./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1632571981 <...> Warning: Permanently added '10.128.10.19' (ED25519) to the list of known hosts. execve("./syz-executor1632571981", ["./syz-executor1632571981"], 0x7ffd8d0d8220 /* 10 vars */) = 0 brk(NULL) = 0x5555561f7000 brk(0x5555561f7d40) = 0x5555561f7d40 arch_prctl(ARCH_SET_FS, 0x5555561f73c0) = 0 set_tid_address(0x5555561f7690) = 5064 set_robust_list(0x5555561f76a0, 24) = 0 rseq(0x5555561f7ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1632571981", 4096) = 28 getrandom("\xd6\x0b\xe4\x10\x91\x69\x70\x72", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555561f7d40 brk(0x555556218d40) = 0x555556218d40 brk(0x555556219000) = 0x555556219000 mprotect(0x7f65a9ee3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.5Lwypf", 0700) = 0 chmod("./syzkaller.5Lwypf", 0777) = 0 chdir("./syzkaller.5Lwypf") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached , child_tidptr=0x5555561f7690) = 5065 [pid 5065] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5065] chdir("./0") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5065] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5067 attached [pid 5067] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5065] <... clone3 resumed> => {parent_tid=[5067]}, 88) = 5067 [pid 5067] <... rseq resumed>) = 0 [pid 5067] set_robust_list(0x7f65a9e199a0, 24 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] <... set_robust_list resumed>) = 0 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] memfd_create("syzkaller", 0 [pid 5065] <... futex resumed>) = 0 [pid 5067] <... memfd_create resumed>) = 3 [pid 5065] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5067] munmap(0x7f65a1800000, 138412032) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] mkdir("./file0", 0777) = 0 syzkaller login: [ 79.985330][ T5067] loop0: detected capacity change from 0 to 32768 [ 80.002448][ T5067] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5067) [ 80.023493][ T5067] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 80.034608][ T5067] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 80.044231][ T5067] BTRFS info (device loop0): disk space caching is enabled [ 80.074509][ T5067] BTRFS info (device loop0): rebuilding free space tree [pid 5067] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] chdir("./file0") = 0 [pid 5067] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] close(4) = 0 [pid 5067] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5065] <... futex resumed>) = 1 [pid 5067] open("./file0", O_RDONLY [pid 5065] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... open resumed>) = 4 [pid 5067] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5065] <... futex resumed>) = 1 [pid 5067] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5065] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... ioctl resumed>) = 0 [ 80.102734][ T5067] BTRFS info (device loop0): disabling free space tree [ 80.109839][ T5067] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 80.119938][ T5067] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 80.136350][ T5067] BTRFS info (device loop0): checking UUID tree [pid 5067] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5067] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5065] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5065] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5065] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 80.223021][ T5067] BTRFS info (device loop0): balance: start -d -m [ 80.239436][ T5067] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5085]}, 88) = 5085 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5085] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5085] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5085] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5085] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] <... futex resumed>) = 0 [pid 5085] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 80.286072][ T5067] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5065] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5065] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5065] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5086 attached => {parent_tid=[5086]}, 88) = 5086 [pid 5086] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5086] <... rseq resumed>) = 0 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5065] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] set_robust_list(0x7f65a9dd79a0, 24 [pid 5065] <... futex resumed>) = 0 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5065] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5086] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5086] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... ioctl resumed>) = 0 [pid 5085] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.509312][ T5067] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 80.538504][ T5067] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5085] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5067] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5067] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5067] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] exit_group(0 [pid 5086] <... futex resumed>) = ? [pid 5085] <... futex resumed>) = ? [pid 5067] <... futex resumed>) = ? [pid 5065] <... exit_group resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5067] +++ exited with 0 +++ [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 80.561585][ T5067] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 80.651580][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached , child_tidptr=0x5555561f7690) = 5088 [pid 5088] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5088] chdir("./1") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5088] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5089 attached => {parent_tid=[5089]}, 88) = 5089 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] <... rseq resumed>) = 0 [pid 5089] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5089] munmap(0x7f65a1800000, 138412032) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] mkdir("./file0", 0777) = 0 [ 81.170649][ T5089] loop0: detected capacity change from 0 to 32768 [ 81.187193][ T5089] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5089) [ 81.204564][ T5089] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 81.214863][ T5089] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 81.224176][ T5089] BTRFS info (device loop0): disk space caching is enabled [ 81.247472][ T5089] BTRFS info (device loop0): rebuilding free space tree [ 81.260137][ T5089] BTRFS info (device loop0): disabling free space tree [pid 5089] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file0") = 0 [pid 5089] ioctl(4, LOOP_CLR_FD) = 0 [pid 5089] close(4) = 0 [pid 5089] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5088] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] open("./file0", O_RDONLY) = 4 [ 81.267071][ T5089] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 81.276787][ T5089] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 81.290993][ T5089] BTRFS info (device loop0): checking UUID tree [pid 5089] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5089] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5088] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... ioctl resumed>) = 0 [pid 5089] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5088] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5088] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5088] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5107 attached => {parent_tid=[5107]}, 88) = 5107 [pid 5107] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5107] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5107] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5088] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5107] openat(AT_FDCWD, ".", O_RDONLY [pid 5088] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... openat resumed>) = 5 [pid 5107] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5088] <... futex resumed>) = 0 [ 81.405565][ T5089] BTRFS info (device loop0): balance: start -d -m [ 81.417523][ T5089] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5088] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5088] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5088] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5108 attached [pid 5108] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5088] <... clone3 resumed> => {parent_tid=[5108]}, 88) = 5108 [pid 5108] <... rseq resumed>) = 0 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] set_robust_list(0x7f65a9dd79a0, 24 [pid 5088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5088] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5088] <... futex resumed>) = 0 [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5108] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [ 81.511518][ T5089] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5108] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... ioctl resumed>) = 0 [pid 5107] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.607535][ T5089] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 81.634844][ T5089] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5107] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5089] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] exit_group(0 [pid 5089] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] <... futex resumed>) = ? [pid 5089] <... futex resumed>) = ? [pid 5108] <... futex resumed>) = ? [pid 5088] <... exit_group resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 81.655790][ T5089] BTRFS info (device loop0): balance: ended with status: 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 81.764084][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x5555561f76a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555561f7690) = 5109 [pid 5109] <... set_robust_list resumed>) = 0 [pid 5109] chdir("./2") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5109] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5109] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5110 attached [pid 5110] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5109] <... clone3 resumed> => {parent_tid=[5110]}, 88) = 5110 [pid 5110] <... rseq resumed>) = 0 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] set_robust_list(0x7f65a9e199a0, 24 [pid 5109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] <... set_robust_list resumed>) = 0 [pid 5109] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5109] <... futex resumed>) = 0 [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5109] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5110] memfd_create("syzkaller", 0) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5110] munmap(0x7f65a1800000, 138412032) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] mkdir("./file0", 0777) = 0 [ 82.205967][ T5110] loop0: detected capacity change from 0 to 32768 [ 82.232975][ T5110] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5110) [ 82.251701][ T5110] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 82.261951][ T5110] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 82.271201][ T5110] BTRFS info (device loop0): disk space caching is enabled [pid 5110] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./file0") = 0 [pid 5110] ioctl(4, LOOP_CLR_FD) = 0 [ 82.296407][ T5110] BTRFS info (device loop0): rebuilding free space tree [ 82.308890][ T5110] BTRFS info (device loop0): disabling free space tree [ 82.315868][ T5110] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 82.325636][ T5110] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 82.339239][ T5110] BTRFS info (device loop0): checking UUID tree [pid 5110] close(4) = 0 [pid 5110] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] open("./file0", O_RDONLY [pid 5109] <... futex resumed>) = 0 [pid 5110] <... open resumed>) = 4 [pid 5109] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5109] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... ioctl resumed>) = 0 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5109] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5109] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.436253][ T5110] BTRFS info (device loop0): balance: start -d -m [ 82.447133][ T5110] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5109] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5128 attached [pid 5128] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5109] <... clone3 resumed> => {parent_tid=[5128]}, 88) = 5128 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... rseq resumed>) = 0 [pid 5128] set_robust_list(0x7f65a9df89a0, 24 [pid 5109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5109] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... set_robust_list resumed>) = 0 [pid 5109] <... futex resumed>) = 0 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5109] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5128] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5128] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5109] <... futex resumed>) = 0 [pid 5128] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 82.485491][ T5110] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5109] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5109] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5109] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5129 attached [pid 5129] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5129] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5129] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... clone3 resumed> => {parent_tid=[5129]}, 88) = 5129 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5109] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5109] <... futex resumed>) = 1 [pid 5129] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5129] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... ioctl resumed>) = 0 [pid 5128] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.667363][ T5110] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 82.696346][ T5110] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5128] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5110] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] exit_group(0 [pid 5129] <... futex resumed>) = ? [pid 5128] <... futex resumed>) = ? [pid 5110] <... futex resumed>) = ? [pid 5109] <... exit_group resumed>) = ? [pid 5128] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 82.720193][ T5110] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 82.829788][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5130 attached , child_tidptr=0x5555561f7690) = 5130 [pid 5130] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5130] chdir("./3") = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5130] setpgid(0, 0) = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5130] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5130] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5130] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5130] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5131 attached => {parent_tid=[5131]}, 88) = 5131 [pid 5131] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5131] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5130] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5131] memfd_create("syzkaller", 0) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5131] munmap(0x7f65a1800000, 138412032) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5131] close(3) = 0 [pid 5131] mkdir("./file0", 0777) = 0 [ 83.310203][ T5131] loop0: detected capacity change from 0 to 32768 [ 83.326278][ T5131] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5131) [ 83.342464][ T5131] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 83.353074][ T5131] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 83.362422][ T5131] BTRFS info (device loop0): disk space caching is enabled [ 83.387412][ T5131] BTRFS info (device loop0): rebuilding free space tree [ 83.400681][ T5131] BTRFS info (device loop0): disabling free space tree [pid 5131] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5131] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5131] chdir("./file0") = 0 [pid 5131] ioctl(4, LOOP_CLR_FD) = 0 [pid 5131] close(4) = 0 [pid 5131] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5131] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] open("./file0", O_RDONLY [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... open resumed>) = 4 [pid 5131] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [ 83.407633][ T5131] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 83.417456][ T5131] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 83.430807][ T5131] BTRFS info (device loop0): checking UUID tree [pid 5130] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5131] <... ioctl resumed>) = 0 [pid 5131] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5130] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 83.534570][ T5131] BTRFS info (device loop0): balance: start -d -m [ 83.544863][ T5131] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5131] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5130] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5130] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5130] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5130] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5149 attached [pid 5149] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5149] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5130] <... clone3 resumed> => {parent_tid=[5149]}, 88) = 5149 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5149] openat(AT_FDCWD, ".", O_RDONLY [pid 5130] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5149] <... openat resumed>) = 5 [pid 5149] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5130] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5130] <... futex resumed>) = 0 [ 83.576816][ T5131] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5130] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5130] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5130] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5130] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5130] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5150 attached [pid 5150] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5130] <... clone3 resumed> => {parent_tid=[5150]}, 88) = 5150 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5150] <... rseq resumed>) = 0 [pid 5150] set_robust_list(0x7f65a9dd79a0, 24 [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5150] <... set_robust_list resumed>) = 0 [pid 5130] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], [pid 5130] <... futex resumed>) = 0 [pid 5150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5150] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5130] <... futex resumed>) = 0 [pid 5150] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... ioctl resumed>) = 0 [pid 5149] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 5131] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] exit_group(0 [pid 5150] <... futex resumed>) = ? [pid 5149] <... futex resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ [pid 5131] <... futex resumed>) = ? [pid 5130] <... exit_group resumed>) = ? [pid 5131] +++ exited with 0 +++ [pid 5130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 83.767124][ T5131] BTRFS info (device loop0): 1 enospc errors during balance [ 83.774795][ T5131] BTRFS info (device loop0): balance: ended with status: -28 [ 83.830562][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5151 attached , child_tidptr=0x5555561f7690) = 5151 [pid 5151] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5151] chdir("./4") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5151] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5151] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5152 attached [pid 5152] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5151] <... clone3 resumed> => {parent_tid=[5152]}, 88) = 5152 [pid 5152] <... rseq resumed>) = 0 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] set_robust_list(0x7f65a9e199a0, 24 [pid 5151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] <... set_robust_list resumed>) = 0 [pid 5151] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5151] <... futex resumed>) = 0 [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5151] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5152] memfd_create("syzkaller", 0) = 3 [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5152] munmap(0x7f65a1800000, 138412032) = 0 [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5152] close(3) = 0 [pid 5152] mkdir("./file0", 0777) = 0 [ 84.341926][ T5152] loop0: detected capacity change from 0 to 32768 [ 84.358051][ T5152] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5152) [ 84.375455][ T5152] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 84.385855][ T5152] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 84.395516][ T5152] BTRFS info (device loop0): disk space caching is enabled [ 84.419250][ T5152] BTRFS info (device loop0): rebuilding free space tree [ 84.431809][ T5152] BTRFS info (device loop0): disabling free space tree [pid 5152] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5152] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5152] chdir("./file0") = 0 [pid 5152] ioctl(4, LOOP_CLR_FD) = 0 [pid 5152] close(4) = 0 [pid 5152] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] open("./file0", O_RDONLY) = 4 [ 84.438982][ T5152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 84.448706][ T5152] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 84.462296][ T5152] BTRFS info (device loop0): checking UUID tree [pid 5152] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5152] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5151] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... ioctl resumed>) = 0 [pid 5152] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5151] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5151] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5151] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5151] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5170 attached => {parent_tid=[5170]}, 88) = 5170 [ 84.557673][ T5152] BTRFS info (device loop0): balance: start -d -m [ 84.570129][ T5152] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5170] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5151] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... rseq resumed>) = 0 [pid 5170] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5170] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5151] <... futex resumed>) = 0 [pid 5170] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5170] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5151] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5151] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5151] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [ 84.616271][ T5152] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5151] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5171 attached => {parent_tid=[5171]}, 88) = 5171 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5171] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5151] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] set_robust_list(0x7f65a9dd79a0, 24 [pid 5151] <... futex resumed>) = 0 [pid 5171] <... set_robust_list resumed>) = 0 [pid 5151] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5171] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5171] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5171] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... ioctl resumed>) = 0 [pid 5170] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 84.794625][ T5152] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 84.820426][ T5152] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5170] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5152] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] exit_group(0 [pid 5152] ???