumed>) = 1 [ 157.026268][ T6860] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 157.096722][ T6860] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6877] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] exit_group(0 [pid 6877] <... futex resumed>) = ? [pid 6877] +++ exited with 0 +++ [pid 6859] <... exit_group resumed>) = ? [pid 6860] <... ioctl resumed> ) = ? [pid 6860] +++ exited with 0 +++ [pid 6859] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6859, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 157.146613][ T6860] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 157.180078][ T6860] BTRFS info (device loop0): balance: ended with status: 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/bus") = 0 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6878 ./strace-static-x86_64: Process 6878 attached [pid 6878] set_robust_list(0x5555560fc760, 24) = 0 [pid 6878] chdir("./97") = 0 [pid 6878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6878] setpgid(0, 0) = 0 [pid 6878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6878] write(3, "1000", 4) = 4 [pid 6878] close(3) = 0 [pid 6878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6878] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0} => {parent_tid=[6879]}, 88) = 6879 [pid 6878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6879 attached [pid 6879] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6879] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6879] memfd_create("syzkaller", 0) = 3 [pid 6879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6879] munmap(0x7f296b2da000, 138412032) = 0 [pid 6879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6879] close(3) = 0 [pid 6879] mkdir("./bus", 0777) = 0 [ 157.560567][ T6879] loop0: detected capacity change from 0 to 32768 [ 157.570370][ T6879] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6879) [ 157.587138][ T6879] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 157.595939][ T6879] BTRFS info (device loop0): doing ref verification [pid 6879] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6879] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6879] chdir("./bus") = 0 [pid 6879] ioctl(4, LOOP_CLR_FD) = 0 [pid 6879] close(4) = 0 [pid 6879] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6879] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6879] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] open("./file0", O_RDONLY) = 4 [pid 6879] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] creat("./file1", 000 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... creat resumed>) = 5 [pid 6879] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] <... futex resumed>) = 0 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] open("./file0", O_RDONLY) = 6 [pid 6879] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6879] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6878] <... futex resumed>) = 0 [pid 6879] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [ 157.602550][ T6879] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 157.613378][ T6879] BTRFS info (device loop0): force zlib compression, level 3 [ 157.620826][ T6879] BTRFS info (device loop0): allowing degraded mounts [ 157.627630][ T6879] BTRFS info (device loop0): using free space tree [ 157.650723][ T6879] BTRFS info (device loop0): auto enabling async discard [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... ioctl resumed>) = 0 [pid 6879] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... futex resumed>) = 0 [pid 6878] <... futex resumed>) = 1 [pid 6879] creat("./bus", 012) = 7 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6879] <... futex resumed>) = 0 [pid 6879] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... openat resumed>) = 8 [pid 6878] <... futex resumed>) = 0 [pid 6879] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6879] <... futex resumed>) = 0 [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] open("./file0", O_RDONLY [pid 6878] <... futex resumed>) = 0 [pid 6879] <... open resumed>) = 9 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6879] <... futex resumed>) = 0 [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6878] <... futex resumed>) = 0 [pid 6879] <... ioctl resumed>) = 0 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 157.725726][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 157.756994][ T6879] BTRFS info (device loop0): balance: start -d -m [pid 6879] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6878] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6878] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6878] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[6896]}, 88) = 6896 [pid 6878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6878] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6896 attached [pid 6896] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6896] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6896] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6896] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 157.768686][ T6879] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6896] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6878] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6896] <... ioctl resumed>) = 0 [pid 6896] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 157.874158][ T6879] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 157.936197][ T6879] BTRFS info (device loop0): found 13 extents, stage: move data extents [pid 6896] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] exit_group(0 [pid 6896] <... futex resumed>) = ? [pid 6878] <... exit_group resumed>) = ? [pid 6896] +++ exited with 0 +++ [pid 6879] <... ioctl resumed> ) = ? [pid 6879] +++ exited with 0 +++ [pid 6878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6878, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 157.980167][ T6879] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 158.013428][ T6879] BTRFS info (device loop0): balance: ended with status: 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/bus") = 0 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6897 attached , child_tidptr=0x5555560fc750) = 6897 [pid 6897] set_robust_list(0x5555560fc760, 24) = 0 [pid 6897] chdir("./98") = 0 [pid 6897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6897] setpgid(0, 0) = 0 [pid 6897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6897] write(3, "1000", 4) = 4 [pid 6897] close(3) = 0 [pid 6897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6897] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6897] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6897] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6897] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6897] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6897] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6898 attached [pid 6898] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6897] <... clone3 resumed> => {parent_tid=[6898]}, 88) = 6898 [pid 6898] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6897] rt_sigprocmask(SIG_SETMASK, [], [pid 6898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6898] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] <... futex resumed>) = 0 [pid 6897] <... futex resumed>) = 1 [pid 6898] memfd_create("syzkaller", 0 [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6898] <... memfd_create resumed>) = 3 [pid 6898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6898] munmap(0x7f296b2da000, 138412032) = 0 [pid 6898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6898] close(3) = 0 [pid 6898] mkdir("./bus", 0777) = 0 [ 158.401369][ T6898] loop0: detected capacity change from 0 to 32768 [ 158.411366][ T6898] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6898) [ 158.428572][ T6898] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 158.437758][ T6898] BTRFS info (device loop0): doing ref verification [pid 6898] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6898] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6898] chdir("./bus") = 0 [pid 6898] ioctl(4, LOOP_CLR_FD) = 0 [pid 6898] close(4) = 0 [pid 6898] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6898] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] <... futex resumed>) = 0 [pid 6898] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6898] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6898] open("./file0", O_RDONLY [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6898] <... open resumed>) = 4 [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... futex resumed>) = 0 [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] <... futex resumed>) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6898] creat("./file1", 000 [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] <... creat resumed>) = 5 [pid 6898] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [ 158.444465][ T6898] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 158.455271][ T6898] BTRFS info (device loop0): force zlib compression, level 3 [ 158.462670][ T6898] BTRFS info (device loop0): allowing degraded mounts [ 158.469523][ T6898] BTRFS info (device loop0): using free space tree [ 158.490760][ T6898] BTRFS info (device loop0): auto enabling async discard [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] open("./file0", O_RDONLY) = 6 [pid 6898] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6898] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] <... futex resumed>) = 0 [pid 6898] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] <... ioctl resumed>) = 0 [pid 6898] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] <... futex resumed>) = 0 [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] <... futex resumed>) = 0 [pid 6897] <... futex resumed>) = 1 [pid 6898] creat("./bus", 012 [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] <... creat resumed>) = 7 [pid 6898] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6898] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] <... futex resumed>) = 0 [pid 6898] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] <... openat resumed>) = 8 [pid 6898] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] open("./file0", O_RDONLY) = 9 [pid 6898] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6898] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] <... futex resumed>) = 0 [pid 6898] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6898] <... ioctl resumed>) = 0 [pid 6898] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] <... futex resumed>) = 0 [pid 6898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6897] <... futex resumed>) = 0 [ 158.568460][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 6897] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6897] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6897] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6897] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6897] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6915 attached => {parent_tid=[6915]}, 88) = 6915 [pid 6915] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6897] rt_sigprocmask(SIG_SETMASK, [], [pid 6915] <... rseq resumed>) = 0 [pid 6897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6915] set_robust_list(0x7f29736d99a0, 24 [pid 6897] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... set_robust_list resumed>) = 0 [pid 6897] <... futex resumed>) = 0 [pid 6915] rt_sigprocmask(SIG_SETMASK, [], [pid 6897] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 158.612043][ T6898] BTRFS info (device loop0): balance: start -d -m [ 158.624490][ T6898] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6915] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6915] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6897] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6897] <... futex resumed>) = 0 [ 158.681724][ T6898] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 158.701588][ T6898] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 158.711966][ T6898] BTRFS error (device loop0): dumping block entry [5402624 4096], num_refs 0, metadata 1, from disk 0 [ 158.722974][ T6898] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [pid 6897] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 158.731747][ T6898] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 158.743129][ T6898] __btrfs_cow_block+0x465/0x1a90 [ 158.748490][ T6898] btrfs_cow_block+0x35e/0xa10 [ 158.753465][ T6898] btrfs_search_slot+0xbf9/0x2f80 [ 158.758787][ T6898] btrfs_insert_empty_items+0x9c/0x180 [ 158.764491][ T6898] insert_with_overflow+0x150/0x3f0 [ 158.769892][ T6898] btrfs_insert_dir_item+0x243/0x630 [ 158.775427][ T6898] btrfs_add_link+0x270/0xc50 [ 158.780319][ T6898] btrfs_create_new_inode+0x1b3d/0x2710 [ 158.786139][ T6898] btrfs_create_common+0x1f9/0x300 [ 158.791474][ T6898] path_openat+0x13e7/0x3180 [ 158.796338][ T6898] do_filp_open+0x234/0x490 [ 158.801045][ T6898] do_sys_openat2+0x13e/0x1d0 [ 158.806019][ T6898] __x64_sys_creat+0x123/0x160 [ 158.811010][ T6898] do_syscall_64+0x41/0xc0 [ 158.815726][ T6898] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 158.821833][ T6898] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 158.834881][ T6898] __btrfs_cow_block+0xcca/0x1a90 [ 158.840115][ T6898] btrfs_cow_block+0x35e/0xa10 [ 158.845140][ T6898] btrfs_search_slot+0xbf9/0x2f80 [ 158.850372][ T6898] btrfs_lookup_inode+0xdc/0x480 [ 158.855576][ T6898] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 158.861682][ T6898] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 158.868556][ T6898] __btrfs_run_delayed_items+0x213/0x490 [ 158.874449][ T6898] btrfs_commit_transaction+0x8a4/0x3730 [pid 6897] exit_group(0) = ? [ 158.880309][ T6898] prepare_to_relocate+0x3c5/0x4c0 [ 158.885681][ T6898] relocate_block_group+0x17f/0xcd0 [ 158.891093][ T6898] btrfs_relocate_block_group+0x7ab/0xd70 [ 158.897109][ T6898] btrfs_relocate_chunk+0x12c/0x3b0 [ 158.902520][ T6898] __btrfs_balance+0x1b06/0x2690 [ 158.907715][ T6898] btrfs_balance+0xbd8/0x10d0 [ 158.912600][ T6898] btrfs_ioctl_balance+0x496/0x7c0 [ 158.917966][ T6898] __se_sys_ioctl+0xf8/0x170 [ 158.922763][ T6898] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [ 158.934658][ T6898] __btrfs_mod_ref+0x9b1/0xe20 [ 158.939640][ T6898] btrfs_copy_root+0x851/0xce0 [ 158.944691][ T6898] create_reloc_root+0x244/0x9a0 [ 158.949850][ T6898] btrfs_init_reloc_root+0x329/0x4e0 [ 158.955440][ T6898] record_root_in_trans+0x2c9/0x360 [ 158.960841][ T6898] qgroup_account_snapshot+0xa9/0x340 [ 158.966462][ T6898] create_pending_snapshot+0x1050/0x28b0 [ 158.972308][ T6898] create_pending_snapshots+0x195/0x1d0 [pid 6915] <... ioctl resumed>) = ? [pid 6915] +++ exited with 0 +++ [ 158.978131][ T6898] btrfs_commit_transaction+0xf1c/0x3730 [ 158.983961][ T6898] prepare_to_relocate+0x3c5/0x4c0 [ 158.989308][ T6898] relocate_block_group+0x17f/0xcd0 [ 158.994782][ T6898] btrfs_relocate_block_group+0x7ab/0xd70 [ 159.000692][ T6898] btrfs_relocate_chunk+0x12c/0x3b0 [ 159.006129][ T6898] __btrfs_balance+0x1b06/0x2690 [ 159.011263][ T6898] btrfs_balance+0xbd8/0x10d0 [ 159.016206][ T6898] btrfs_ioctl_balance+0x496/0x7c0 [pid 6898] <... ioctl resumed> ) = ? [pid 6898] +++ exited with 0 +++ [pid 6897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6897, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=68 /* 0.68 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 159.049552][ T6898] BTRFS info (device loop0): balance: canceled umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/bus") = 0 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6916 ./strace-static-x86_64: Process 6916 attached [pid 6916] set_robust_list(0x5555560fc760, 24) = 0 [pid 6916] chdir("./99") = 0 [pid 6916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6916] setpgid(0, 0) = 0 [pid 6916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6916] write(3, "1000", 4) = 4 [pid 6916] close(3) = 0 [pid 6916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6916] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6916] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6916] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6916] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6917 attached => {parent_tid=[6917]}, 88) = 6917 [pid 6917] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6916] rt_sigprocmask(SIG_SETMASK, [], [pid 6917] <... rseq resumed>) = 0 [pid 6916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6917] set_robust_list(0x7f29736fa9a0, 24 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] <... set_robust_list resumed>) = 0 [pid 6916] <... futex resumed>) = 0 [pid 6917] rt_sigprocmask(SIG_SETMASK, [], [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6917] memfd_create("syzkaller", 0) = 3 [pid 6917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6917] munmap(0x7f296b2da000, 138412032) = 0 [pid 6917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6917] close(3) = 0 [pid 6917] mkdir("./bus", 0777) = 0 [ 159.430860][ T6917] loop0: detected capacity change from 0 to 32768 [ 159.440793][ T6917] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6917) [ 159.457156][ T6917] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 159.466071][ T6917] BTRFS info (device loop0): doing ref verification [pid 6917] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6917] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6917] chdir("./bus") = 0 [pid 6917] ioctl(4, LOOP_CLR_FD) = 0 [pid 6917] close(4) = 0 [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] <... futex resumed>) = 0 [pid 6917] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] <... futex resumed>) = 1 [pid 6917] open("./file0", O_RDONLY) = 4 [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] <... futex resumed>) = 1 [pid 6917] creat("./file1", 