( [pid 5171] <... futex resumed>) = ? [pid 5170] <... futex resumed>) = ? [pid 5152] <... ??? resumed>) = ? [pid 5151] <... exit_group resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 84.841185][ T5152] BTRFS info (device loop0): balance: ended with status: 0 [ 84.903988][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5172 attached , child_tidptr=0x5555561f7690) = 5172 [pid 5172] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5172] chdir("./5") = 0 [pid 5172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5172] setpgid(0, 0) = 0 [pid 5172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5172] write(3, "1000", 4) = 4 [pid 5172] close(3) = 0 [pid 5172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5172] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5172] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5172] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5173 attached [pid 5173] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5172] <... clone3 resumed> => {parent_tid=[5173]}, 88) = 5173 [pid 5173] set_robust_list(0x7f65a9e199a0, 24 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5173] <... set_robust_list resumed>) = 0 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] <... futex resumed>) = 0 [pid 5173] memfd_create("syzkaller", 0 [pid 5172] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5173] <... memfd_create resumed>) = 3 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5173] munmap(0x7f65a1800000, 138412032) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5173] close(3) = 0 [pid 5173] mkdir("./file0", 0777) = 0 [ 85.372497][ T5173] loop0: detected capacity change from 0 to 32768 [ 85.397082][ T5173] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5173) [ 85.415936][ T5173] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 85.426175][ T5173] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 85.435546][ T5173] BTRFS info (device loop0): disk space caching is enabled [ 85.458771][ T5173] BTRFS info (device loop0): rebuilding free space tree [pid 5173] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5173] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5173] chdir("./file0") = 0 [pid 5173] ioctl(4, LOOP_CLR_FD) = 0 [pid 5173] close(4) = 0 [pid 5173] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5173] open("./file0", O_RDONLY [pid 5172] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... open resumed>) = 4 [ 85.473702][ T5173] BTRFS info (device loop0): disabling free space tree [ 85.480730][ T5173] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 85.490446][ T5173] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 85.503947][ T5173] BTRFS info (device loop0): checking UUID tree [pid 5173] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5173] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5172] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... ioctl resumed>) = 0 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5172] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5172] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5172] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [ 85.598990][ T5173] BTRFS info (device loop0): balance: start -d -m [ 85.607825][ T5173] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5172] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5191 attached [pid 5191] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5172] <... clone3 resumed> => {parent_tid=[5191]}, 88) = 5191 [pid 5191] <... rseq resumed>) = 0 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5191] set_robust_list(0x7f65a9df89a0, 24 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5191] <... set_robust_list resumed>) = 0 [pid 5172] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] <... futex resumed>) = 0 [pid 5191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5191] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5191] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5172] <... futex resumed>) = 0 [pid 5191] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 85.648048][ T5173] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5172] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5172] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5172] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5192 attached => {parent_tid=[5192]}, 88) = 5192 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5192] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5192] <... rseq resumed>) = 0 [pid 5172] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] set_robust_list(0x7f65a9dd79a0, 24 [pid 5172] <... futex resumed>) = 0 [pid 5192] <... set_robust_list resumed>) = 0 [pid 5172] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5192] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5192] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] <... ioctl resumed>) = 0 [pid 5191] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 85.812748][ T5173] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 85.845017][ T5173] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5191] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5173] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] exit_group(0 [pid 5192] <... futex resumed>) = ? [pid 5191] <... futex resumed>) = ? [pid 5173] <... futex resumed>) = ? [pid 5172] <... exit_group resumed>) = ? [pid 5191] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ [pid 5172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5172, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 85.871869][ T5173] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 85.955564][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561f7690) = 5193 ./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5193] chdir("./6") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5193] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5193] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5194 attached => {parent_tid=[5194]}, 88) = 5194 [pid 5194] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5194] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], [pid 5194] rt_sigprocmask(SIG_SETMASK, [], [pid 5193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5193] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] memfd_create("syzkaller", 0 [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5194] <... memfd_create resumed>) = 3 [pid 5194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5194] munmap(0x7f65a1800000, 138412032) = 0 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5194] close(3) = 0 [pid 5194] mkdir("./file0", 0777) = 0 [ 86.391904][ T5194] loop0: detected capacity change from 0 to 32768 [ 86.419376][ T5194] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5194) [ 86.435395][ T5194] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 86.445651][ T5194] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 86.455009][ T5194] BTRFS info (device loop0): disk space caching is enabled [pid 5194] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5194] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5194] chdir("./file0") = 0 [pid 5194] ioctl(4, LOOP_CLR_FD) = 0 [ 86.492009][ T5194] BTRFS info (device loop0): rebuilding free space tree [ 86.504653][ T5194] BTRFS info (device loop0): disabling free space tree [ 86.511758][ T5194] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 86.521462][ T5194] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 86.534740][ T5194] BTRFS info (device loop0): checking UUID tree [pid 5194] close(4) = 0 [pid 5194] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] open("./file0", O_RDONLY [pid 5193] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... open resumed>) = 4 [pid 5194] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5193] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5193] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.605202][ T5194] BTRFS info (device loop0): balance: start -d -m [ 86.615468][ T5194] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5193] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5193] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5193] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5212 attached [pid 5212] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5212] set_robust_list(0x7f65a9df89a0, 24 [pid 5193] <... clone3 resumed> => {parent_tid=[5212]}, 88) = 5212 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] <... set_robust_list resumed>) = 0 [pid 5193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5193] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] openat(AT_FDCWD, ".", O_RDONLY [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... openat resumed>) = 5 [pid 5212] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 0 [ 86.645328][ T5194] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5212] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5193] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5193] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5193] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5213]}, 88) = 5213 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5193] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5213 attached ) = 0 [pid 5213] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5193] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... rseq resumed>) = 0 [pid 5213] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5213] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5213] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... ioctl resumed>) = 0 [pid 5212] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 86.854264][ T5194] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 86.881554][ T5194] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5212] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5194] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] exit_group(0 [pid 5213] <... futex resumed>) = ? [pid 5212] <... futex resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ [pid 5194] <... futex resumed>) = ? [pid 5193] <... exit_group resumed>) = ? [pid 5194] +++ exited with 0 +++ [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 86.902816][ T5194] BTRFS info (device loop0): balance: ended with status: 0 [ 86.979100][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached , child_tidptr=0x5555561f7690) = 5214 [pid 5214] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5214] chdir("./7") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5214] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5215 attached [pid 5215] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5214] <... clone3 resumed> => {parent_tid=[5215]}, 88) = 5215 [pid 5215] set_robust_list(0x7f65a9e199a0, 24 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5215] <... set_robust_list resumed>) = 0 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5214] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] memfd_create("syzkaller", 0 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5215] <... memfd_create resumed>) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5215] munmap(0x7f65a1800000, 138412032) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] mkdir("./file0", 0777) = 0 [ 87.464691][ T5215] loop0: detected capacity change from 0 to 32768 [ 87.499376][ T5215] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5215) [ 87.520763][ T5215] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 87.532046][ T5215] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 87.542362][ T5215] BTRFS info (device loop0): disk space caching is enabled [ 87.598660][ T5215] BTRFS info (device loop0): rebuilding free space tree [ 87.620034][ T5215] BTRFS info (device loop0): disabling free space tree [ 87.627442][ T5215] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 87.637574][ T5215] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5215] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./file0") = 0 [pid 5215] ioctl(4, LOOP_CLR_FD) = 0 [pid 5215] close(4) = 0 [pid 5215] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5215] open("./file0", O_RDONLY [pid 5214] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... open resumed>) = 4 [pid 5215] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5215] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 87.655811][ T5215] BTRFS info (device loop0): checking UUID tree [pid 5214] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5215] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5214] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5214] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5214] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5232 attached => {parent_tid=[5232]}, 88) = 5232 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5214] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5232] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5232] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5232] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5232] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5214] <... futex resumed>) = 0 [ 87.727174][ T5215] BTRFS info (device loop0): balance: start -d -m [ 87.752516][ T5215] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5214] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5214] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5214] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5234 attached => {parent_tid=[5234]}, 88) = 5234 [pid 5234] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5234] <... rseq resumed>) = 0 [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5234] set_robust_list(0x7f65a9dd79a0, 24 [pid 5214] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5214] <... futex resumed>) = 0 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5234] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5234] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5234] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... ioctl resumed>) = 0 [pid 5232] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 87.983875][ T5215] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 88.052333][ T5215] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 88.079781][ T5215] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5232] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5215] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] exit_group(0 [pid 5234] <... futex resumed>) = ? [pid 5215] <... futex resumed>) = ? [pid 5214] <... exit_group resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5232] <... futex resumed>) = ? [pid 5232] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=41 /* 0.41 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 88.100192][ T5215] BTRFS info (device loop0): balance: ended with status: 0 [ 88.162083][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached , child_tidptr=0x5555561f7690) = 5235 [pid 5235] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5235] chdir("./8") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5235] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5235] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5236 attached [pid 5236] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5235] <... clone3 resumed> => {parent_tid=[5236]}, 88) = 5236 [pid 5236] <... rseq resumed>) = 0 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], [pid 5236] set_robust_list(0x7f65a9e199a0, 24 [pid 5235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5236] <... set_robust_list resumed>) = 0 [pid 5235] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], [pid 5235] <... futex resumed>) = 0 [pid 5236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5235] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5236] munmap(0x7f65a1800000, 138412032) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] mkdir("./file0", 0777) = 0 [ 88.557060][ T5236] loop0: detected capacity change from 0 to 32768 [ 88.581379][ T5236] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5236) [ 88.599374][ T5236] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 88.609600][ T5236] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 88.619035][ T5236] BTRFS info (device loop0): disk space caching is enabled [ 88.643443][ T5236] BTRFS info (device loop0): rebuilding free space tree [pid 5236] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./file0") = 0 [pid 5236] ioctl(4, LOOP_CLR_FD) = 0 [pid 5236] close(4) = 0 [pid 5236] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5235] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] open("./file0", O_RDONLY) = 4 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] <... futex resumed>) = 0 [pid 5236] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5235] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5235] <... futex resumed>) = 0 [ 88.655859][ T5236] BTRFS info (device loop0): disabling free space tree [ 88.663060][ T5236] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 88.672836][ T5236] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 88.686495][ T5236] BTRFS info (device loop0): checking UUID tree [pid 5235] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5235] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5235] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5235] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5254 attached [pid 5254] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5235] <... clone3 resumed> => {parent_tid=[5254]}, 88) = 5254 [pid 5254] <... rseq resumed>) = 0 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], [pid 5254] set_robust_list(0x7f65a9df89a0, 24 [pid 5235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5254] <... set_robust_list resumed>) = 0 [pid 5235] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], [pid 5235] <... futex resumed>) = 0 [pid 5254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5235] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5254] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5254] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] <... futex resumed>) = 0 [pid 5254] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 88.742561][ T5236] BTRFS info (device loop0): balance: start -d -m [ 88.751434][ T5236] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 88.775886][ T5236] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5235] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5235] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5235] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5255 attached [pid 5255] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5235] <... clone3 resumed> => {parent_tid=[5255]}, 88) = 5255 [pid 5255] <... rseq resumed>) = 0 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] set_robust_list(0x7f65a9dd79a0, 24 [pid 5235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5255] <... set_robust_list resumed>) = 0 [pid 5235] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], [pid 5235] <... futex resumed>) = 0 [pid 5255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5235] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5255] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5255] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] <... ioctl resumed>) = 0 [pid 5254] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.993206][ T5236] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5254] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5236] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] exit_group(0 [pid 5255] <... futex resumed>) = ? [pid 5254] <... futex resumed>) = ? [pid 5235] <... exit_group resumed>) = ? [pid 5255] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ [pid 5236] <... futex resumed>) = ? [pid 5236] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 89.053526][ T5236] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 89.085307][ T5236] BTRFS info (device loop0): balance: ended with status: 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 89.149702][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5256 attached , child_tidptr=0x5555561f7690) = 5256 [pid 5256] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5256] chdir("./9") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5256] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5257 attached => {parent_tid=[5257]}, 88) = 5257 [pid 5257] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] <... rseq resumed>) = 0 [pid 5257] set_robust_list(0x7f65a9e199a0, 24 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... set_robust_list resumed>) = 0 [pid 5256] <... futex resumed>) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5257] munmap(0x7f65a1800000, 138412032) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] mkdir("./file0", 0777) = 0 [ 89.535508][ T5257] loop0: detected capacity change from 0 to 32768 [ 89.561154][ T5257] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5257) [ 89.577135][ T5257] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 89.587382][ T5257] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 89.596722][ T5257] BTRFS info (device loop0): disk space caching is enabled [ 89.620031][ T5257] BTRFS info (device loop0): rebuilding free space tree [pid 5257] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file0") = 0 [pid 5257] ioctl(4, LOOP_CLR_FD) = 0 [pid 5257] close(4) = 0 [pid 5257] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] open("./file0", O_RDONLY) = 4 [pid 5256] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] <... futex resumed>) = 0 [pid 5257] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5256] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... ioctl resumed>) = 0 [pid 5257] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] <... futex resumed>) = 0 [pid 5257] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 89.632733][ T5257] BTRFS info (device loop0): disabling free space tree [ 89.639685][ T5257] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 89.649435][ T5257] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 89.662945][ T5257] BTRFS info (device loop0): checking UUID tree [ 89.696595][ T5257] BTRFS info (device loop0): balance: start -d -m [ 89.712842][ T5257] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5256] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5256] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5256] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5275]}, 88) = 5275 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5275 attached [pid 5275] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5256] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... rseq resumed>) = 0 [pid 