000) = 5 [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] <... futex resumed>) = 0 [pid 6917] open("./file0", O_RDONLY) = 6 [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] <... futex resumed>) = 0 [pid 6917] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6916] <... futex resumed>) = 1 [ 159.472685][ T6917] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 159.483573][ T6917] BTRFS info (device loop0): force zlib compression, level 3 [ 159.491288][ T6917] BTRFS info (device loop0): allowing degraded mounts [ 159.498161][ T6917] BTRFS info (device loop0): using free space tree [ 159.520807][ T6917] BTRFS info (device loop0): auto enabling async discard [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] <... ioctl resumed>) = 0 [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6917] creat("./bus", 012) = 7 [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] open("./file0", O_RDONLY) = 9 [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6916] <... futex resumed>) = 0 [pid 6917] <... ioctl resumed>) = 0 [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6917] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 159.596865][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 159.626428][ T6917] BTRFS info (device loop0): balance: start -d -m [ 159.635410][ T6917] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6916] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6916] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6916] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6934 attached => {parent_tid=[6934]}, 88) = 6934 [pid 6916] rt_sigprocmask(SIG_SETMASK, [], [pid 6934] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6934] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6934] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6916] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6934] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 6916] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] <... openat resumed>) = 10 [pid 6934] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6916] <... futex resumed>) = 0 [pid 6916] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6934] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 159.680911][ T6917] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6916] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6934] <... ioctl resumed>) = 0 [pid 6934] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 159.791684][ T6917] BTRFS info (device loop0): found 10 extents, stage: move data extents [pid 6934] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6917] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6917] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [ 159.837385][ T6917] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 159.869095][ T6917] BTRFS info (device loop0): balance: ended with status: 0 [pid 6916] exit_group(0 [pid 6934] <... futex resumed>) = ? [pid 6917] <... futex resumed>) = ? [pid 6916] <... exit_group resumed>) = ? [pid 6934] +++ exited with 0 +++ [pid 6917] +++ exited with 0 +++ [pid 6916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6916, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 159.885946][ T6934] syz-executor293 (6934) used greatest stack depth: 19064 bytes left umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/bus") = 0 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6935 attached , child_tidptr=0x5555560fc750) = 6935 [pid 6935] set_robust_list(0x5555560fc760, 24) = 0 [pid 6935] chdir("./100") = 0 [pid 6935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6935] setpgid(0, 0) = 0 [pid 6935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6935] write(3, "1000", 4) = 4 [pid 6935] close(3) = 0 [pid 6935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6935] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6935] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6936 attached => {parent_tid=[6936]}, 88) = 6936 [pid 6936] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 6936] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6936] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = 0 [pid 6935] <... futex resumed>) = 1 [pid 6936] memfd_create("syzkaller", 0 [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6936] <... memfd_create resumed>) = 3 [pid 6936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6936] munmap(0x7f296b2da000, 138412032) = 0 [pid 6936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6936] close(3) = 0 [pid 6936] mkdir("./bus", 0777) = 0 [ 160.264981][ T6936] loop0: detected capacity change from 0 to 32768 [ 160.275291][ T6936] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6936) [ 160.291417][ T6936] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 160.300297][ T6936] BTRFS info (device loop0): doing ref verification [pid 6936] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6936] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6936] chdir("./bus") = 0 [pid 6936] ioctl(4, LOOP_CLR_FD) = 0 [pid 6936] close(4) = 0 [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6936] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6935] <... futex resumed>) = 0 [pid 6936] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... futex resumed>) = 0 [pid 6936] <... futex resumed>) = 1 [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] open("./file0", O_RDONLY [pid 6935] <... futex resumed>) = 0 [pid 6936] <... open resumed>) = 4 [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6936] <... futex resumed>) = 0 [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] creat("./file1", 000 [pid 6935] <... futex resumed>) = 0 [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... creat resumed>) = 5 [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] open("./file0", O_RDONLY [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... open resumed>) = 6 [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6936] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6935] <... futex resumed>) = 0 [ 160.306960][ T6936] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 160.317867][ T6936] BTRFS info (device loop0): force zlib compression, level 3 [ 160.325298][ T6936] BTRFS info (device loop0): allowing degraded mounts [ 160.332057][ T6936] BTRFS info (device loop0): using free space tree [ 160.354297][ T6936] BTRFS info (device loop0): auto enabling async discard [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... ioctl resumed>) = 0 [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6936] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6936] creat("./bus", 012 [pid 6935] <... futex resumed>) = 0 [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... creat resumed>) = 7 [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6936] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... openat resumed>) = 8 [pid 6935] <... futex resumed>) = 0 [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] open("./file0", O_RDONLY) = 9 [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6936] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6935] <... futex resumed>) = 0 [pid 6936] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... ioctl resumed>) = 0 [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6936] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6935] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 160.441197][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 160.477287][ T6936] BTRFS info (device loop0): balance: start -d -m [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6935] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6935] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6935] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6953 attached [pid 6953] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6935] <... clone3 resumed> => {parent_tid=[6953]}, 88) = 6953 [pid 6953] <... rseq resumed>) = 0 [pid 6953] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 6953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6953] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6935] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... futex resumed>) = 0 [pid 6935] <... futex resumed>) = 1 [pid 6953] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY [pid 6935] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6953] <... openat resumed>) = 10 [ 160.485877][ T6936] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6953] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6953] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] <... futex resumed>) = 0 [pid 6935] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6953] <... futex resumed>) = 0 [pid 6953] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 6935] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6953] <... ioctl resumed>) = 0 [pid 6953] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [ 160.585470][ T6936] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 160.657408][ T6936] BTRFS info (device loop0): found 11 extents, stage: move data extents [pid 6953] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6936] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6936] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] exit_group(0 [pid 6953] <... futex resumed>) = ? [pid 6936] <... futex resumed>) = ? [pid 6953] +++ exited with 0 +++ [pid 6936] +++ exited with 0 +++ [pid 6935] <... exit_group resumed>) = ? [pid 6935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6935, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=48 /* 0.48 s */} --- umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 160.703295][ T6936] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 160.738420][ T6936] BTRFS info (device loop0): balance: ended with status: 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/bus") = 0 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6954 attached , child_tidptr=0x5555560fc750) = 6954 [pid 6954] set_robust_list(0x5555560fc760, 24) = 0 [pid 6954] chdir("./101") = 0 [pid 6954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6954] setpgid(0, 0) = 0 [pid 6954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6954] write(3, "1000", 4) = 4 [pid 6954] close(3) = 0 [pid 6954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6954] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6954] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6954] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6955 attached => {parent_tid=[6955]}, 88) = 6955 [pid 6955] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6954] rt_sigprocmask(SIG_SETMASK, [], [pid 6955] <... rseq resumed>) = 0 [pid 6954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6955] set_robust_list(0x7f29736fa9a0, 24 [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... set_robust_list resumed>) = 0 [pid 6954] <... futex resumed>) = 0 [pid 6955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6955] memfd_create("syzkaller", 0) = 3 [pid 6955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6955] munmap(0x7f296b2da000, 138412032) = 0 [pid 6955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6955] close(3) = 0 [pid 6955] mkdir("./bus", 0777) = 0 [ 161.109932][ T6955] loop0: detected capacity change from 0 to 32768 [ 161.119839][ T6955] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6955) [ 161.137292][ T6955] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 161.146092][ T6955] BTRFS info (device loop0): doing ref verification [ 161.152695][ T6955] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 161.163566][ T6955] BTRFS info (device loop0): force zlib compression, level 3 [ 161.171308][ T6955] BTRFS info (device loop0): allowing degraded mounts [ 161.178319][ T6955] BTRFS info (device loop0): using free space tree [pid 6955] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6955] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6955] chdir("./bus") = 0 [pid 6955] ioctl(4, LOOP_CLR_FD) = 0 [pid 6955] close(4) = 0 [pid 6955] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6955] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] <... futex resumed>) = 0 [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6955] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6955] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... futex resumed>) = 0 [pid 6955] <... futex resumed>) = 1 [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6955] open("./file0", O_RDONLY [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... open resumed>) = 4 [pid 6955] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... futex resumed>) = 0 [pid 6955] <... futex resumed>) = 1 [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] creat("./file1", 000 [pid 6954] <... futex resumed>) = 0 [pid 6955] <... creat resumed>) = 5 [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... futex resumed>) = 0 [pid 6955] <... futex resumed>) = 1 [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] open("./file0", O_RDONLY [pid 6954] <... futex resumed>) = 0 [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... open resumed>) = 6 [pid 6955] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6955] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6954] <... futex resumed>) = 0 [pid 6955] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... ioctl resumed>) = 0 [pid 6955] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6955] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 161.201239][ T6955] BTRFS info (device loop0): auto enabling async discard [pid 6955] creat("./bus", 012 [pid 6954] <... futex resumed>) = 0 [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... creat resumed>) = 7 [pid 6955] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6955] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6954] <... futex resumed>) = 0 [pid 6955] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... openat resumed>) = 8 [pid 6955] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... futex resumed>) = 0 [pid 6955] <... futex resumed>) = 1 [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6955] open("./file0", O_RDONLY [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... open resumed>) = 9 [pid 6955] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6955] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6954] <... futex resumed>) = 0 [pid 6955] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6955] <... ioctl resumed>) = 0 [pid 6955] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6955] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6954] <... futex resumed>) = 0 [pid 6955] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6954] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6954] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6954] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6972 attached => {parent_tid=[6972]}, 88) = 6972 [pid 6954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6954] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6972] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 6972] set_robust_list(0x7f29736d99a0, 24) = 0 [ 161.276773][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 161.307564][ T6955] BTRFS info (device loop0): balance: start -d -m [ 161.315942][ T6955] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6972] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6972] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6972] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] <... futex resumed>) = 0 [pid 6954] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = 1 [pid 6972] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 161.357581][ T6955] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 161.374573][ T6955] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 161.385098][ T6955] BTRFS error (device loop0): dumping block entry [5398528 4096], num_refs 0, metadata 1, from disk 0 [ 161.396490][ T6955] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [pid 6954] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 161.405247][ T6955] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 161.416667][ T6955] __btrfs_cow_block+0x465/0x1a90 [ 161.421908][ T6955] btrfs_cow_block+0x35e/0xa10 [ 161.426934][ T6955] btrfs_search_slot+0xbf9/0x2f80 [ 161.432168][ T6955] btrfs_insert_empty_items+0x9c/0x180 [ 161.437900][ T6955] insert_with_overflow+0x150/0x3f0 [ 161.443305][ T6955] btrfs_insert_dir_item+0x243/0x630 [ 161.448814][ T6955] btrfs_add_link+0x270/0xc50 [ 161.453682][ T6955] btrfs_create_new_inode+0x1b3d/0x2710 [ 161.459541][ T6955] btrfs_create_common+0x1f9/0x300 [ 161.464916][ T6955] path_openat+0x13e7/0x3180 [ 161.469707][ T6955] do_filp_open+0x234/0x490 [ 161.474511][ T6955] do_sys_openat2+0x13e/0x1d0 [ 161.479386][ T6955] __x64_sys_creat+0x123/0x160 [ 161.484338][ T6955] do_syscall_64+0x41/0xc0 [ 161.488991][ T6955] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 161.495131][ T6955] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 161.508113][ T6955] __btrfs_cow_block+0xcca/0x1a90 [ 161.513337][ T6955] btrfs_cow_block+0x35e/0xa10 [ 161.518355][ T6955] btrfs_search_slot+0xbf9/0x2f80 [ 161.523569][ T6955] btrfs_lookup_inode+0xdc/0x480 [ 161.528755][ T6955] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 161.534865][ T6955] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 161.541628][ T6955] __btrfs_run_delayed_items+0x213/0x490 [ 161.547562][ T6955] btrfs_commit_transaction+0x8a4/0x3730 [ 161.553399][ T6955] prepare_to_relocate+0x3c5/0x4c0 [pid 6954] exit_group(0) = ? [ 161.558788][ T6955] relocate_block_group+0x17f/0xcd0 [ 161.564189][ T6955] btrfs_relocate_block_group+0x7ab/0xd70 [ 161.570146][ T6955] btrfs_relocate_chunk+0x12c/0x3b0 [ 161.575591][ T6955] __btrfs_balance+0x1b06/0x2690 [ 161.580718][ T6955] btrfs_balance+0xbd8/0x10d0 [ 161.585641][ T6955] btrfs_ioctl_balance+0x496/0x7c0 [ 161.590979][ T6955] __se_sys_ioctl+0xf8/0x170 [ 161.595876][ T6955] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [ 161.607769][ T6955] __btrfs_mod_ref+0x9b1/0xe20 [ 161.612720][ T6955] btrfs_copy_root+0x851/0xce0 [ 161.617749][ T6955] create_reloc_root+0x244/0x9a0 [ 161.622894][ T6955] btrfs_init_reloc_root+0x329/0x4e0 [ 161.628415][ T6955] record_root_in_trans+0x2c9/0x360 [ 161.633815][ T6955] qgroup_account_snapshot+0xa9/0x340 [ 161.639492][ T6955] create_pending_snapshot+0x1050/0x28b0 [ 161.645375][ T6955] create_pending_snapshots+0x195/0x1d0 [ 161.651103][ T6955] btrfs_commit_transaction+0xf1c/0x3730 [pid 6972] <... ioctl resumed>) = ? [pid 6972] +++ exited with 0 +++ [ 161.656971][ T6955] prepare_to_relocate+0x3c5/0x4c0 [ 161.662276][ T6955] relocate_block_group+0x17f/0xcd0 [ 161.667695][ T6955] btrfs_relocate_block_group+0x7ab/0xd70 [ 161.673608][ T6955] btrfs_relocate_chunk+0x12c/0x3b0 [ 161.679069][ T6955] __btrfs_balance+0x1b06/0x2690 [ 161.684212][ T6955] btrfs_balance+0xbd8/0x10d0 [ 161.689134][ T6955] btrfs_ioctl_balance+0x496/0x7c0 [pid 6955] <... ioctl resumed> ) = ? [pid 6955] +++ exited with 0 +++ [pid 6954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6954, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=69 /* 0.69 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 161.724049][ T6955] BTRFS info (device loop0): balance: canceled umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/bus") = 0 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6973 attached , child_tidptr=0x5555560fc750) = 6973 [pid 6973] set_robust_list(0x5555560fc760, 24) = 0 [pid 6973] chdir("./102") = 0 [pid 6973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6973] setpgid(0, 0) = 0 [pid 6973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6973] write(3, "1000", 4) = 4 [pid 6973] close(3) = 0 [pid 6973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6973] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6973] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6974 attached => {parent_tid=[6974]}, 88) = 6974 [pid 6973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6974] <... rseq resumed>) = 0 [pid 6974] set_robust_list(0x7f29736fa9a0, 24) = 0 [pid 6974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6974] memfd_create("syzkaller", 0) = 3 [pid 6974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6974] munmap(0x7f296b2da000, 138412032) = 0 [pid 6974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6974] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6974] close(3) = 0 [pid 6974] mkdir("./bus", 0777) = 0 [ 162.091680][ T6974] loop0: detected capacity change from 0 to 32768 [ 162.100953][ T6974] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6974) [ 162.117262][ T6974] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 162.126083][ T6974] BTRFS info (device loop0): doing ref verification [pid 6974] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6974] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6974] chdir("./bus") = 0 [pid 6974] ioctl(4, LOOP_CLR_FD) = 0 [pid 6974] close(4) = 0 [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6973] <... futex resumed>) = 0 [pid 6974] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6973] <... futex resumed>) = 0 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154) = -1 EBADF (Bad file descriptor) [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 0 [pid 6974] <... futex resumed>) = 1 [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] open("./file0", O_RDONLY [pid 6973] <... futex resumed>) = 0 [pid 6974] <... open resumed>) = 4 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 0 [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] <... futex resumed>) = 1 [pid 6974] creat("./file1", 000) = 5 [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 0 [pid 6974] <... futex resumed>) = 1 [pid 6974] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6973] <... futex resumed>) = 0 [pid 6974] open("./file0", O_RDONLY [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] <... open resumed>) = 6 [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6973] <... futex resumed>) = 0 [pid 6974] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] <... ioctl resumed>) = 0 [ 162.132691][ T6974] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 162.143573][ T6974] BTRFS info (device loop0): force zlib compression, level 3 [ 162.151090][ T6974] BTRFS info (device loop0): allowing degraded mounts [ 162.157965][ T6974] BTRFS info (device loop0): using free space tree [ 162.180309][ T6974] BTRFS info (device loop0): auto enabling async discard [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6974] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] <... futex resumed>) = 0 [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] <... futex resumed>) = 0 [pid 6974] creat("./bus", 012) = 7 [pid 6973] <... futex resumed>) = 1 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 0 [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] <... futex resumed>) = 1 [pid 6974] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 0 [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] <... futex resumed>) = 1 [pid 6974] open("./file0", O_RDONLY) = 9 [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6973] <... futex resumed>) = 0 [pid 6974] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6974] <... futex resumed>) = 0 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6973] <... futex resumed>) = 0 [pid 6974] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6973] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6973] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6973] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0}./strace-static-x86_64: Process 6990 attached => {parent_tid=[6990]}, 88) = 6990 [pid 6990] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053 [pid 6973] rt_sigprocmask(SIG_SETMASK, [], [pid 6990] <... rseq resumed>) = 0 [pid 6973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] set_robust_list(0x7f29736d99a0, 24 [pid 6973] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... set_robust_list resumed>) = 0 [pid 6973] <... futex resumed>) = 0 [ 162.245845][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 162.259957][ T6974] BTRFS info (device loop0): balance: start -d -m [ 162.268790][ T6974] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6990] rt_sigprocmask(SIG_SETMASK, [], [pid 6973] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 6990] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 0 [pid 6973] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6973] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6990] <... futex resumed>) = 1 [pid 6990] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"}) = 0 [pid 6990] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6973] <... futex resumed>) = 0 [ 162.305327][ T6974] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 162.397799][ T6974] BTRFS info (device loop0): found 7 extents, stage: move data extents [pid 6990] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6974] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6974] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] exit_group(0 [pid 6990] <... futex resumed>) = ? [pid 6974] <... futex resumed>) = ? [pid 6990] +++ exited with 0 +++ [pid 6974] +++ exited with 0 +++ [pid 6973] <... exit_group resumed>) = ? [pid 6973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6973, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 162.441402][ T6974] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 162.473724][ T6974] BTRFS info (device loop0): balance: ended with status: 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/bus") = 0 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 6991 ./strace-static-x86_64: Process 6991 attached [pid 6991] set_robust_list(0x5555560fc760, 24) = 0 [pid 6991] chdir("./103") = 0 [pid 6991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6991] setpgid(0, 0) = 0 [pid 6991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6991] write(3, "1000", 4) = 4 [pid 6991] close(3) = 0 [pid 6991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6991] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 6991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 6991] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 6992 attached [pid 6992] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053 [pid 6991] <... clone3 resumed> => {parent_tid=[6992]}, 88) = 6992 [pid 6992] <... rseq resumed>) = 0 [pid 6991] rt_sigprocmask(SIG_SETMASK, [], [pid 6992] set_robust_list(0x7f29736fa9a0, 24 [pid 6991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6992] <... set_robust_list resumed>) = 0 [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6992] memfd_create("syzkaller", 0) = 3 [pid 6992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 