5275] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5275] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5275] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5256] <... futex resumed>) = 0 [ 89.738085][ T5257] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5256] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5256] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5256] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5256] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5276 attached => {parent_tid=[5276]}, 88) = 5276 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5276] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5276] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5256] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5256] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5276] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5276] <... futex resumed>) = 1 [ 89.835800][ T5257] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5276] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... ioctl resumed>) = 0 [pid 5275] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5257] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] exit_group(0 [pid 5276] <... futex resumed>) = ? [pid 5275] <... futex resumed>) = ? [pid 5257] <... futex resumed>) = ? [pid 5256] <... exit_group resumed>) = ? [pid 5275] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=0, si_stime=44 /* 0.44 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 89.982834][ T5257] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 90.008513][ T5257] BTRFS info (device loop0): balance: ended with status: 0 [ 90.060345][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5277 attached [pid 5277] set_robust_list(0x5555561f76a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555561f7690) = 5277 [pid 5277] <... set_robust_list resumed>) = 0 [pid 5277] chdir("./10") = 0 [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5277] write(3, "1000", 4) = 4 [pid 5277] close(3) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5277] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5277] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5278 attached => {parent_tid=[5278]}, 88) = 5278 [pid 5278] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] <... rseq resumed>) = 0 [pid 5278] set_robust_list(0x7f65a9e199a0, 24 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] <... set_robust_list resumed>) = 0 [pid 5277] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5277] <... futex resumed>) = 0 [pid 5278] memfd_create("syzkaller", 0 [pid 5277] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5278] <... memfd_create resumed>) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5278] munmap(0x7f65a1800000, 138412032) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5278] close(3) = 0 [pid 5278] mkdir("./file0", 0777) = 0 [ 90.509529][ T5278] loop0: detected capacity change from 0 to 32768 [ 90.534201][ T5278] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5278) [ 90.552402][ T5278] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 90.562824][ T5278] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 90.572247][ T5278] BTRFS info (device loop0): disk space caching is enabled [ 90.595646][ T5278] BTRFS info (device loop0): rebuilding free space tree [pid 5278] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5278] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5278] chdir("./file0") = 0 [pid 5278] ioctl(4, LOOP_CLR_FD) = 0 [pid 5278] close(4) = 0 [pid 5278] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] open("./file0", O_RDONLY [pid 5277] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... open resumed>) = 4 [pid 5278] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5277] <... futex resumed>) = 0 [pid 5278] <... ioctl resumed>) = 0 [pid 5277] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 90.607797][ T5278] BTRFS info (device loop0): disabling free space tree [ 90.614849][ T5278] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 90.624557][ T5278] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 90.638213][ T5278] BTRFS info (device loop0): checking UUID tree [pid 5278] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5277] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5277] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5277] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5296]}, 88) = 5296 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5277] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5296 attached [pid 5296] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5296] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5296] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5296] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5296] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5277] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 90.697397][ T5278] BTRFS info (device loop0): balance: start -d -m [ 90.706395][ T5278] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 90.737508][ T5278] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5296] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5277] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5277] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5277] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5297 attached => {parent_tid=[5297]}, 88) = 5297 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5277] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5297] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5297] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5297] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5297] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] <... ioctl resumed>) = 0 [pid 5296] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.921431][ T5278] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 90.955830][ T5278] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5296] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5278] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] exit_group(0 [pid 5297] <... futex resumed>) = ? [pid 5277] <... exit_group resumed>) = ? [pid 5297] +++ exited with 0 +++ [pid 5296] <... futex resumed>) = ? [pid 5278] <... futex resumed>) = ? [pid 5296] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ [pid 5277] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5277, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 [ 90.978278][ T5278] BTRFS info (device loop0): balance: ended with status: 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 91.070346][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5298 attached , child_tidptr=0x5555561f7690) = 5298 [pid 5298] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5298] chdir("./11") = 0 [pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5298] setpgid(0, 0) = 0 [pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5298] write(3, "1000", 4) = 4 [pid 5298] close(3) = 0 [pid 5298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5298] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5298] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5299 attached [pid 5299] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5298] <... clone3 resumed> => {parent_tid=[5299]}, 88) = 5299 [pid 5299] <... rseq resumed>) = 0 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] set_robust_list(0x7f65a9e199a0, 24 [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] <... set_robust_list resumed>) = 0 [pid 5298] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] <... futex resumed>) = 0 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5299] memfd_create("syzkaller", 0) = 3 [pid 5299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5299] munmap(0x7f65a1800000, 138412032) = 0 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5299] close(3) = 0 [pid 5299] mkdir("./file0", 0777) = 0 [ 91.566095][ T5299] loop0: detected capacity change from 0 to 32768 [ 91.576108][ T5299] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5299) [ 91.592794][ T5299] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 91.603127][ T5299] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 91.612410][ T5299] BTRFS info (device loop0): disk space caching is enabled [ 91.636203][ T5299] BTRFS info (device loop0): rebuilding free space tree [ 91.648368][ T5299] BTRFS info (device loop0): disabling free space tree [ 91.655470][ T5299] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 5299] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5299] chdir("./file0") = 0 [pid 5299] ioctl(4, LOOP_CLR_FD) = 0 [pid 5299] close(4) = 0 [pid 5299] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 91.665279][ T5299] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 91.679039][ T5299] BTRFS info (device loop0): checking UUID tree [pid 5299] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5298] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] open("./file0", O_RDONLY) = 4 [pid 5299] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5299] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5298] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... ioctl resumed>) = 0 [pid 5298] <... futex resumed>) = 0 [pid 5299] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... futex resumed>) = 0 [pid 5298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5299] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] <... futex resumed>) = 0 [pid 5299] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5298] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5298] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5298] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5317]}, 88) = 5317 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5298] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5317 attached [pid 5317] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5317] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5317] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5317] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5317] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] <... futex resumed>) = 0 [pid 5317] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 91.758400][ T5299] BTRFS info (device loop0): balance: start -d -m [ 91.770986][ T5299] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 91.796295][ T5299] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5298] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5298] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5298] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5298] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5318]}, 88) = 5318 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5298] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5318 attached [pid 5318] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5318] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5318] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5318] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [ 91.911105][ T5299] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5318] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... ioctl resumed>) = 0 [pid 5317] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5299] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] exit_group(0 [pid 5299] <... futex resumed>) = 0 [pid 5318] <... futex resumed>) = ? [pid 5318] +++ exited with 0 +++ [pid 5317] <... futex resumed>) = ? [pid 5317] +++ exited with 0 +++ [pid 5298] <... exit_group resumed>) = ? [pid 5299] +++ exited with 0 +++ [pid 5298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5298, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.010381][ T5299] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 92.031185][ T5299] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 92.103090][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5319 attached , child_tidptr=0x5555561f7690) = 5319 [pid 5319] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5319] chdir("./12") = 0 [pid 5319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5319] setpgid(0, 0) = 0 [pid 5319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5319] write(3, "1000", 4) = 4 [pid 5319] close(3) = 0 [pid 5319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5319] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5319] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5320 attached [pid 5320] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5319] <... clone3 resumed> => {parent_tid=[5320]}, 88) = 5320 [pid 5320] set_robust_list(0x7f65a9e199a0, 24 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], [pid 5320] <... set_robust_list resumed>) = 0 [pid 5320] rt_sigprocmask(SIG_SETMASK, [], [pid 5319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5319] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] memfd_create("syzkaller", 0 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5320] <... memfd_create resumed>) = 3 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5320] munmap(0x7f65a1800000, 138412032) = 0 [pid 5320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5320] close(3) = 0 [pid 5320] mkdir("./file0", 0777) = 0 [ 92.520477][ T5320] loop0: detected capacity change from 0 to 32768 [ 92.536156][ T5320] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5320) [ 92.550974][ T781] cfg80211: failed to load regulatory.db [ 92.562656][ T5320] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 92.572939][ T5320] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 92.582525][ T5320] BTRFS info (device loop0): disk space caching is enabled [ 92.607253][ T5320] BTRFS info (device loop0): rebuilding free space tree [pid 5320] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5320] chdir("./file0") = 0 [pid 5320] ioctl(4, LOOP_CLR_FD) = 0 [pid 5320] close(4) = 0 [pid 5320] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] open("./file0", O_RDONLY [pid 5319] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... open resumed>) = 4 [pid 5319] <... futex resumed>) = 0 [ 92.619679][ T5320] BTRFS info (device loop0): disabling free space tree [ 92.626604][ T5320] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 92.636667][ T5320] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 92.650301][ T5320] BTRFS info (device loop0): checking UUID tree [pid 5319] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5319] <... futex resumed>) = 0 [pid 5319] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5320] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5319] <... futex resumed>) = 0 [pid 5320] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5319] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5319] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5319] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 92.720634][ T5320] BTRFS info (device loop0): balance: start -d -m [ 92.731035][ T5320] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5338]}, 88) = 5338 ./strace-static-x86_64: Process 5338 attached [pid 5319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5319] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5338] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5338] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5338] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] <... futex resumed>) = 0 [pid 5338] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5319] <... futex resumed>) = 0 [pid 5338] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 92.761313][ T5320] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5319] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5319] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5319] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5339 attached => {parent_tid=[5339]}, 88) = 5339 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5319] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5339] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5339] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5339] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] <... futex resumed>) = 0 [pid 5338] <... ioctl resumed>) = 0 [pid 5338] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 92.965240][ T5320] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 92.997159][ T5320] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5338] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5320] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5319] exit_group(0 [pid 5338] <... futex resumed>) = ? [pid 5320] <... futex resumed>) = ? [pid 5339] <... futex resumed>) = ? [pid 5339] +++ exited with 0 +++ [pid 5338] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ [pid 5319] <... exit_group resumed>) = ? [pid 5319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5319, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 93.018305][ T5320] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 93.102448][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5340 attached , child_tidptr=0x5555561f7690) = 5340 [pid 5340] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5340] chdir("./13") = 0 [pid 5340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5340] setpgid(0, 0) = 0 [pid 5340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5340] write(3, "1000", 4) = 4 [pid 5340] close(3) = 0 [pid 5340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5340] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5340] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5341 attached [pid 5341] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5340] <... clone3 resumed> => {parent_tid=[5341]}, 88) = 5341 [pid 5341] <... rseq resumed>) = 0 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], [pid 5341] set_robust_list(0x7f65a9e199a0, 24 [pid 5340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5341] <... set_robust_list resumed>) = 0 [pid 5340] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5340] <... futex resumed>) = 0 [pid 5341] memfd_create("syzkaller", 0 [pid 5340] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5341] <... memfd_create resumed>) = 3 [pid 5341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5341] munmap(0x7f65a1800000, 138412032) = 0 [pid 5341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5341] close(3) = 0 [pid 5341] mkdir("./file0", 0777) = 0 [ 93.522774][ T5341] loop0: detected capacity change from 0 to 32768 [ 93.549506][ T5341] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5341) [ 93.566417][ T5341] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 93.576676][ T5341] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 93.585991][ T5341] BTRFS info (device loop0): disk space caching is enabled [ 93.609997][ T5341] BTRFS info (device loop0): rebuilding free space tree [pid 5341] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5341] chdir("./file0") = 0 [pid 5341] ioctl(4, LOOP_CLR_FD) = 0 [pid 5341] close(4) = 0 [pid 5341] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5340] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] open("./file0", O_RDONLY) = 4 [pid 5341] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5340] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5340] <... futex resumed>) = 0 [pid 5341] <... ioctl resumed>) = 0 [pid 5340] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] <... futex resumed>) = 0 [pid 5341] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5340] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.622653][ T5341] BTRFS info (device loop0): disabling free space tree [ 93.629743][ T5341] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 93.639646][ T5341] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 93.652926][ T5341] BTRFS info (device loop0): checking UUID tree [pid 5340] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 93.695488][ T5341] BTRFS info (device loop0): balance: start -d -m [ 93.705510][ T5341] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5340] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5340] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5359 attached => {parent_tid=[5359]}, 88) = 5359 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5340] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5359] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5340] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5359] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5359] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5340] <... futex resumed>) = 0 [pid 5359] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5340] <... futex resumed>) = 0 [pid 5359] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 93.744232][ T5341] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5340] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5340] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5340] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5360 attached [pid 5360] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5340] <... clone3 resumed> => {parent_tid=[5360]}, 88) = 5360 [pid 5360] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], [pid 5360] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5340] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5340] <... futex resumed>) = 1 [pid 5360] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5340] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5360] <... futex resumed>) = 0 [ 93.862773][ T5341] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5360] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] <... ioctl resumed>) = 0 [pid 5359] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5341] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5340] exit_group(0 [pid 5360] <... futex resumed>) = ? [pid 5360] +++ exited with 0 +++ [pid 5359] <... futex resumed>) = ? [pid 5359] +++ exited with 0 +++ [pid 5341] <... futex resumed>) = ? [pid 5340] <... exit_group resumed>) = ? [pid 5341] +++ exited with 0 +++ [pid 5340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5340, si_uid=0, si_status=0, si_utime=0, si_stime=44 /* 0.44 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 [ 93.979427][ T5341] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 94.000680][ T5341] BTRFS info (device loop0): balance: ended with status: 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 94.100955][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5361 attached , child_tidptr=0x5555561f7690) = 5361 [pid 5361] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5361] chdir("./14") = 0 [pid 5361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5361] setpgid(0, 0) = 0 [pid 5361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5361] write(3, "1000", 4) = 4 [pid 5361] close(3) = 0 [pid 5361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5361] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5361] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5362 attached [pid 5362] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5361] <... clone3 resumed> => {parent_tid=[5362]}, 88) = 5362 [pid 5362] <... rseq resumed>) = 0 [pid 5361] rt_sigprocmask(SIG_SETMASK, [], [pid 5362] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 5361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5362] rt_sigprocmask(SIG_SETMASK, [], [pid 5361] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] <... futex resumed>) = 0 [pid 5362] memfd_create("syzkaller", 0 [pid 5361] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5362] <... memfd_create resumed>) = 3 [pid 