6992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6992] munmap(0x7f296b2da000, 138412032) = 0 [pid 6992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6992] close(3) = 0 [pid 6992] mkdir("./bus", 0777) = 0 [ 162.848611][ T6992] loop0: detected capacity change from 0 to 32768 [ 162.858849][ T6992] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (6992) [ 162.875604][ T6992] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 162.884321][ T6992] BTRFS info (device loop0): doing ref verification [pid 6992] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 6992] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6992] chdir("./bus") = 0 [pid 6992] ioctl(4, LOOP_CLR_FD) = 0 [pid 6992] close(4) = 0 [pid 6992] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 6991] <... futex resumed>) = 0 [pid 6992] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6992] open("./file0", O_RDONLY [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] <... open resumed>) = 4 [pid 6992] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] creat("./file1", 000 [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] <... creat resumed>) = 5 [ 162.890982][ T6992] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 162.901909][ T6992] BTRFS info (device loop0): force zlib compression, level 3 [ 162.909353][ T6992] BTRFS info (device loop0): allowing degraded mounts [ 162.916188][ T6992] BTRFS info (device loop0): using free space tree [ 162.938648][ T6992] BTRFS info (device loop0): auto enabling async discard [pid 6992] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] <... futex resumed>) = 0 [pid 6992] <... futex resumed>) = 1 [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] open("./file0", O_RDONLY [pid 6991] <... futex resumed>) = 0 [pid 6992] <... open resumed>) = 6 [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6992] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] <... futex resumed>) = 0 [pid 6992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6992] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] <... ioctl resumed>) = 0 [pid 6992] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6992] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6991] <... futex resumed>) = 0 [pid 6992] creat("./bus", 012 [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] <... creat resumed>) = 7 [pid 6992] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6992] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... futex resumed>) = 0 [pid 6991] <... futex resumed>) = 1 [pid 6992] openat(AT_FDCWD, "./file0", O_RDONLY [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] <... openat resumed>) = 8 [pid 6992] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6992] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] open("./file0", O_RDONLY) = 9 [pid 6992] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6992] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... futex resumed>) = 0 [pid 6991] <... futex resumed>) = 1 [pid 6992] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6992] <... ioctl resumed>) = 0 [pid 6992] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 6992] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... futex resumed>) = 0 [pid 6991] <... futex resumed>) = 1 [pid 6992] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 163.022971][ T1095] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6991] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6991] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 6991] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[7009]}, 88) = 7009 [pid 6991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6991] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7009 attached [pid 6991] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7009] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 7009] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 7009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7009] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [pid 7009] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] <... futex resumed>) = 0 [pid 7009] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 7009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6991] <... futex resumed>) = 0 [pid 7009] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [ 163.067366][ T6992] BTRFS info (device loop0): balance: start -d -m [ 163.085680][ T6992] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6991] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 7009] <... ioctl resumed>) = 0 [pid 7009] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 163.195160][ T6992] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 163.260090][ T6992] BTRFS info (device loop0): found 12 extents, stage: move data extents [pid 7009] futex(0x7f29737cc718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6991] exit_group(0 [pid 7009] <... futex resumed>) = ? [pid 6991] <... exit_group resumed>) = ? [pid 7009] +++ exited with 0 +++ [pid 6992] <... ioctl resumed> ) = ? [pid 6992] +++ exited with 0 +++ [pid 6991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6991, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555560fd7f0 /* 4 entries */, 32768) = 104 [ 163.303296][ T6992] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 163.338722][ T6992] BTRFS info (device loop0): balance: ended with status: 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556105830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556105830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/bus") = 0 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 getdents64(3, 0x5555560fd7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560fc750) = 7010 ./strace-static-x86_64: Process 7010 attached [pid 7010] set_robust_list(0x5555560fc760, 24) = 0 [pid 7010] chdir("./104") = 0 [pid 7010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7010] setpgid(0, 0) = 0 [pid 7010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7010] write(3, "1000", 4) = 4 [pid 7010] close(3) = 0 [pid 7010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7010] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] rt_sigaction(SIGRT_1, {sa_handler=0x7f297376c470, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f297370e1f0}, NULL, 8) = 0 [pid 7010] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736da000 [pid 7010] mprotect(0x7f29736db000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7010] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736fa990, parent_tid=0x7f29736fa990, exit_signal=0, stack=0x7f29736da000, stack_size=0x20240, tls=0x7f29736fa6c0}./strace-static-x86_64: Process 7011 attached [pid 7011] rseq(0x7f29736fafe0, 0x20, 0, 0x53053053) = 0 [pid 7010] <... clone3 resumed> => {parent_tid=[7011]}, 88) = 7011 [pid 7010] rt_sigprocmask(SIG_SETMASK, [], [pid 7011] set_robust_list(0x7f29736fa9a0, 24 [pid 7010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7011] <... set_robust_list resumed>) = 0 [pid 7011] rt_sigprocmask(SIG_SETMASK, [], [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7010] <... futex resumed>) = 0 [pid 7011] memfd_create("syzkaller", 0 [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7011] <... memfd_create resumed>) = 3 [pid 7011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f296b2da000 [pid 7011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 7011] munmap(0x7f296b2da000, 138412032) = 0 [pid 7011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7011] close(3) = 0 [pid 7011] mkdir("./bus", 0777) = 0 [ 163.739019][ T7011] loop0: detected capacity change from 0 to 32768 [ 163.749785][ T7011] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor293 (7011) [ 163.768463][ T7011] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 163.777221][ T7011] BTRFS info (device loop0): doing ref verification [pid 7011] mount("/dev/loop0", "./bus", "btrfs", MS_DIRSYNC, "ref_verify,nossd,inode_cache,compress-force,space_cache=v2,degraded,noacl,") = 0 [pid 7011] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 7011] chdir("./bus") = 0 [pid 7011] ioctl(4, LOOP_CLR_FD) = 0 [pid 7011] close(4) = 0 [pid 7011] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7011] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7010] <... futex resumed>) = 0 [pid 7011] write(-1, "\x23\x21\x20\x2e\x2f\x62\x75\x73\x2f\x2e\x2e\x2f\x66\x69\x6c\x65\x30\x20\x20\x63\x6f\x6d\x70\x72\x65\x73\x73\x2d\x66\x6f\x72\x63\x65\x0a\x8c\x06\xed\xf9\xc1\x37\x95\xbf\x27\x6f\x17\x88\x38\x15\xf9\x72\xc6\x89\x1e\x7f\x1a\x6d\xa6\x1c\xe3\x6b\x76\x41\x3f\xd6\xd6\xd0\x94\xe6\xa4\xc5\x34\xa9\x01\x1b\x52\x10\x04\x9e\x8d\x47\x0d\x60\x10\x4e\x5b\x75\x9f\x48\xf4\x02\x6c\x15\x1f\xd0\x8e\x79\x51\x90\x17\x1a"..., 154 [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 7011] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7011] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7010] <... futex resumed>) = 0 [pid 7011] open("./file0", O_RDONLY [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] <... open resumed>) = 4 [pid 7011] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] creat("./file1", 000 [pid 7010] <... futex resumed>) = 0 [pid 7011] <... creat resumed>) = 5 [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] open("./file0", O_RDONLY) = 6 [pid 7011] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7011] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7010] <... futex resumed>) = 0 [ 163.783826][ T7011] BTRFS warning (device loop0): the 'inode_cache' option is deprecated and has no effect since 5.11 [ 163.794792][ T7011] BTRFS info (device loop0): force zlib compression, level 3 [ 163.802455][ T7011] BTRFS info (device loop0): allowing degraded mounts [ 163.809306][ T7011] BTRFS info (device loop0): using free space tree [ 163.831600][ T7011] BTRFS info (device loop0): auto enabling async discard [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = 0 [pid 7011] ioctl(6, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE} [pid 7010] <... futex resumed>) = 1 [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] <... ioctl resumed>) = 0 [pid 7011] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] <... futex resumed>) = 1 [pid 7011] creat("./bus", 012) = 7 [pid 7011] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] openat(AT_FDCWD, "./file0", O_RDONLY) = 8 [pid 7011] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7011] futex(0x7f29737cc708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] open("./file0", O_RDONLY) = 9 [pid 7011] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] ioctl(9, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 7011] futex(0x7f29737cc70c, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7f29737cc708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] <... futex resumed>) = 1 [pid 7011] ioctl(9, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 7010] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7010] futex(0x7f29737cc70c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 7010] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29736b9000 [pid 7010] mprotect(0x7f29736ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7010] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f29736d9990, parent_tid=0x7f29736d9990, exit_signal=0, stack=0x7f29736b9000, stack_size=0x20240, tls=0x7f29736d96c0} => {parent_tid=[7028]}, 88) = 7028 [pid 7010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7010] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7028 attached ) = 0 [pid 7028] rseq(0x7f29736d9fe0, 0x20, 0, 0x53053053) = 0 [pid 7010] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7028] set_robust_list(0x7f29736d99a0, 24) = 0 [pid 7028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7028] openat(9, "./file0", O_RDONLY|O_EXCL|O_NOCTTY) = 10 [ 163.904300][ T42] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 163.935543][ T7011] BTRFS info (device loop0): balance: start -d -m [ 163.943899][ T7011] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 7028] futex(0x7f29737cc71c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7010] <... futex resumed>) = 0 [pid 7010] futex(0x7f29737cc718, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] ioctl(8, BTRFS_IOC_SNAP_CREATE, {fd=10, name="\x57\x8f\x39\xdc\x63\x12\xf0\x22\x85\x3f\xa8\xf8"} [pid 7010] <... futex resumed>) = 0 [ 163.985968][ T7011] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 164.003220][ T7028] BTRFS error (device loop0): trying to do action 1 for a bytenr that has 0 total references [ 164.013814][ T7028] BTRFS error (device loop0): dumping block entry [5398528 4096], num_refs 0, metadata 1, from disk 0 [ 164.025177][ T7028] BTRFS error (device loop0): root entry 5, num_refs 18446744073709551615 [pid 7010] futex(0x7f29737cc71c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 164.033916][ T7028] BTRFS error (device loop0): Ref action 3, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 1 [ 164.045311][ T7028] __btrfs_cow_block+0x465/0x1a90 [ 164.050581][ T7028] btrfs_cow_block+0x35e/0xa10 [ 164.055823][ T7028] btrfs_search_slot+0xbf9/0x2f80 [ 164.061061][ T7028] btrfs_insert_empty_items+0x9c/0x180 [ 164.066826][ T7028] insert_with_overflow+0x150/0x3f0 [ 164.072241][ T7028] btrfs_insert_dir_item+0x243/0x630 [ 164.077807][ T7028] btrfs_add_link+0x270/0xc50 [ 164.082701][ T7028] btrfs_create_new_inode+0x1b3d/0x2710 [ 164.088614][ T7028] btrfs_create_common+0x1f9/0x300 [ 164.093944][ T7028] path_openat+0x13e7/0x3180 [ 164.098821][ T7028] do_filp_open+0x234/0x490 [ 164.103551][ T7028] do_sys_openat2+0x13e/0x1d0 [ 164.108483][ T7028] __x64_sys_creat+0x123/0x160 [ 164.113456][ T7028] do_syscall_64+0x41/0xc0 [ 164.118164][ T7028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 164.124275][ T7028] BTRFS error (device loop0): Ref action 2, root 5, ref_root 5, parent 0, owner 0, offset 0, num_refs 18446744073709551615 [ 164.137299][ T7028] __btrfs_cow_block+0xcca/0x1a90 [ 164.142535][ T7028] btrfs_cow_block+0x35e/0xa10 [ 164.147553][ T7028] btrfs_search_slot+0xbf9/0x2f80 [ 164.152784][ T7028] btrfs_lookup_inode+0xdc/0x480 [ 164.158018][ T7028] __btrfs_update_delayed_inode+0x1ef/0xab0 [ 164.164144][ T7028] __btrfs_commit_inode_delayed_items+0x228e/0x2410 [ 164.170981][ T7028] __btrfs_run_delayed_items+0x213/0x490 [ 164.176841][ T7028] btrfs_commit_transaction+0x8a4/0x3730 [pid 7010] exit_group(0) = ? [ 164.182648][ T7028] create_snapshot+0x4a5/0x7e0 [ 164.187634][ T7028] btrfs_mksubvol+0x5d0/0x750 [ 164.192529][ T7028] btrfs_mksnapshot+0xb5/0xf0 [ 164.197508][ T7028] __btrfs_ioctl_snap_create+0x344/0x460 [ 164.203373][ T7028] btrfs_ioctl_snap_create+0x13c/0x190 [ 164.209129][ T7028] btrfs_ioctl+0xbbf/0xd40 [ 164.213754][ T7028] __se_sys_ioctl+0xf8/0x170 [ 164.218597][ T7028] do_syscall_64+0x41/0xc0 [ 164.223230][ T7028] BTRFS error (device loop0): Ref action 1, root 5, ref_root 0, parent 8544256, owner 0, offset 0, num_refs 1 [ 164.235146][ T7028] __btrfs_mod_ref+0x9b1/0xe20 [ 164.240124][ T7028] btrfs_copy_root+0x851/0xce0 [ 164.245138][ T7028] create_reloc_root+0x244/0x9a0 [ 164.250291][ T7028] btrfs_init_reloc_root+0x329/0x4e0 [ 164.255849][ T7028] record_root_in_trans+0x2c9/0x360 [ 164.261276][ T7028] qgroup_account_snapshot+0xa9/0x340 [ 164.266924][ T7028] create_pending_snapshot+0x1050/0x28b0 [ 164.272762][ T7028] create_pending_snapshots+0x195/0x1d0 [ 164.278561][ T7028] btrfs_commit_transaction+0xf1c/0x3730 [ 164.284449][ T7028] create_snapshot+0x4a5/0x7e0 [ 164.289404][ T7028] btrfs_mksubvol+0x5d0/0x750 [ 164.294282][ T7028] btrfs_mksnapshot+0xb5/0xf0 [ 164.299239][ T7028] __btrfs_ioctl_snap_create+0x344/0x460 [ 164.305105][ T7028] btrfs_ioctl_snap_create+0x13c/0x190 [ 164.310752][ T7028] btrfs_ioctl+0xbbf/0xd40 [ 164.315414][ T7028] __se_sys_ioctl+0xf8/0x170 [ 164.322414][ T7028] ------------[ cut here ]------------ [ 164.328172][ T7028] WARNING: CPU: 0 PID: 7028 at fs/btrfs/extent-tree.c:851 lookup_inline_extent_backref+0x1041/0x14b0 [ 164.339365][ T7028] Modules linked in: [ 164.343281][ T7028] CPU: 0 PID: 7028 Comm: syz-executor293 Not tainted 6.6.0-rc7-syzkaller-00195-g2af9b20dbb39 #0 [ 164.354041][ T7028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 164.364479][ T7028] RIP: 0010:lookup_inline_extent_backref+0x1041/0x14b0 [ 164.371345][ T7028] Code: 9c 24 28 01 00 00 bf c0 00 00 00 89 de e8 b7 7c 00 fe 81 fb c0 00 00 00 0f 83 fd 00 00 00 e8 16 7a 00 fe eb 81 e8 0f 7a 00 fe <0f> 0b 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 17 29 [ 164.391324][ T7028] RSP: 0018:ffffc9000eb56da0 EFLAGS: 00010293 [ 164.397759][ T7028] RAX: ffffffff838da351 RBX: 0000000000000000 RCX: ffff88807c693b80 [ 164.406341][ T7028] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 164.414317][ T7028] RBP: ffffc9000eb56f50 R08: ffffffff838d975a R09: 0000000000000000 [ 164.422385][ T7028] R10: ffffc9000eb56b00 R11: fffff52001d6ad62 R12: dffffc0000000000 [ 164.430400][ T7028] R13: ffff88807debf000 R14: ffff88801bb68000 R15: ffffc9000eb56ec0 [ 164.438435][ T7028] FS: 00007f29736d96c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 164.447401][ T7028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.454002][ T7028] CR2: 00007f29737927f8 CR3: 000000001a378000 CR4: 00000000003506f0 [ 164.462041][ T7028] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 164.470067][ T7028] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 164.478099][ T7028] Call Trace: [ 164.481412][ T7028] [ 164.484422][ T7028] ? __warn+0x162/0x4a0 [ 164.488603][ T7028] ? lookup_inline_extent_backref+0x1041/0x14b0 [ 164.494915][ T7028] ? report_bug+0x2b3/0x500 [ 164.499440][ T7028] ? lookup_inline_extent_backref+0x1041/0x14b0 [ 164.505752][ T7028] ? handle_bug+0x3d/0x70 [ 164.510118][ T7028] ? exc_invalid_op+0x1a/0x50 [ 164.514910][ T7028] ? asm_exc_invalid_op+0x1a/0x20 [ 164.519978][ T7028] ? lookup_inline_extent_backref+0x44a/0x14b0 [ 164.526195][ T7028] ? lookup_inline_extent_backref+0x1041/0x14b0 [ 