5362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5362] munmap(0x7f65a1800000, 138412032) = 0 [pid 5362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5362] close(3) = 0 [pid 5362] mkdir("./file0", 0777) = 0 [ 94.581006][ T5362] loop0: detected capacity change from 0 to 32768 [ 94.606832][ T5362] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5362) [ 94.624371][ T5362] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 94.634568][ T5362] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 94.643804][ T5362] BTRFS info (device loop0): disk space caching is enabled [ 94.667909][ T5362] BTRFS info (device loop0): rebuilding free space tree [pid 5362] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5362] chdir("./file0") = 0 [pid 5362] ioctl(4, LOOP_CLR_FD) = 0 [pid 5362] close(4) = 0 [pid 5362] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] <... futex resumed>) = 0 [pid 5362] open("./file0", O_RDONLY [pid 5361] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... open resumed>) = 4 [pid 5362] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5362] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5361] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] <... futex resumed>) = 0 [pid 5362] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5361] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5362] <... ioctl resumed>) = 0 [pid 5362] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5362] <... futex resumed>) = 1 [pid 5361] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 94.680736][ T5362] BTRFS info (device loop0): disabling free space tree [ 94.687899][ T5362] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 94.697710][ T5362] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 94.711111][ T5362] BTRFS info (device loop0): checking UUID tree [ 94.767101][ T5362] BTRFS info (device loop0): balance: start -d -m [ 94.778984][ T5362] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5361] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5361] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5361] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5380 attached [pid 5380] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5361] <... clone3 resumed> => {parent_tid=[5380]}, 88) = 5380 [pid 5380] <... rseq resumed>) = 0 [pid 5361] rt_sigprocmask(SIG_SETMASK, [], [pid 5380] set_robust_list(0x7f65a9df89a0, 24 [pid 5361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5380] <... set_robust_list resumed>) = 0 [pid 5361] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], [pid 5361] <... futex resumed>) = 0 [pid 5380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5380] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5380] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 0 [pid 5380] <... futex resumed>) = 1 [pid 5361] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5361] <... futex resumed>) = 0 [ 94.807280][ T5362] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5361] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5361] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5361] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5381]}, 88) = 5381 ./strace-static-x86_64: Process 5381 attached [pid 5361] rt_sigprocmask(SIG_SETMASK, [], [pid 5381] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5361] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... rseq resumed>) = 0 [pid 5381] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5381] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5381] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5361] <... futex resumed>) = 0 [pid 5381] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] <... ioctl resumed>) = 0 [pid 5380] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 5362] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] exit_group(0 [pid 5381] <... futex resumed>) = ? [pid 5362] <... futex resumed>) = ? [pid 5361] <... exit_group resumed>) = ? [pid 5381] +++ exited with 0 +++ [pid 5380] <... futex resumed>) = ? [pid 5362] +++ exited with 0 +++ [pid 5380] +++ exited with 0 +++ [pid 5361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5361, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 95.017539][ T5362] BTRFS info (device loop0): 1 enospc errors during balance [ 95.025072][ T5362] BTRFS info (device loop0): balance: ended with status: -28 [ 95.077750][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5382 attached , child_tidptr=0x5555561f7690) = 5382 [pid 5382] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5382] chdir("./15") = 0 [pid 5382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5382] setpgid(0, 0) = 0 [pid 5382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5382] write(3, "1000", 4) = 4 [pid 5382] close(3) = 0 [pid 5382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5382] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5382] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5382] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5383 attached [pid 5383] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5382] <... clone3 resumed> => {parent_tid=[5383]}, 88) = 5383 [pid 5383] set_robust_list(0x7f65a9e199a0, 24 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], [pid 5383] <... set_robust_list resumed>) = 0 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], [pid 5382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5382] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] memfd_create("syzkaller", 0 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5383] <... memfd_create resumed>) = 3 [pid 5383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5383] munmap(0x7f65a1800000, 138412032) = 0 [pid 5383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5383] close(3) = 0 [pid 5383] mkdir("./file0", 0777) = 0 [ 95.541470][ T5383] loop0: detected capacity change from 0 to 32768 [ 95.555699][ T5383] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5383) [ 95.571734][ T5383] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 95.582218][ T5383] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 95.591883][ T5383] BTRFS info (device loop0): disk space caching is enabled [ 95.615663][ T5383] BTRFS info (device loop0): rebuilding free space tree [ 95.629527][ T5383] BTRFS info (device loop0): disabling free space tree [pid 5383] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5383] chdir("./file0") = 0 [pid 5383] ioctl(4, LOOP_CLR_FD) = 0 [pid 5383] close(4) = 0 [pid 5383] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] open("./file0", O_RDONLY) = 4 [pid 5383] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5383] <... futex resumed>) = 0 [pid 5382] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5382] <... futex resumed>) = 0 [pid 5383] <... ioctl resumed>) = 0 [pid 5382] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5383] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5382] <... futex resumed>) = 0 [pid 5382] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5383] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 95.637080][ T5383] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 95.647342][ T5383] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 95.662050][ T5383] BTRFS info (device loop0): checking UUID tree [pid 5382] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5382] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5382] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5401 attached => {parent_tid=[5401]}, 88) = 5401 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5382] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5382] <... futex resumed>) = 0 [pid 5401] <... rseq resumed>) = 0 [pid 5401] set_robust_list(0x7f65a9df89a0, 24 [pid 5382] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5401] <... set_robust_list resumed>) = 0 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5401] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5401] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5401] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5382] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5382] <... futex resumed>) = 0 [pid 5401] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 95.708044][ T5383] BTRFS info (device loop0): balance: start -d -m [ 95.716837][ T5383] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 95.741785][ T5383] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5382] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5382] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5382] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5402 attached => {parent_tid=[5402]}, 88) = 5402 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], [pid 5402] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5402] <... rseq resumed>) = 0 [pid 5382] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] set_robust_list(0x7f65a9dd79a0, 24 [pid 5382] <... futex resumed>) = 0 [pid 5402] <... set_robust_list resumed>) = 0 [pid 5382] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5402] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5402] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5402] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] <... ioctl resumed>) = 0 [pid 5401] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.945313][ T5383] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 95.983086][ T5383] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5401] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5383] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5382] exit_group(0 [pid 5402] <... futex resumed>) = ? [pid 5401] <... futex resumed>) = ? [pid 5383] <... futex resumed>) = ? [pid 5382] <... exit_group resumed>) = ? [pid 5402] +++ exited with 0 +++ [pid 5383] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ [pid 5382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5382, si_uid=0, si_status=0, si_utime=0, si_stime=44 /* 0.44 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 96.011082][ T5383] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 96.103093][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5403 attached , child_tidptr=0x5555561f7690) = 5403 [pid 5403] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5403] chdir("./16") = 0 [pid 5403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5403] setpgid(0, 0) = 0 [pid 5403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5403] write(3, "1000", 4) = 4 [pid 5403] close(3) = 0 [pid 5403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5403] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5403] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5404 attached [pid 5404] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5403] <... clone3 resumed> => {parent_tid=[5404]}, 88) = 5404 [pid 5404] set_robust_list(0x7f65a9e199a0, 24 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], [pid 5404] <... set_robust_list resumed>) = 0 [pid 5403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], [pid 5403] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] <... futex resumed>) = 0 [pid 5404] memfd_create("syzkaller", 0 [pid 5403] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5404] <... memfd_create resumed>) = 3 [pid 5404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5404] munmap(0x7f65a1800000, 138412032) = 0 [pid 5404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5404] close(3) = 0 [pid 5404] mkdir("./file0", 0777) = 0 [ 96.538886][ T5404] loop0: detected capacity change from 0 to 32768 [ 96.569290][ T5404] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5404) [ 96.586969][ T5404] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 96.597251][ T5404] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 96.606629][ T5404] BTRFS info (device loop0): disk space caching is enabled [pid 5404] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5404] chdir("./file0") = 0 [pid 5404] ioctl(4, LOOP_CLR_FD) = 0 [pid 5404] close(4) = 0 [pid 5404] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... futex resumed>) = 0 [ 96.630878][ T5404] BTRFS info (device loop0): rebuilding free space tree [ 96.643352][ T5404] BTRFS info (device loop0): disabling free space tree [ 96.650345][ T5404] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 96.660067][ T5404] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 96.674404][ T5404] BTRFS info (device loop0): checking UUID tree [pid 5404] open("./file0", O_RDONLY) = 4 [pid 5404] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] <... ioctl resumed>) = 0 [pid 5404] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5403] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5404] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5403] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5403] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5403] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5403] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5422 attached => {parent_tid=[5422]}, 88) = 5422 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5403] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5422] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [ 96.745492][ T5404] BTRFS info (device loop0): balance: start -d -m [ 96.756132][ T5404] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5422] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5422] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5422] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5422] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5403] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 96.801291][ T5404] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5403] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5403] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5403] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5423 attached => {parent_tid=[5423]}, 88) = 5423 [pid 5423] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5423] <... rseq resumed>) = 0 [pid 5403] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5423] set_robust_list(0x7f65a9dd79a0, 24 [pid 5403] <... futex resumed>) = 0 [pid 5423] <... set_robust_list resumed>) = 0 [pid 5403] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5423] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5423] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5403] <... futex resumed>) = 0 [pid 5423] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5422] <... ioctl resumed>) = 0 [pid 5422] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 96.991550][ T5404] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 97.019749][ T5404] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5422] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5404] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5403] exit_group(0 [pid 5422] <... futex resumed>) = ? [pid 5423] <... futex resumed>) = ? [pid 5404] <... futex resumed>) = ? [pid 5403] <... exit_group resumed>) = ? [pid 5423] +++ exited with 0 +++ [pid 5422] +++ exited with 0 +++ [pid 5404] +++ exited with 0 +++ [pid 5403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5403, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 97.040967][ T5404] BTRFS info (device loop0): balance: ended with status: 0 [ 97.086832][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5424 attached , child_tidptr=0x5555561f7690) = 5424 [pid 5424] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5424] chdir("./17") = 0 [pid 5424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5424] setpgid(0, 0) = 0 [pid 5424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5424] write(3, "1000", 4) = 4 [pid 5424] close(3) = 0 [pid 5424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5424] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5424] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5424] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5425 attached => {parent_tid=[5425]}, 88) = 5425 [pid 5425] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5425] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], [pid 5424] rt_sigprocmask(SIG_SETMASK, [], [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5425] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5425] memfd_create("syzkaller", 0) = 3 [pid 5425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5425] munmap(0x7f65a1800000, 138412032) = 0 [pid 5425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5425] close(3) = 0 [pid 5425] mkdir("./file0", 0777) = 0 [ 97.563064][ T5425] loop0: detected capacity change from 0 to 32768 [ 97.590715][ T5425] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5425) [ 97.606912][ T5425] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 97.617137][ T5425] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 97.626423][ T5425] BTRFS info (device loop0): disk space caching is enabled [pid 5425] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5425] chdir("./file0") = 0 [ 97.657867][ T5425] BTRFS info (device loop0): rebuilding free space tree [ 97.670804][ T5425] BTRFS info (device loop0): disabling free space tree [ 97.677746][ T5425] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 97.687635][ T5425] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [pid 5425] ioctl(4, LOOP_CLR_FD) = 0 [pid 5425] close(4) = 0 [pid 5425] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5425] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5424] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] open("./file0", O_RDONLY) = 4 [ 97.702415][ T5425] BTRFS info (device loop0): checking UUID tree [pid 5425] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5424] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5425] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5425] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5424] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5424] <... futex resumed>) = 0 [ 97.789821][ T5425] BTRFS info (device loop0): balance: start -d -m [ 97.799292][ T5425] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5424] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5424] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5424] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5443]}, 88) = 5443 [pid 5424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5424] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5443 attached [pid 5443] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5443] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5443] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5443] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5443] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5424] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 97.834602][ T5425] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5443] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5424] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5424] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5424] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5444]}, 88) = 5444 ./strace-static-x86_64: Process 5444 attached [pid 5424] rt_sigprocmask(SIG_SETMASK, [], [pid 5444] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5444] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5444] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5424] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5424] <... futex resumed>) = 1 [pid 5444] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5424] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5444] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5444] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] <... ioctl resumed>) = 0 [pid 5443] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.999798][ T5425] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 98.025485][ T5425] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5443] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5425] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5424] exit_group(0 [pid 5444] <... futex resumed>) = ? [pid 5444] +++ exited with 0 +++ [pid 5443] <... futex resumed>) = ? [pid 5443] +++ exited with 0 +++ [pid 5425] <... futex resumed>) = ? [pid 5424] <... exit_group resumed>) = ? [pid 5425] +++ exited with 0 +++ [pid 5424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5424, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 98.046391][ T5425] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 98.151397][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5445 attached , child_tidptr=0x5555561f7690) = 5445 [pid 5445] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5445] chdir("./18") = 0 [pid 5445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5445] setpgid(0, 0) = 0 [pid 5445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5445] write(3, "1000", 4) = 4 [pid 5445] close(3) = 0 [pid 5445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5445] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5445] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5445] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5446 attached [pid 5446] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5445] <... clone3 resumed> => {parent_tid=[5446]}, 88) = 5446 [pid 5446] <... rseq resumed>) = 0 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], [pid 5446] set_robust_list(0x7f65a9e199a0, 24 [pid 5445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5446] <... set_robust_list resumed>) = 0 [pid 5445] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5445] <... futex resumed>) = 0 [pid 5446] memfd_create("syzkaller", 0 [pid 5445] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5446] <... memfd_create resumed>) = 3 [pid 5446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5446] munmap(0x7f65a1800000, 138412032) = 0 [pid 5446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5446] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5446] close(3) = 0 [pid 5446] mkdir("./file0", 0777) = 0 [ 98.544111][ T5446] loop0: detected capacity change from 0 to 32768 [ 98.564281][ T5446] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5446) [ 98.580964][ T5446] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 98.591177][ T5446] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 98.600465][ T5446] BTRFS info (device loop0): disk space caching is enabled [ 98.625161][ T5446] BTRFS info (device loop0): rebuilding free space tree [pid 5446] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5446] chdir("./file0") = 0 [pid 5446] ioctl(4, LOOP_CLR_FD) = 0 [pid 5446] close(4) = 0 [pid 5446] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] <... futex resumed>) = 0 [pid 5446] open("./file0", O_RDONLY [pid 5445] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] <... open resumed>) = 4 [pid 5446] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] <... futex resumed>) = 0 [pid 5446] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [ 98.639201][ T5446] BTRFS info (device loop0): disabling free space tree [ 98.646216][ T5446] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 98.656286][ T5446] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 98.670219][ T5446] BTRFS info (device loop0): checking UUID tree [pid 5445] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... ioctl resumed>) = 0 [pid 5445] <... futex resumed>) = 0 [pid 5446] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5445] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5445] <... futex resumed>) = 1 [pid 5445] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5445] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5445] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5464 attached [pid 5464] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5445] <... clone3 resumed> => {parent_tid=[5464]}, 88) = 5464 [pid 5464] <... rseq resumed>) = 0 [pid 5464] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5445] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] openat(AT_FDCWD, ".", O_RDONLY [pid 5445] <... futex resumed>) = 0 [ 98.753210][ T5446] BTRFS info (device loop0): balance: start -d -m [ 98.763528][ T5446] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 98.792674][ T5446] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5464] <... openat resumed>) = 5 [pid 5445] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5464] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5445] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5445] <... futex resumed>) = 1 [pid 5464] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5445] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5445] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5445] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5465]}, 88) = 5465 ./strace-static-x86_64: Process 5465 attached [pid 5465] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], [pid 5465] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5465] rt_sigprocmask(SIG_SETMASK, [], [pid 5445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5445] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5465] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5465] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] <... futex resumed>) = 0 [pid 5465] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] <... ioctl resumed>) = 0 [pid 5464] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.968409][ T5446] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 99.001751][ T5446] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5464] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5446] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5446] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5445] exit_group(0 [pid 5465] <... futex resumed>) = ? [pid 5464] <... futex resumed>) = ? [pid 5445] <... exit_group resumed>) = ? [pid 5465] +++ exited with 0 +++ [pid 5464] +++ exited with 0 +++ [pid 5446] +++ exited with 0 +++ [pid 5445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5445, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 99.025496][ T5446] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 99.102113][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5466 attached [pid 5466] set_robust_list(0x5555561f76a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555561f7690) = 5466 [pid 5466] <... set_robust_list resumed>) = 0 [pid 5466] chdir("./19") = 0 [pid 5466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5466] setpgid(0, 0) = 0 [pid 5466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5466] write(3, "1000", 4) = 4 [pid 5466] close(3) = 0 [pid 5466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5466] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5466] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5466] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5467 attached [pid 5467] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5466] <... clone3 resumed> => {parent_tid=[5467]}, 88) = 5467 [pid 5467] <... rseq resumed>) = 0 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], [pid 5467] set_robust_list(0x7f65a9e199a0, 24 [pid 5466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5467] <... set_robust_list resumed>) = 0 [pid 5466] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], [pid 5466] <... futex resumed>) = 0 [pid 5467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5466] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5467] memfd_create("syzkaller", 0) = 3 [pid 5467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5467] munmap(0x7f65a1800000, 138412032) = 0 [pid 5467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5467] close(3) = 0 [pid 5467] mkdir("./file0", 0777) = 0 [ 99.573704][ T5467] loop0: detected capacity change from 0 to 32768 [ 99.597898][ T5467] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5467) [ 99.613171][ T5467] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 99.623430][ T5467] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 99.632722][ T5467] BTRFS info (device loop0): disk space caching is enabled [ 99.654857][ T5467] BTRFS info (device loop0): rebuilding free space tree [pid 5467] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5467] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5467] chdir("./file0") = 0 [pid 5467] ioctl(4, LOOP_CLR_FD) = 0 [pid 5467] close(4) = 0 [pid 5467] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... futex resumed>) = 1 [pid 5467] open("./file0", O_RDONLY) = 4 [pid 5467] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5466] <... futex resumed>) = 0 [pid 5466] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] <... ioctl resumed>) = 0 [pid 5467] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5467] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5466] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.669615][ T5467] BTRFS info (device loop0): disabling free space tree [ 99.676522][ T5467] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 99.686328][ T5467] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 99.700498][ T5467] BTRFS info (device loop0): checking UUID tree [pid 5466] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5466] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5466] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5466] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5485]}, 88) = 5485 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5466] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5485 attached [pid 5485] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5485] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5485] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5485] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5485] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5466] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.748213][ T5467] BTRFS info (device loop0): balance: start -d -m [ 99.757185][ T5467] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 99.786271][ T5467] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5466] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5466] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5466] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5486 attached [pid 5486] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5466] <... clone3 resumed> => {parent_tid=[5486]}, 88) = 5486 [pid 5486] <... rseq resumed>) = 0 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], [pid 5486] set_robust_list(0x7f65a9dd79a0, 24 [pid 5466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5486] <... set_robust_list resumed>) = 0 [pid 5466] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], [pid 5466] <... futex resumed>) = 0 [pid 5486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5466] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5486] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5486] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] <... futex resumed>) = 0 [pid 5486] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5485] <... ioctl resumed>) = 0 [pid 5485] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.987457][ T5467] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 100.014692][ T5467] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5485] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5467] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5466] exit_group(0 [pid 5486] <... futex resumed>) = ? [pid 5485] <... futex resumed>) = ? [pid 5466] <... exit_group resumed>) = ? [pid 5467] <... futex resumed>) = ? [pid 5486] +++ exited with 0 +++ [pid 5485] +++ exited with 0 +++ [pid 5467] +++ exited with 0 +++ [pid 5466] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5466, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 100.035645][ T5467] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 100.124567][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5487 attached , child_tidptr=0x5555561f7690) = 5487 [pid 5487] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5487] chdir("./20") = 0 [pid 5487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5487] setpgid(0, 0) = 0 [pid 5487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5487] write(3, "1000", 4) = 4 [pid 5487] close(3) = 0 [pid 5487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5487] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5487] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5488 attached [pid 5488] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5487] <... clone3 resumed> => {parent_tid=[5488]}, 88) = 5488 [pid 5488] set_robust_list(0x7f65a9e199a0, 24 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], [pid 5488] <... set_robust_list resumed>) = 0 [pid 5487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5488] rt_sigprocmask(SIG_SETMASK, [], [pid 5487] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5487] <... futex resumed>) = 0 [pid 5488] memfd_create("syzkaller", 0 [pid 5487] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5488] <... memfd_create resumed>) = 3 [pid 5488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5488] munmap(0x7f65a1800000, 138412032) = 0 [pid 5488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5488] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5488] close(3) = 0 [pid 5488] mkdir("./file0", 0777) = 0 [ 100.550595][ T5488] loop0: detected capacity change from 0 to 32768 [ 100.565863][ T5488] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5488) [ 100.582958][ T5488] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 100.593194][ T5488] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 100.602441][ T5488] BTRFS info (device loop0): disk space caching is enabled [ 100.627388][ T5488] BTRFS info (device loop0): rebuilding free space tree [ 100.639680][ T5488] BTRFS info (device loop0): disabling free space tree [pid 5488] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5488] chdir("./file0") = 0 [pid 5488] ioctl(4, LOOP_CLR_FD) = 0 [pid 5488] close(4) = 0 [pid 5488] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] <... futex resumed>) = 1 [pid 5487] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] open("./file0", O_RDONLY) = 4 [pid 5488] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5488] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5487] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] <... ioctl resumed>) = 0 [ 100.646664][ T5488] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 100.656819][ T5488] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 100.671304][ T5488] BTRFS info (device loop0): checking UUID tree [pid 5488] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] <... futex resumed>) = 0 [ 100.754659][ T5488] BTRFS info (device loop0): balance: start -d -m [ 100.765956][ T5488] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5488] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5487] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5487] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5487] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5506 attached => {parent_tid=[5506]}, 88) = 5506 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5487] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5506] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5506] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5506] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] <... futex resumed>) = 0 [pid 5506] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5487] <... futex resumed>) = 0 [pid 5506] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 100.799341][ T5488] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5487] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5487] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5487] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5507 attached => {parent_tid=[5507]}, 88) = 5507 [pid 5507] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], [pid 5507] <... rseq resumed>) = 0 [pid 5487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5507] set_robust_list(0x7f65a9dd79a0, 24 [pid 5487] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... set_robust_list resumed>) = 0 [pid 5507] rt_sigprocmask(SIG_SETMASK, [], [pid 5487] <... futex resumed>) = 0 [pid 5507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5487] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5507] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] <... futex resumed>) = 0 [pid 5507] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] <... ioctl resumed>) = 0 [pid 5506] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.985827][ T5488] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 101.014513][ T5488] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5506] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5488] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5487] exit_group(0) = ? [pid 5507] <... futex resumed>) = ? [pid 5506] <... futex resumed>) = ? [pid 5488] <... futex resumed>) = ? [pid 5507] +++ exited with 0 +++ [pid 5506] +++ exited with 0 +++ [pid 5488] +++ exited with 0 +++ [pid 5487] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5487, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=38 /* 0.38 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 101.035394][ T5488] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 101.130140][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5508 attached , child_tidptr=0x5555561f7690) = 5508 [pid 5508] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5508] chdir("./21") = 0 [pid 5508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5508] setpgid(0, 0) = 0 [pid 5508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5508] write(3, "1000", 4) = 4 [pid 5508] close(3) = 0 [pid 5508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5508] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5508] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5509 attached [pid 5509] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5508] <... clone3 resumed> => {parent_tid=[5509]}, 88) = 5509 [pid 5509] <... rseq resumed>) = 0 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], [pid 5509] set_robust_list(0x7f65a9e199a0, 24 [pid 5508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5509] <... set_robust_list resumed>) = 0 [pid 5508] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5508] <... futex resumed>) = 0 [pid 5508] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5509] memfd_create("syzkaller", 0) = 3 [pid 5509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5509] munmap(0x7f65a1800000, 138412032) = 0 [pid 5509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5509] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5509] close(3) = 0 [pid 5509] mkdir("./file0", 0777) = 0 [ 101.557681][ T5509] loop0: detected capacity change from 0 to 32768 [ 101.583153][ T5509] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5509) [ 101.599735][ T5509] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 101.609965][ T5509] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 101.619363][ T5509] BTRFS info (device loop0): disk space caching is enabled [ 101.643419][ T5509] BTRFS info (device loop0): rebuilding free space tree [pid 5509] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5509] chdir("./file0") = 0 [pid 5509] ioctl(4, LOOP_CLR_FD) = 0 [pid 5509] close(4) = 0 [pid 5509] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5509] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5508] <... futex resumed>) = 0 [pid 5509] open("./file0", O_RDONLY [pid 5508] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] <... open resumed>) = 4 [pid 5509] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5509] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5508] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] <... ioctl resumed>) = 0 [pid 5508] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [ 101.656459][ T5509] BTRFS info (device loop0): disabling free space tree [ 101.663665][ T5509] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 101.673390][ T5509] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 101.686673][ T5509] BTRFS info (device loop0): checking UUID tree [pid 5509] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5508] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 101.753372][ T5509] BTRFS info (device loop0): balance: start -d -m [ 101.764807][ T5509] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5508] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5508] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5508] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5527 attached => {parent_tid=[5527]}, 88) = 5527 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5508] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5508] <... futex resumed>) = 0 [pid 5527] <... rseq resumed>) = 0 [pid 5527] set_robust_list(0x7f65a9df89a0, 24 [pid 5508] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... set_robust_list resumed>) = 0 [pid 5527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5527] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5527] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5527] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5508] <... futex resumed>) = 0 [pid 5527] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 101.797012][ T5509] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5508] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5508] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5508] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5528 attached [pid 5528] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5508] <... clone3 resumed> => {parent_tid=[5528]}, 88) = 5528 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5508] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5528] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5528] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5508] <... futex resumed>) = 0 [pid 5528] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] <... ioctl resumed>) = 0 [pid 5527] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 101.960712][ T5509] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 101.986418][ T5509] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5527] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5509] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5509] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5508] exit_group(0 [pid 5528] <... futex resumed>) = ? [pid 5527] <... futex resumed>) = ? [pid 5508] <... exit_group resumed>) = ? [pid 5509] <... futex resumed>) = ? [pid 5527] +++ exited with 0 +++ [pid 5509] +++ exited with 0 +++ [pid 5528] +++ exited with 0 +++ [pid 5508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5508, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=39 /* 0.39 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 102.006721][ T5509] BTRFS info (device loop0): balance: ended with status: 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 102.035271][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5529 attached [pid 5529] set_robust_list(0x5555561f76a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555561f7690) = 5529 [pid 5529] <... set_robust_list resumed>) = 0 [pid 5529] chdir("./22") = 0 [pid 5529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5529] setpgid(0, 0) = 0 [pid 5529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5529] write(3, "1000", 4) = 4 [pid 5529] close(3) = 0 [pid 5529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5529] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5529] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5530 attached [pid 5530] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5529] <... clone3 resumed> => {parent_tid=[5530]}, 88) = 5530 [pid 5530] set_robust_list(0x7f65a9e199a0, 24 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5530] <... set_robust_list resumed>) = 0 [pid 5530] rt_sigprocmask(SIG_SETMASK, [], [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] memfd_create("syzkaller", 0 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5530] <... memfd_create resumed>) = 3 [pid 5530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5530] munmap(0x7f65a1800000, 138412032) = 0 [pid 5530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5530] close(3) = 0 [pid 5530] mkdir("./file0", 0777) = 0 [ 102.492526][ T5530] loop0: detected capacity change from 0 to 32768 [ 102.508083][ T5530] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5530) [ 102.524344][ T5530] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 102.534662][ T5530] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 102.544389][ T5530] BTRFS info (device loop0): disk space caching is enabled [ 102.567540][ T5530] BTRFS info (device loop0): rebuilding free space tree [ 102.579773][ T5530] BTRFS info (device loop0): disabling free space tree [pid 5530] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5530] chdir("./file0") = 0 [pid 5530] ioctl(4, LOOP_CLR_FD) = 0 [pid 5530] close(4) = 0 [pid 5530] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] open("./file0", O_RDONLY [pid 5529] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... open resumed>) = 4 [pid 5530] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5529] <... futex resumed>) = 0 [pid 5530] <... ioctl resumed>) = 0 [pid 5529] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 102.586695][ T5530] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 102.596454][ T5530] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 102.609966][ T5530] BTRFS info (device loop0): checking UUID tree [pid 5530] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5530] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] <... futex resumed>) = 0 [pid 5530] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5529] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5529] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5529] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5548 attached => {parent_tid=[5548]}, 88) = 5548 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5529] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5548] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5548] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5548] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5548] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] <... futex resumed>) = 0 [pid 5548] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5529] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5529] <... futex resumed>) = 1 [pid 5548] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 102.688136][ T5530] BTRFS info (device loop0): balance: start -d -m [ 102.699765][ T5530] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 102.726593][ T5530] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5529] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5529] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5529] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5549]}, 88) = 5549 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5529] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5529] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5549 