164.532464][ T7028] ? lookup_inline_extent_backref+0x1041/0x14b0 [ 164.538761][ T7028] ? __btrfs_ioctl_snap_create+0x344/0x460 [ 164.544672][ T7028] ? btrfs_ioctl_snap_create+0x13c/0x190 [ 164.550362][ T7028] ? insert_extent_data_ref+0xa30/0xa30 [ 164.556002][ T7028] insert_inline_extent_backref+0xda/0x2a0 [ 164.561838][ T7028] ? alloc_reserved_extent+0x290/0x290 [ 164.567372][ T7028] ? rcu_is_watching+0x15/0xb0 [ 164.572170][ T7028] ? kmem_cache_alloc+0x152/0x300 [ 164.577291][ T7028] __btrfs_inc_extent_ref+0x123/0x5b0 [ 164.582734][ T7028] ? btrfs_put_delayed_ref+0x210/0x210 [ 164.588271][ T7028] ? do_raw_spin_unlock+0x13b/0x8b0 [ 164.593502][ T7028] __btrfs_run_delayed_refs+0x1199/0x4000 [ 164.599341][ T7028] ? btrfs_run_delayed_refs+0x470/0x470 [ 164.604975][ T7028] ? btrfs_run_delayed_refs+0x23c/0x470 [ 164.610550][ T7028] ? __might_sleep+0xc0/0xc0 [ 164.615223][ T7028] ? do_raw_spin_unlock+0x13b/0x8b0 [ 164.620465][ T7028] ? btrfs_init_reloc_root+0x385/0x4e0 [ 164.626026][ T7028] btrfs_run_delayed_refs+0x2f3/0x470 [ 164.631454][ T7028] qgroup_account_snapshot+0xce/0x340 [ 164.636947][ T7028] create_pending_snapshot+0x1050/0x28b0 [ 164.642643][ T7028] ? trace_btrfs_space_reservation+0x210/0x210 [ 164.648846][ T7028] ? __mutex_trylock_common+0xff/0x2e0 [ 164.654401][ T7028] ? rcu_is_watching+0x15/0xb0 [ 164.659195][ T7028] ? trace_contention_end+0x3c/0xf0 [ 164.664483][ T7028] ? __mutex_lock+0x2ee/0xd60 [ 164.669207][ T7028] ? mutex_lock_nested+0x20/0x20 [ 164.674187][ T7028] create_pending_snapshots+0x195/0x1d0 [ 164.679832][ T7028] ? btrfs_commit_transaction+0x17b/0x3730 [ 164.685689][ T7028] btrfs_commit_transaction+0xf1c/0x3730 [ 164.691332][ T7028] ? btrfs_commit_transaction+0x17b/0x3730 [ 164.697224][ T7028] ? btrfs_commit_transaction_async+0x480/0x480 [ 164.703504][ T7028] ? do_raw_spin_unlock+0x13b/0x8b0 [ 164.708775][ T7028] ? join_transaction+0x400/0xce0 [ 164.713854][ T7028] ? join_transaction+0x440/0xce0 [ 164.718927][ T7028] ? join_transaction+0x400/0xce0 [ 164.723998][ T7028] ? btrfs_record_root_in_trans+0x12d/0x180 [ 164.729966][ T7028] ? wake_bit_function+0x220/0x220 [ 164.735149][ T7028] create_snapshot+0x4a5/0x7e0 [ 164.739953][ T7028] btrfs_mksubvol+0x5d0/0x750 [ 164.744706][ T7028] ? __btrfs_ioctl_snap_create+0x460/0x460 [ 164.750549][ T7028] ? __fget_files+0x28/0x4a0 [ 164.755211][ T7028] ? __fget_files+0x28/0x4a0 [ 164.759823][ T7028] btrfs_mksnapshot+0xb5/0xf0 [ 164.764587][ T7028] __btrfs_ioctl_snap_create+0x344/0x460 [ 164.770270][ T7028] btrfs_ioctl_snap_create+0x13c/0x190 [ 164.775804][ T7028] btrfs_ioctl+0xbbf/0xd40 [ 164.780248][ T7028] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 164.786726][ T7028] __se_sys_ioctl+0xf8/0x170 [ 164.791357][ T7028] do_syscall_64+0x41/0xc0 [ 164.795827][ T7028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 164.801746][ T7028] RIP: 0033:0x7f2973746589 [ 164.806204][ T7028] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 164.825902][ T7028] RSP: 002b:00007f29736d9168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.834409][ T7028] RAX: ffffffffffffffda RBX: 00007f29737cc718 RCX: 00007f2973746589 [ 164.842424][ T7028] RDX: 0000000020001380 RSI: 0000000050009401 RDI: 0000000000000008 [ 164.850529][ T7028] RBP: 00007f29737cc710 R08: 00007f29736d96c0 R09: 0000000000000000 [ 164.858576][ T7028] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29737cc71c [ 164.866652][ T7028] R13: 000000000000006e R14: 00007ffc4107ae40 R15: 00007ffc4107af28 [ 164.874698][ T7028] [ 164.877764][ T7028] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 164.885056][ T7028] CPU: 0 PID: 7028 Comm: syz-executor293 Not tainted 6.6.0-rc7-syzkaller-00195-g2af9b20dbb39 #0 [ 164.895481][ T7028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 164.905539][ T7028] Call Trace: [ 164.908834][ T7028] [ 164.911770][ T7028] dump_stack_lvl+0x1e7/0x2d0 [ 164.916469][ T7028] ? nf_tcp_handle_invalid+0x650/0x650 [ 164.921940][ T7028] ? panic+0x770/0x770 [ 164.926021][ T7028] ? vscnprintf+0x5d/0x80 [ 164.930362][ T7028] panic+0x30f/0x770 [ 164.934275][ T7028] ? __warn+0x171/0x4a0 [ 164.938435][ T7028] ? __memcpy_flushcache+0x2b0/0x2b0 [ 164.943736][ T7028] __warn+0x314/0x4a0 [ 164.947727][ T7028] ? lookup_inline_extent_backref+0x1041/0x14b0 [ 164.953980][ T7028] report_bug+0x2b3/0x500 [ 164.958317][ T7028] ? lookup_inline_extent_backref+0x1041/0x14b0 [ 164.964566][ T7028] handle_bug+0x3d/0x70 [ 164.968731][ T7028] exc_invalid_op+0x1a/0x50 [ 164.973244][ T7028] asm_exc_invalid_op+0x1a/0x20 [ 164.978105][ T7028] RIP: 0010:lookup_inline_extent_backref+0x1041/0x14b0 [ 164.984966][ T7028] Code: 9c 24 28 01 00 00 bf c0 00 00 00 89 de e8 b7 7c 00 fe 81 fb c0 00 00 00 0f 83 fd 00 00 00 e8 16 7a 00 fe eb 81 e8 0f 7a 00 fe <0f> 0b 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 17 29 [ 165.004576][ T7028] RSP: 0018:ffffc9000eb56da0 EFLAGS: 00010293 [ 165.010652][ T7028] RAX: ffffffff838da351 RBX: 0000000000000000 RCX: ffff88807c693b80 [ 165.018628][ T7028] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 165.026609][ T7028] RBP: ffffc9000eb56f50 R08: ffffffff838d975a R09: 0000000000000000 [ 165.034604][ T7028] R10: ffffc9000eb56b00 R11: fffff52001d6ad62 R12: dffffc0000000000 [ 165.042588][ T7028] R13: ffff88807debf000 R14: ffff88801bb68000 R15: ffffc9000eb56ec0 [ 165.050574][ T7028] ? lookup_inline_extent_backref+0x44a/0x14b0 [ 165.056744][ T7028] ? lookup_inline_extent_backref+0x1041/0x14b0 [ 165.063013][ T7028] ? __btrfs_ioctl_snap_create+0x344/0x460 [ 165.068849][ T7028] ? btrfs_ioctl_snap_create+0x13c/0x190 [ 165.074530][ T7028] ? insert_extent_data_ref+0xa30/0xa30 [ 165.080117][ T7028] insert_inline_extent_backref+0xda/0x2a0 [ 165.085946][ T7028] ? alloc_reserved_extent+0x290/0x290 [ 165.091416][ T7028] ? rcu_is_watching+0x15/0xb0 [ 165.096197][ T7028] ? kmem_cache_alloc+0x152/0x300 [ 165.101258][ T7028] __btrfs_inc_extent_ref+0x123/0x5b0 [ 165.106675][ T7028] ? btrfs_put_delayed_ref+0x210/0x210 [ 165.112166][ T7028] ? do_raw_spin_unlock+0x13b/0x8b0 [ 165.117392][ T7028] __btrfs_run_delayed_refs+0x1199/0x4000 [ 165.123168][ T7028] ? btrfs_run_delayed_refs+0x470/0x470 [ 165.128754][ T7028] ? btrfs_run_delayed_refs+0x23c/0x470 [ 165.134317][ T7028] ? __might_sleep+0xc0/0xc0 [ 165.138953][ T7028] ? do_raw_spin_unlock+0x13b/0x8b0 [ 165.144162][ T7028] ? btrfs_init_reloc_root+0x385/0x4e0 [ 165.149637][ T7028] btrfs_run_delayed_refs+0x2f3/0x470 [ 165.155029][ T7028] qgroup_account_snapshot+0xce/0x340 [ 165.160425][ T7028] create_pending_snapshot+0x1050/0x28b0 [ 165.166112][ T7028] ? trace_btrfs_space_reservation+0x210/0x210 [ 165.172286][ T7028] ? __mutex_trylock_common+0xff/0x2e0 [ 165.177773][ T7028] ? rcu_is_watching+0x15/0xb0 [ 165.182554][ T7028] ? trace_contention_end+0x3c/0xf0 [ 165.187775][ T7028] ? __mutex_lock+0x2ee/0xd60 [ 165.192486][ T7028] ? mutex_lock_nested+0x20/0x20 [ 165.197450][ T7028] create_pending_snapshots+0x195/0x1d0 [ 165.203019][ T7028] ? btrfs_commit_transaction+0x17b/0x3730 [ 165.208835][ T7028] btrfs_commit_transaction+0xf1c/0x3730 [ 165.214487][ T7028] ? btrfs_commit_transaction+0x17b/0x3730 [ 165.220342][ T7028] ? btrfs_commit_transaction_async+0x480/0x480 [ 165.226623][ T7028] ? do_raw_spin_unlock+0x13b/0x8b0 [ 165.231844][ T7028] ? join_transaction+0x400/0xce0 [ 165.236878][ T7028] ? join_transaction+0x440/0xce0 [ 165.241923][ T7028] ? join_transaction+0x400/0xce0 [ 165.246960][ T7028] ? btrfs_record_root_in_trans+0x12d/0x180 [ 165.252871][ T7028] ? wake_bit_function+0x220/0x220 [ 165.258006][ T7028] create_snapshot+0x4a5/0x7e0 [ 165.262878][ T7028] btrfs_mksubvol+0x5d0/0x750 [ 165.267677][ T7028] ? __btrfs_ioctl_snap_create+0x460/0x460 [ 165.273533][ T7028] ? __fget_files+0x28/0x4a0 [ 165.278137][ T7028] ? __fget_files+0x28/0x4a0 [ 165.282738][ T7028] btrfs_mksnapshot+0xb5/0xf0 [ 165.287433][ T7028] __btrfs_ioctl_snap_create+0x344/0x460 [ 165.293103][ T7028] btrfs_ioctl_snap_create+0x13c/0x190 [ 165.298577][ T7028] btrfs_ioctl+0xbbf/0xd40 [ 165.303004][ T7028] ? btrfs_ioctl_get_supported_features+0x50/0x50 [ 165.309436][ T7028] __se_sys_ioctl+0xf8/0x170 [ 165.314044][ T7028] do_syscall_64+0x41/0xc0 [ 165.318476][ T7028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 165.324381][ T7028] RIP: 0033:0x7f2973746589 [ 165.328798][ T7028] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 165.348403][ T7028] RSP: 002b:00007f29736d9168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 165.356826][ T7028] RAX: ffffffffffffffda RBX: 00007f29737cc718 RCX: 00007f2973746589 [ 165.364810][ T7028] RDX: 0000000020001380 RSI: 0000000050009401 RDI: 0000000000000008 [ 165.372791][ T7028] RBP: 00007f29737cc710 R08: 00007f29736d96c0 R09: 0000000000000000 [ 165.380781][ T7028] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29737cc71c [ 165.388758][ T7028] R13: 000000000000006e R14: 00007ffc4107ae40 R15: 00007ffc4107af28 [ 165.396747][ T7028] [ 165.400113][ T7028] Kernel Offset: disabled [ 165.404585][ T7028] Rebooting in 86400 seconds..