attached [pid 5549] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5549] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5549] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5549] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = 0 [pid 5549] <... futex resumed>) = 1 [pid 5549] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] <... ioctl resumed>) = 0 [pid 5548] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 102.892683][ T5530] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 102.919547][ T5530] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5548] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5530] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5530] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] exit_group(0 [pid 5549] <... futex resumed>) = ? [pid 5529] <... exit_group resumed>) = ? [pid 5548] <... futex resumed>) = ? [pid 5549] +++ exited with 0 +++ [pid 5548] +++ exited with 0 +++ [pid 5530] <... futex resumed>) = ? [pid 5530] +++ exited with 0 +++ [pid 5529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5529, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 102.941342][ T5530] BTRFS info (device loop0): balance: ended with status: 0 [ 102.966169][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5550 attached , child_tidptr=0x5555561f7690) = 5550 [pid 5550] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5550] chdir("./23") = 0 [pid 5550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5550] setpgid(0, 0) = 0 [pid 5550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5550] write(3, "1000", 4) = 4 [pid 5550] close(3) = 0 [pid 5550] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5550] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5550] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5550] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5550] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5551 attached [pid 5551] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5551] set_robust_list(0x7f65a9e199a0, 24 [pid 5550] <... clone3 resumed> => {parent_tid=[5551]}, 88) = 5551 [pid 5551] <... set_robust_list resumed>) = 0 [pid 5550] rt_sigprocmask(SIG_SETMASK, [], [pid 5551] rt_sigprocmask(SIG_SETMASK, [], [pid 5550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5550] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] memfd_create("syzkaller", 0 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5551] <... memfd_create resumed>) = 3 [pid 5551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5551] munmap(0x7f65a1800000, 138412032) = 0 [pid 5551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5551] close(3) = 0 [pid 5551] mkdir("./file0", 0777) = 0 [ 103.407754][ T5551] loop0: detected capacity change from 0 to 32768 [ 103.422876][ T5551] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5551) [ 103.440853][ T5551] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 103.451643][ T5551] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 103.460934][ T5551] BTRFS info (device loop0): disk space caching is enabled [ 103.483432][ T5551] BTRFS info (device loop0): rebuilding free space tree [ 103.495980][ T5551] BTRFS info (device loop0): disabling free space tree [pid 5551] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5551] chdir("./file0") = 0 [pid 5551] ioctl(4, LOOP_CLR_FD) = 0 [pid 5551] close(4) = 0 [ 103.503051][ T5551] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 103.512809][ T5551] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 103.526099][ T5551] BTRFS info (device loop0): checking UUID tree [pid 5551] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5550] <... futex resumed>) = 0 [pid 5551] open("./file0", O_RDONLY) = 4 [pid 5550] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5550] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5551] <... ioctl resumed>) = 0 [pid 5551] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5551] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5550] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 0 [pid 5550] <... futex resumed>) = 1 [pid 5551] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5550] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5550] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5550] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5550] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5569 attached => {parent_tid=[5569]}, 88) = 5569 [pid 5569] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5550] rt_sigprocmask(SIG_SETMASK, [], [pid 5569] <... rseq resumed>) = 0 [pid 5550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5569] set_robust_list(0x7f65a9df89a0, 24 [pid 5550] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... set_robust_list resumed>) = 0 [pid 5550] <... futex resumed>) = 0 [pid 5569] rt_sigprocmask(SIG_SETMASK, [], [pid 5550] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5569] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5569] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5550] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 103.614983][ T5551] BTRFS info (device loop0): balance: start -d -m [ 103.625978][ T5551] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 103.651297][ T5551] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5569] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5550] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5550] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5550] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5550] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5550] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5550] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5570]}, 88) = 5570 [pid 5550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5550] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5550] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5570 attached [pid 5570] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5570] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5570] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5570] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5550] <... futex resumed>) = 0 [pid 5570] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5569] <... ioctl resumed>) = 0 [pid 5569] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 103.821527][ T5551] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 103.851007][ T5551] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5569] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5551] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5551] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] exit_group(0 [pid 5570] <... futex resumed>) = ? [pid 5569] <... futex resumed>) = ? [pid 5551] <... futex resumed>) = ? [pid 5550] <... exit_group resumed>) = ? [pid 5570] +++ exited with 0 +++ [pid 5569] +++ exited with 0 +++ [pid 5551] +++ exited with 0 +++ [pid 5550] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5550, si_uid=0, si_status=0, si_utime=0, si_stime=39 /* 0.39 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 103.871569][ T5551] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 103.958402][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5571 attached , child_tidptr=0x5555561f7690) = 5571 [pid 5571] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5571] chdir("./24") = 0 [pid 5571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5571] setpgid(0, 0) = 0 [pid 5571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5571] write(3, "1000", 4) = 4 [pid 5571] close(3) = 0 [pid 5571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5571] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5571] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5571] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5572 attached => {parent_tid=[5572]}, 88) = 5572 [pid 5572] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5572] set_robust_list(0x7f65a9e199a0, 24 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], [pid 5572] <... set_robust_list resumed>) = 0 [pid 5571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5572] rt_sigprocmask(SIG_SETMASK, [], [pid 5571] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5571] <... futex resumed>) = 0 [pid 5571] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5572] memfd_create("syzkaller", 0) = 3 [pid 5572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5572] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5572] munmap(0x7f65a1800000, 138412032) = 0 [pid 5572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5572] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5572] close(3) = 0 [pid 5572] mkdir("./file0", 0777) = 0 [ 104.460317][ T5572] loop0: detected capacity change from 0 to 32768 [ 104.480793][ T5572] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5572) [ 104.497967][ T5572] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 104.508198][ T5572] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 104.517456][ T5572] BTRFS info (device loop0): disk space caching is enabled [ 104.541210][ T5572] BTRFS info (device loop0): rebuilding free space tree [pid 5572] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5572] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5572] chdir("./file0") = 0 [pid 5572] ioctl(4, LOOP_CLR_FD) = 0 [pid 5572] close(4) = 0 [pid 5572] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5572] open("./file0", O_RDONLY [ 104.554994][ T5572] BTRFS info (device loop0): disabling free space tree [ 104.562105][ T5572] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 104.572372][ T5572] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 104.585747][ T5572] BTRFS info (device loop0): checking UUID tree [pid 5571] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... open resumed>) = 4 [pid 5571] <... futex resumed>) = 0 [pid 5572] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] <... futex resumed>) = 0 [pid 5571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5572] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] <... futex resumed>) = 0 [pid 5572] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5571] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] <... ioctl resumed>) = 0 [pid 5572] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5572] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] <... futex resumed>) = 0 [pid 5572] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 104.658413][ T5572] BTRFS info (device loop0): balance: start -d -m [ 104.669694][ T5572] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5571] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5571] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5571] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5590 attached => {parent_tid=[5590]}, 88) = 5590 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5571] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5590] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5590] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5590] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5590] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] <... futex resumed>) = 0 [pid 5590] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 104.699401][ T5572] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5571] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5571] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5571] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5571] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5591 attached [pid 5591] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5571] <... clone3 resumed> => {parent_tid=[5591]}, 88) = 5591 [pid 5591] <... rseq resumed>) = 0 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], [pid 5591] set_robust_list(0x7f65a9dd79a0, 24 [pid 5571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5591] <... set_robust_list resumed>) = 0 [pid 5571] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], [pid 5571] <... futex resumed>) = 0 [pid 5591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5571] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5591] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5591] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] <... ioctl resumed>) = 0 [pid 5590] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 104.887201][ T5572] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 104.915643][ T5572] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5590] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5572] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] exit_group(0 [pid 5572] <... futex resumed>) = 0 [pid 5590] <... futex resumed>) = ? [pid 5571] <... exit_group resumed>) = ? [pid 5591] <... futex resumed>) = ? [pid 5590] +++ exited with 0 +++ [pid 5572] +++ exited with 0 +++ [pid 5591] +++ exited with 0 +++ [pid 5571] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5571, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 104.935791][ T5572] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 105.020716][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561f7690) = 5592 ./strace-static-x86_64: Process 5592 attached [pid 5592] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5592] chdir("./25") = 0 [pid 5592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5592] setpgid(0, 0) = 0 [pid 5592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5592] write(3, "1000", 4) = 4 [pid 5592] close(3) = 0 [pid 5592] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5592] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5592] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5592] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5592] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5592] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5593 attached [pid 5593] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5592] <... clone3 resumed> => {parent_tid=[5593]}, 88) = 5593 [pid 5593] set_robust_list(0x7f65a9e199a0, 24 [pid 5592] rt_sigprocmask(SIG_SETMASK, [], [pid 5593] <... set_robust_list resumed>) = 0 [pid 5592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5593] rt_sigprocmask(SIG_SETMASK, [], [pid 5592] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5592] <... futex resumed>) = 0 [pid 5593] memfd_create("syzkaller", 0 [pid 5592] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5593] <... memfd_create resumed>) = 3 [pid 5593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5593] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5593] munmap(0x7f65a1800000, 138412032) = 0 [pid 5593] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5593] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5593] close(3) = 0 [pid 5593] mkdir("./file0", 0777) = 0 [ 105.489679][ T5593] loop0: detected capacity change from 0 to 32768 [ 105.510149][ T5593] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5593) [ 105.527838][ T5593] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 105.538192][ T5593] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 105.547472][ T5593] BTRFS info (device loop0): disk space caching is enabled [ 105.570565][ T5593] BTRFS info (device loop0): rebuilding free space tree [pid 5593] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5593] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5593] chdir("./file0") = 0 [pid 5593] ioctl(4, LOOP_CLR_FD) = 0 [pid 5593] close(4) = 0 [pid 5593] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = 0 [pid 5592] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... futex resumed>) = 1 [pid 5592] <... futex resumed>) = 0 [pid 5593] open("./file0", O_RDONLY [pid 5592] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] <... open resumed>) = 4 [pid 5593] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5593] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5592] <... futex resumed>) = 0 [pid 5593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5592] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5592] <... futex resumed>) = 0 [pid 5593] <... ioctl resumed>) = 0 [pid 5592] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5593] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5592] <... futex resumed>) = 0 [ 105.584517][ T5593] BTRFS info (device loop0): disabling free space tree [ 105.591656][ T5593] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 105.601821][ T5593] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 105.615197][ T5593] BTRFS info (device loop0): checking UUID tree [pid 5593] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5592] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 105.684744][ T5593] BTRFS info (device loop0): balance: start -d -m [ 105.699165][ T5593] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5592] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5592] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5592] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5592] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5592] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5611 attached => {parent_tid=[5611]}, 88) = 5611 [pid 5592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5592] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5611] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5611] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5611] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5611] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5592] <... futex resumed>) = 0 [pid 5611] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5592] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5592] <... futex resumed>) = 1 [pid 5611] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 105.731762][ T5593] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5592] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5592] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5592] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5592] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5592] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5592] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5592] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5612 attached => {parent_tid=[5612]}, 88) = 5612 [pid 5592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5592] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5592] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5612] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5612] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5612] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5592] <... futex resumed>) = 0 [pid 5612] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] <... ioctl resumed>) = 0 [pid 5611] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 105.914280][ T5593] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 105.941360][ T5593] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5611] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5593] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5593] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5592] exit_group(0 [pid 5611] <... futex resumed>) = ? [pid 5593] <... futex resumed>) = ? [pid 5612] <... futex resumed>) = ? [pid 5592] <... exit_group resumed>) = ? [pid 5612] +++ exited with 0 +++ [pid 5593] +++ exited with 0 +++ [pid 5611] +++ exited with 0 +++ [pid 5592] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5592, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 105.961821][ T5593] BTRFS info (device loop0): balance: ended with status: 0 [ 105.997898][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5613 attached , child_tidptr=0x5555561f7690) = 5613 [pid 5613] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5613] chdir("./26") = 0 [pid 5613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5613] setpgid(0, 0) = 0 [pid 5613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5613] write(3, "1000", 4) = 4 [pid 5613] close(3) = 0 [pid 5613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5613] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5613] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5613] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5613] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5614 attached [pid 5614] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5613] <... clone3 resumed> => {parent_tid=[5614]}, 88) = 5614 [pid 5614] set_robust_list(0x7f65a9e199a0, 24 [pid 5613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5614] <... set_robust_list resumed>) = 0 [pid 5613] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] rt_sigprocmask(SIG_SETMASK, [], [pid 5613] <... futex resumed>) = 0 [pid 5614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5613] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5614] memfd_create("syzkaller", 0) = 3 [pid 5614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5614] munmap(0x7f65a1800000, 138412032) = 0 [pid 5614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5614] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5614] close(3) = 0 [pid 5614] mkdir("./file0", 0777) = 0 [ 106.402947][ T5614] loop0: detected capacity change from 0 to 32768 [ 106.422996][ T5614] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5614) [ 106.439302][ T5614] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 106.449526][ T5614] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 106.458931][ T5614] BTRFS info (device loop0): disk space caching is enabled [ 106.483236][ T5614] BTRFS info (device loop0): rebuilding free space tree [ 106.495589][ T5614] BTRFS info (device loop0): disabling free space tree [pid 5614] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5614] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5614] chdir("./file0") = 0 [pid 5614] ioctl(4, LOOP_CLR_FD) = 0 [pid 5614] close(4) = 0 [pid 5614] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] <... futex resumed>) = 0 [pid 5614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5613] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] open("./file0", O_RDONLY [pid 5613] <... futex resumed>) = 0 [pid 5613] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] <... open resumed>) = 4 [pid 5614] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] <... futex resumed>) = 0 [pid 5613] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 106.502663][ T5614] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 106.512443][ T5614] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 106.526683][ T5614] BTRFS info (device loop0): checking UUID tree [pid 5613] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5614] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] <... futex resumed>) = 0 [pid 5613] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5614] <... futex resumed>) = 1 [pid 5614] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5613] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5613] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5613] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [ 106.621473][ T5614] BTRFS info (device loop0): balance: start -d -m [ 106.634759][ T5614] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5613] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5632]}, 88) = 5632 [pid 5613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5613] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5632 attached [pid 5632] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5632] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5632] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5632] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] <... futex resumed>) = 0 [pid 5632] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5613] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5613] <... futex resumed>) = 0 [pid 5632] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 106.662040][ T5614] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5613] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5613] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5613] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5613] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5633 attached [pid 5633] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5613] <... clone3 resumed> => {parent_tid=[5633]}, 88) = 5633 [pid 5613] rt_sigprocmask(SIG_SETMASK, [], [pid 5633] <... rseq resumed>) = 0 [pid 5613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] set_robust_list(0x7f65a9dd79a0, 24 [pid 5613] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... set_robust_list resumed>) = 0 [pid 5613] <... futex resumed>) = 0 [pid 5633] rt_sigprocmask(SIG_SETMASK, [], [pid 5613] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5633] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5613] <... futex resumed>) = 0 [pid 5633] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... ioctl resumed>) = 0 [pid 5632] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 106.845252][ T5614] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 106.871033][ T5614] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5632] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5614] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] exit_group(0 [pid 5614] <... futex resumed>) = 0 [pid 5633] <... futex resumed>) = ? [pid 5632] <... futex resumed>) = ? [pid 5613] <... exit_group resumed>) = ? [pid 5633] +++ exited with 0 +++ [pid 5614] +++ exited with 0 +++ [pid 5632] +++ exited with 0 +++ [pid 5613] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5613, si_uid=0, si_status=0, si_utime=0, si_stime=44 /* 0.44 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 106.891763][ T5614] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 106.989701][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5634 attached , child_tidptr=0x5555561f7690) = 5634 [pid 5634] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5634] chdir("./27") = 0 [pid 5634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5634] setpgid(0, 0) = 0 [pid 5634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5634] write(3, "1000", 4) = 4 [pid 5634] close(3) = 0 [pid 5634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5634] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5634] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5634] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5635 attached => {parent_tid=[5635]}, 88) = 5635 [pid 5635] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5634] rt_sigprocmask(SIG_SETMASK, [], [pid 5635] set_robust_list(0x7f65a9e199a0, 24 [pid 5634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5635] <... set_robust_list resumed>) = 0 [pid 5634] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5634] <... futex resumed>) = 0 [pid 5635] memfd_create("syzkaller", 0 [pid 5634] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5635] <... memfd_create resumed>) = 3 [pid 5635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5635] munmap(0x7f65a1800000, 138412032) = 0 [pid 5635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5635] close(3) = 0 [pid 5635] mkdir("./file0", 0777) = 0 [ 107.460645][ T5635] loop0: detected capacity change from 0 to 32768 [ 107.484664][ T5635] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5635) [ 107.502272][ T5635] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 107.512499][ T5635] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 107.521768][ T5635] BTRFS info (device loop0): disk space caching is enabled [ 107.544464][ T5635] BTRFS info (device loop0): rebuilding free space tree [pid 5635] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5635] chdir("./file0") = 0 [pid 5635] ioctl(4, LOOP_CLR_FD) = 0 [pid 5635] close(4) = 0 [pid 5635] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] <... futex resumed>) = 0 [pid 5634] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 1 [pid 5634] <... futex resumed>) = 0 [pid 5635] open("./file0", O_RDONLY [pid 5634] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... open resumed>) = 4 [pid 5635] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5634] <... futex resumed>) = 0 [pid 5635] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5634] <... futex resumed>) = 0 [pid 5635] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5634] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5635] <... ioctl resumed>) = 0 [ 107.557051][ T5635] BTRFS info (device loop0): disabling free space tree [ 107.564221][ T5635] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 107.573945][ T5635] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 107.587158][ T5635] BTRFS info (device loop0): checking UUID tree [pid 5635] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5634] <... futex resumed>) = 0 [pid 5635] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5634] <... futex resumed>) = 0 [pid 5635] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5634] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5634] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5634] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5653 attached => {parent_tid=[5653]}, 88) = 5653 [pid 5653] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5634] rt_sigprocmask(SIG_SETMASK, [], [pid 5653] <... rseq resumed>) = 0 [pid 5634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5653] set_robust_list(0x7f65a9df89a0, 24 [pid 5634] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... set_robust_list resumed>) = 0 [ 107.660856][ T5635] BTRFS info (device loop0): balance: start -d -m [ 107.671983][ T5635] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 107.699895][ T5635] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5653] rt_sigprocmask(SIG_SETMASK, [], [pid 5634] <... futex resumed>) = 0 [pid 5653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5634] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5653] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] <... futex resumed>) = 0 [pid 5634] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] <... futex resumed>) = 0 [pid 5634] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5653] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5634] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5634] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5634] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5634] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 107.756339][ T5635] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5654 attached => {parent_tid=[5654]}, 88) = 5654 [pid 5654] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5634] rt_sigprocmask(SIG_SETMASK, [], [pid 5654] <... rseq resumed>) = 0 [pid 5634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5654] set_robust_list(0x7f65a9dd79a0, 24 [pid 5634] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... set_robust_list resumed>) = 0 [pid 5634] <... futex resumed>) = 0 [pid 5654] rt_sigprocmask(SIG_SETMASK, [], [pid 5634] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5654] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5654] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5634] <... futex resumed>) = 0 [pid 5654] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] <... ioctl resumed>) = 0 [pid 5653] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5635] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5635] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5634] exit_group(0 [pid 5654] <... futex resumed>) = ? [pid 5653] <... futex resumed>) = ? [pid 5635] <... futex resumed>) = ? [pid 5654] +++ exited with 0 +++ [pid 5653] +++ exited with 0 +++ [pid 5635] +++ exited with 0 +++ [pid 5634] <... exit_group resumed>) = ? [pid 5634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5634, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=43 /* 0.43 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 107.915723][ T5635] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 107.937594][ T5635] BTRFS info (device loop0): balance: ended with status: 0 [ 108.015625][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5655 attached , child_tidptr=0x5555561f7690) = 5655 [pid 5655] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5655] chdir("./28") = 0 [pid 5655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5655] setpgid(0, 0) = 0 [pid 5655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5655] write(3, "1000", 4) = 4 [pid 5655] close(3) = 0 [pid 5655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5655] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5655] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5655] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5655] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0} => {parent_tid=[5656]}, 88) = 5656 ./strace-static-x86_64: Process 5656 attached [pid 5656] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5655] rt_sigprocmask(SIG_SETMASK, [], [pid 5656] <... rseq resumed>) = 0 [pid 5655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5656] set_robust_list(0x7f65a9e199a0, 24 [pid 5655] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] <... set_robust_list resumed>) = 0 [pid 5655] <... futex resumed>) = 0 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], [pid 5655] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5656] memfd_create("syzkaller", 0) = 3 [pid 5656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5656] munmap(0x7f65a1800000, 138412032) = 0 [pid 5656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5656] close(3) = 0 [pid 5656] mkdir("./file0", 0777) = 0 [ 108.499733][ T5656] loop0: detected capacity change from 0 to 32768 [ 108.510274][ T5656] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5656) [ 108.527683][ T5656] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 108.537972][ T5656] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 108.547260][ T5656] BTRFS info (device loop0): disk space caching is enabled [pid 5656] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5656] chdir("./file0") = 0 [pid 5656] ioctl(4, LOOP_CLR_FD) = 0 [pid 5656] close(4) = 0 [pid 5656] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5655] <... futex resumed>) = 0 [ 108.572137][ T5656] BTRFS info (device loop0): rebuilding free space tree [ 108.584232][ T5656] BTRFS info (device loop0): disabling free space tree [ 108.591442][ T5656] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 108.601187][ T5656] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 108.614893][ T5656] BTRFS info (device loop0): checking UUID tree [pid 5656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5655] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] open("./file0", O_RDONLY) = 4 [pid 5655] <... futex resumed>) = 0 [pid 5655] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5655] <... futex resumed>) = 0 [pid 5655] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5655] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... ioctl resumed>) = 0 [pid 5656] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] <... futex resumed>) = 0 [pid 5655] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5655] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... futex resumed>) = 1 [pid 5656] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5655] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5655] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5655] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5655] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5674]}, 88) = 5674 [pid 5655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 108.710884][ T5656] BTRFS info (device loop0): balance: start -d -m [ 108.722530][ T5656] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5655] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5674 attached [pid 5674] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5674] set_robust_list(0x7f65a9df89a0, 24 [pid 5655] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5674] <... set_robust_list resumed>) = 0 [pid 5674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5674] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5674] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5655] <... futex resumed>) = 0 [pid 5674] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5655] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5655] <... futex resumed>) = 0 [pid 5674] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5655] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5655] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [ 108.766540][ T5656] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5655] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5675 attached => {parent_tid=[5675]}, 88) = 5675 [pid 5675] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5655] rt_sigprocmask(SIG_SETMASK, [], [pid 5675] <... rseq resumed>) = 0 [pid 5655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5675] set_robust_list(0x7f65a9dd79a0, 24 [pid 5655] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5675] <... set_robust_list resumed>) = 0 [pid 5655] <... futex resumed>) = 0 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], [pid 5655] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5675] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5675] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5655] <... futex resumed>) = 0 [pid 5675] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5674] <... ioctl resumed>) = 0 [pid 5674] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 108.926416][ T5656] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 108.952269][ T5656] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5674] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5656] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5655] exit_group(0 [pid 5675] <... futex resumed>) = ? [pid 5674] <... futex resumed>) = ? [pid 5656] <... futex resumed>) = ? [pid 5655] <... exit_group resumed>) = ? [pid 5675] +++ exited with 0 +++ [pid 5674] +++ exited with 0 +++ [pid 5656] +++ exited with 0 +++ [pid 5655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5655, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=42 /* 0.42 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 108.973264][ T5656] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 109.065239][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5676 attached , child_tidptr=0x5555561f7690) = 5676 [pid 5676] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5676] chdir("./29") = 0 [pid 5676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5676] setpgid(0, 0) = 0 [pid 5676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5676] write(3, "1000", 4) = 4 [pid 5676] close(3) = 0 [pid 5676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5676] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5676] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5676] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5677 attached [pid 5677] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5676] <... clone3 resumed> => {parent_tid=[5677]}, 88) = 5677 [pid 5677] <... rseq resumed>) = 0 [pid 5676] rt_sigprocmask(SIG_SETMASK, [], [pid 5677] set_robust_list(0x7f65a9e199a0, 24 [pid 5676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5677] <... set_robust_list resumed>) = 0 [pid 5676] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], [pid 5676] <... futex resumed>) = 0 [pid 5677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5676] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5677] memfd_create("syzkaller", 0) = 3 [pid 5677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5677] munmap(0x7f65a1800000, 138412032) = 0 [pid 5677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5677] close(3) = 0 [pid 5677] mkdir("./file0", 0777) = 0 [ 109.515474][ T5677] loop0: detected capacity change from 0 to 32768 [ 109.543041][ T5677] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5677) [ 109.559325][ T5677] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 109.569630][ T5677] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 109.579025][ T5677] BTRFS info (device loop0): disk space caching is enabled [ 109.603268][ T5677] BTRFS info (device loop0): rebuilding free space tree [pid 5677] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5677] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5677] chdir("./file0") = 0 [pid 5677] ioctl(4, LOOP_CLR_FD) = 0 [pid 5677] close(4) = 0 [pid 5677] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] open("./file0", O_RDONLY [pid 5676] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... open resumed>) = 4 [pid 5677] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5677] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5676] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] <... ioctl resumed>) = 0 [pid 5676] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 109.618245][ T5677] BTRFS info (device loop0): disabling free space tree [ 109.625371][ T5677] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 109.635109][ T5677] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 109.648698][ T5677] BTRFS info (device loop0): checking UUID tree [pid 5677] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] <... futex resumed>) = 0 [pid 5676] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5677] <... futex resumed>) = 0 [pid 5677] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5676] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5676] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5676] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5695]}, 88) = 5695 [pid 5676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5676] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5695 attached ) = 0 [pid 5695] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5676] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5695] <... rseq resumed>) = 0 [pid 5695] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5695] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5695] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5695] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] <... futex resumed>) = 0 [pid 5676] <... futex resumed>) = 1 [pid 5695] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 109.725236][ T5677] BTRFS info (device loop0): balance: start -d -m [ 109.733171][ T5677] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 109.758931][ T5677] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5676] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5676] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5676] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5676] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5696 attached [pid 5696] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5676] <... clone3 resumed> => {parent_tid=[5696]}, 88) = 5696 [pid 5676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5676] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5676] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... rseq resumed>) = 0 [pid 5696] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5696] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5696] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5676] <... futex resumed>) = 0 [pid 5696] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] <... ioctl resumed>) = 0 [pid 5695] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.920258][ T5677] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 109.954909][ T5677] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5695] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5677] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5676] exit_group(0 [pid 5677] <... futex resumed>) = ? [pid 5676] <... exit_group resumed>) = ? [pid 5696] <... futex resumed>) = ? [pid 5695] <... futex resumed>) = ? [pid 5677] +++ exited with 0 +++ [pid 5695] +++ exited with 0 +++ [pid 5696] +++ exited with 0 +++ [pid 5676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5676, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 109.976086][ T5677] BTRFS info (device loop0): balance: ended with status: 0 [ 110.010192][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5697 attached , child_tidptr=0x5555561f7690) = 5697 [pid 5697] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5697] chdir("./30") = 0 [pid 5697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5697] setpgid(0, 0) = 0 [pid 5697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5697] write(3, "1000", 4) = 4 [pid 5697] close(3) = 0 [pid 5697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5697] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5697] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5697] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5698 attached [pid 5698] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5697] <... clone3 resumed> => {parent_tid=[5698]}, 88) = 5698 [pid 5698] <... rseq resumed>) = 0 [pid 5697] rt_sigprocmask(SIG_SETMASK, [], [pid 5698] set_robust_list(0x7f65a9e199a0, 24 [pid 5697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5698] <... set_robust_list resumed>) = 0 [pid 5697] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] rt_sigprocmask(SIG_SETMASK, [], [pid 5697] <... futex resumed>) = 0 [pid 5698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5697] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5698] memfd_create("syzkaller", 0) = 3 [pid 5698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5698] munmap(0x7f65a1800000, 138412032) = 0 [pid 5698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5698] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5698] close(3) = 0 [pid 5698] mkdir("./file0", 0777) = 0 [ 110.422489][ T5698] loop0: detected capacity change from 0 to 32768 [ 110.438224][ T5698] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5698) [ 110.453880][ T5698] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 110.464097][ T5698] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 110.473417][ T5698] BTRFS info (device loop0): disk space caching is enabled [ 110.497268][ T5698] BTRFS info (device loop0): rebuilding free space tree [ 110.509945][ T5698] BTRFS info (device loop0): disabling free space tree [pid 5698] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5698] chdir("./file0") = 0 [pid 5698] ioctl(4, LOOP_CLR_FD) = 0 [pid 5698] close(4) = 0 [pid 5698] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] <... futex resumed>) = 0 [pid 5698] open("./file0", O_RDONLY [pid 5697] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] <... open resumed>) = 4 [pid 5697] <... futex resumed>) = 0 [pid 5697] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5698] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5697] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5698] <... futex resumed>) = 0 [pid 5697] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5697] <... futex resumed>) = 0 [pid 5698] <... ioctl resumed>) = 0 [pid 5697] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5698] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] <... futex resumed>) = 0 [ 110.517335][ T5698] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 110.527093][ T5698] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 110.540616][ T5698] BTRFS info (device loop0): checking UUID tree [pid 5698] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5697] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5697] <... futex resumed>) = 0 [pid 5698] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5697] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5697] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5697] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5716 attached [pid 5716] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5697] <... clone3 resumed> => {parent_tid=[5716]}, 88) = 5716 [pid 5697] rt_sigprocmask(SIG_SETMASK, [], [pid 5716] <... rseq resumed>) = 0 [pid 5697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5716] set_robust_list(0x7f65a9df89a0, 24 [pid 5697] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] <... set_robust_list resumed>) = 0 [pid 5697] <... futex resumed>) = 0 [pid 5716] rt_sigprocmask(SIG_SETMASK, [], [pid 5697] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5716] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5716] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] <... futex resumed>) = 0 [pid 5716] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5697] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5697] <... futex resumed>) = 0 [pid 5716] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 110.606627][ T5698] BTRFS info (device loop0): balance: start -d -m [ 110.615043][ T5698] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 110.642231][ T5698] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5697] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5697] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5697] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5717 attached [pid 5717] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5697] <... clone3 resumed> => {parent_tid=[5717]}, 88) = 5717 [pid 5717] <... rseq resumed>) = 0 [pid 5697] rt_sigprocmask(SIG_SETMASK, [], [pid 5717] set_robust_list(0x7f65a9dd79a0, 24 [pid 5697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5717] <... set_robust_list resumed>) = 0 [pid 5697] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] rt_sigprocmask(SIG_SETMASK, [], [pid 5697] <... futex resumed>) = 0 [pid 5717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5697] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5717] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5717] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5697] <... futex resumed>) = 0 [pid 5717] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] <... ioctl resumed>) = 0 [pid 5716] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 110.839445][ T5698] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 110.867884][ T5698] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5716] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5698] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5697] exit_group(0 [pid 5698] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5716] <... futex resumed>) = ? [pid 5717] <... futex resumed>) = ? [pid 5716] +++ exited with 0 +++ [pid 5697] <... exit_group resumed>) = ? [pid 5717] +++ exited with 0 +++ [pid 5698] <... futex resumed>) = ? [pid 5698] +++ exited with 0 +++ [pid 5697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5697, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 110.889927][ T5698] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 110.965542][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5718 attached , child_tidptr=0x5555561f7690) = 5718 [pid 5718] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5718] chdir("./31") = 0 [pid 5718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5718] setpgid(0, 0) = 0 [pid 5718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5718] write(3, "1000", 4) = 4 [pid 5718] close(3) = 0 [pid 5718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5718] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5718] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5718] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5719 attached [pid 5719] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5718] <... clone3 resumed> => {parent_tid=[5719]}, 88) = 5719 [pid 5719] <... rseq resumed>) = 0 [pid 5719] set_robust_list(0x7f65a9e199a0, 24 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], [pid 5719] <... set_robust_list resumed>) = 0 [pid 5718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5719] rt_sigprocmask(SIG_SETMASK, [], [pid 5718] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5719] memfd_create("syzkaller", 0 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5719] <... memfd_create resumed>) = 3 [pid 5719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5719] munmap(0x7f65a1800000, 138412032) = 0 [pid 5719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5719] close(3) = 0 [pid 5719] mkdir("./file0", 0777) = 0 [ 111.447621][ T5719] loop0: detected capacity change from 0 to 32768 [ 111.463062][ T5719] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5719) [ 111.479605][ T5719] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 111.489817][ T5719] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 111.499575][ T5719] BTRFS info (device loop0): disk space caching is enabled [ 111.522608][ T5719] BTRFS info (device loop0): rebuilding free space tree [ 111.535323][ T5719] BTRFS info (device loop0): disabling free space tree [pid 5719] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5719] chdir("./file0") = 0 [pid 5719] ioctl(4, LOOP_CLR_FD) = 0 [pid 5719] close(4) = 0 [pid 5719] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5719] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5719] <... futex resumed>) = 0 [pid 5719] open("./file0", O_RDONLY) = 4 [pid 5718] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5719] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5718] <... futex resumed>) = 0 [pid 5719] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 111.542297][ T5719] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 111.551967][ T5719] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 111.565240][ T5719] BTRFS info (device loop0): checking UUID tree [pid 5718] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5718] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5718] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5737 attached => {parent_tid=[5737]}, 88) = 5737 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5718] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5737] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5737] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5737] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5737] <... futex resumed>) = 1 [pid 5718] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5718] <... futex resumed>) = 0 [ 111.609814][ T5719] BTRFS info (device loop0): balance: start -d -m [ 111.619224][ T5719] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 111.646367][ T5719] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5718] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5718] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5718] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5738 attached => {parent_tid=[5738]}, 88) = 5738 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], [pid 5738] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5738] <... rseq resumed>) = 0 [pid 5718] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5738] set_robust_list(0x7f65a9dd79a0, 24 [pid 5718] <... futex resumed>) = 0 [pid 5738] <... set_robust_list resumed>) = 0 [pid 5718] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5738] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5738] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5738] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5737] <... ioctl resumed>) = 0 [pid 5737] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 111.852539][ T5719] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 111.878488][ T5719] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5737] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5719] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5719] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5719] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] exit_group(0 [pid 5738] <... futex resumed>) = ? [pid 5737] <... futex resumed>) = ? [pid 5719] <... futex resumed>) = ? [pid 5718] <... exit_group resumed>) = ? [pid 5738] +++ exited with 0 +++ [pid 5719] +++ exited with 0 +++ [pid 5737] +++ exited with 0 +++ [pid 5718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5718, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=43 /* 0.43 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 111.900426][ T5719] BTRFS info (device loop0): balance: ended with status: 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 111.932594][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5739 attached , child_tidptr=0x5555561f7690) = 5739 [pid 5739] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5739] chdir("./32") = 0 [pid 5739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5739] setpgid(0, 0) = 0 [pid 5739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5739] write(3, "1000", 4) = 4 [pid 5739] close(3) = 0 [pid 5739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5739] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5739] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5739] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5740 attached [pid 5740] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5739] <... clone3 resumed> => {parent_tid=[5740]}, 88) = 5740 [pid 5740] set_robust_list(0x7f65a9e199a0, 24 [pid 5739] rt_sigprocmask(SIG_SETMASK, [], [pid 5740] <... set_robust_list resumed>) = 0 [pid 5739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5740] rt_sigprocmask(SIG_SETMASK, [], [pid 5739] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5740] memfd_create("syzkaller", 0 [pid 5739] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5740] <... memfd_create resumed>) = 3 [pid 5740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5740] munmap(0x7f65a1800000, 138412032) = 0 [pid 5740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5740] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5740] close(3) = 0 [pid 5740] mkdir("./file0", 0777) = 0 [ 112.348003][ T5740] loop0: detected capacity change from 0 to 32768 [ 112.363197][ T5740] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5740) [ 112.379627][ T5740] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 112.389854][ T5740] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 112.399138][ T5740] BTRFS info (device loop0): disk space caching is enabled [ 112.422631][ T5740] BTRFS info (device loop0): rebuilding free space tree [ 112.434985][ T5740] BTRFS info (device loop0): disabling free space tree [pid 5740] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5740] chdir("./file0") = 0 [pid 5740] ioctl(4, LOOP_CLR_FD) = 0 [pid 5740] close(4) = 0 [pid 5740] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5740] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5739] <... futex resumed>) = 0 [pid 5739] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 1 [pid 5740] open("./file0", O_RDONLY) = 4 [ 112.442001][ T5740] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 112.451713][ T5740] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 112.465242][ T5740] BTRFS info (device loop0): checking UUID tree [pid 5739] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5740] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5739] <... futex resumed>) = 0 [pid 5740] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5739] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... ioctl resumed>) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5740] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5740] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5739] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5739] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5739] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5739] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5758]}, 88) = 5758 [pid 5739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5739] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5758 attached [pid 5758] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5758] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5758] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5758] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5739] <... futex resumed>) = 0 [pid 5758] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5739] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5739] <... futex resumed>) = 0 [pid 5758] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 112.535450][ T5740] BTRFS info (device loop0): balance: start -d -m [ 112.547065][ T5740] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 112.572473][ T5740] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5739] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5739] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5739] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5759]}, 88) = 5759 [pid 5739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5759 attached [pid 5739] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5759] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5739] <... futex resumed>) = 0 [pid 5759] <... rseq resumed>) = 0 [pid 5739] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5759] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5759] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5759] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5759] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5758] <... ioctl resumed>) = 0 [pid 5758] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.767177][ T5740] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 112.793259][ T5740] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5758] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5740] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5740] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5739] exit_group(0 [pid 5759] <... futex resumed>) = ? [pid 5759] +++ exited with 0 +++ [pid 5740] <... futex resumed>) = ? [pid 5758] <... futex resumed>) = ? [pid 5739] <... exit_group resumed>) = ? [pid 5758] +++ exited with 0 +++ [pid 5740] +++ exited with 0 +++ [pid 5739] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5739, si_uid=0, si_status=0, si_utime=0, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 112.814814][ T5740] BTRFS info (device loop0): balance: ended with status: 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 112.908058][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5760 attached , child_tidptr=0x5555561f7690) = 5760 [pid 5760] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5760] chdir("./33") = 0 [pid 5760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5760] setpgid(0, 0) = 0 [pid 5760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5760] write(3, "1000", 4) = 4 [pid 5760] close(3) = 0 [pid 5760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5760] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5760] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5761 attached [pid 5761] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5760] <... clone3 resumed> => {parent_tid=[5761]}, 88) = 5761 [pid 5761] set_robust_list(0x7f65a9e199a0, 24 [pid 5760] rt_sigprocmask(SIG_SETMASK, [], [pid 5761] <... set_robust_list resumed>) = 0 [pid 5760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5761] rt_sigprocmask(SIG_SETMASK, [], [pid 5760] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5760] <... futex resumed>) = 0 [pid 5761] memfd_create("syzkaller", 0 [pid 5760] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5761] <... memfd_create resumed>) = 3 [pid 5761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5761] munmap(0x7f65a1800000, 138412032) = 0 [pid 5761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5761] close(3) = 0 [pid 5761] mkdir("./file0", 0777) = 0 [ 113.413092][ T5761] loop0: detected capacity change from 0 to 32768 [ 113.430166][ T5761] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5761) [ 113.448931][ T5761] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 113.459311][ T5761] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 113.468519][ T5761] BTRFS info (device loop0): disk space caching is enabled [pid 5761] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5761] chdir("./file0") = 0 [pid 5761] ioctl(4, LOOP_CLR_FD) = 0 [pid 5761] close(4) = 0 [pid 5761] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5761] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5760] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5761] open("./file0", O_RDONLY [pid 5760] <... futex resumed>) = 0 [pid 5761] <... open resumed>) = 4 [pid 5760] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5761] <... futex resumed>) = 0 [pid 5760] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5761] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5760] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] <... ioctl resumed>) = 0 [ 113.504029][ T5761] BTRFS info (device loop0): rebuilding free space tree [ 113.515918][ T5761] BTRFS info (device loop0): disabling free space tree [ 113.523239][ T5761] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 113.533163][ T5761] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 113.546734][ T5761] BTRFS info (device loop0): checking UUID tree [pid 5761] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... futex resumed>) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5761] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5760] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5760] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5760] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 113.599078][ T5761] BTRFS info (device loop0): balance: start -d -m [ 113.610216][ T5761] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 113.635160][ T5761] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5779]}, 88) = 5779 ./strace-static-x86_64: Process 5779 attached [pid 5760] rt_sigprocmask(SIG_SETMASK, [], [pid 5779] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5779] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5760] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] rt_sigprocmask(SIG_SETMASK, [], [pid 5760] <... futex resumed>) = 0 [pid 5779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5779] openat(AT_FDCWD, ".", O_RDONLY [pid 5760] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... openat resumed>) = 5 [pid 5779] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5760] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5760] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5780]}, 88) = 5780 [pid 5760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5760] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5780 attached [ 113.699012][ T5761] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5780] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5780] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5780] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5780] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5780] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5779] <... ioctl resumed>) = 0 [pid 5779] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5761] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5761] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] exit_group(0 [pid 5761] <... futex resumed>) = ? [pid 5780] <... futex resumed>) = ? [pid 5760] <... exit_group resumed>) = ? [pid 5779] <... futex resumed>) = ? [pid 5780] +++ exited with 0 +++ [pid 5761] +++ exited with 0 +++ [pid 5779] +++ exited with 0 +++ [pid 5760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5760, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 113.852350][ T5761] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 113.872968][ T5761] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 113.957084][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5781 attached , child_tidptr=0x5555561f7690) = 5781 [pid 5781] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5781] chdir("./34") = 0 [pid 5781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5781] setpgid(0, 0) = 0 [pid 5781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5781] write(3, "1000", 4) = 4 [pid 5781] close(3) = 0 [pid 5781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5781] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5781] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5781] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5782 attached [pid 5782] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5781] <... clone3 resumed> => {parent_tid=[5782]}, 88) = 5782 [pid 5782] <... rseq resumed>) = 0 [pid 5782] set_robust_list(0x7f65a9e199a0, 24 [pid 5781] rt_sigprocmask(SIG_SETMASK, [], [pid 5782] <... set_robust_list resumed>) = 0 [pid 5781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5782] rt_sigprocmask(SIG_SETMASK, [], [pid 5781] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5781] <... futex resumed>) = 0 [pid 5782] memfd_create("syzkaller", 0 [pid 5781] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5782] <... memfd_create resumed>) = 3 [pid 5782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5782] munmap(0x7f65a1800000, 138412032) = 0 [pid 5782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5782] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5782] close(3) = 0 [pid 5782] mkdir("./file0", 0777) = 0 [ 114.450184][ T5782] loop0: detected capacity change from 0 to 32768 [ 114.474300][ T5782] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5782) [ 114.489811][ T5782] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 114.500014][ T5782] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 114.509292][ T5782] BTRFS info (device loop0): disk space caching is enabled [ 114.532115][ T5782] BTRFS info (device loop0): rebuilding free space tree [pid 5782] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5782] chdir("./file0") = 0 [pid 5782] ioctl(4, LOOP_CLR_FD) = 0 [pid 5782] close(4) = 0 [pid 5782] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] <... futex resumed>) = 0 [pid 5781] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] open("./file0", O_RDONLY [pid 5781] <... futex resumed>) = 0 [ 114.545095][ T5782] BTRFS info (device loop0): disabling free space tree [ 114.552217][ T5782] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 114.562031][ T5782] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 114.575242][ T5782] BTRFS info (device loop0): checking UUID tree [pid 5781] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5782] <... open resumed>) = 4 [pid 5782] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] <... futex resumed>) = 0 [pid 5782] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5781] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] <... futex resumed>) = 0 [pid 5782] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5781] <... futex resumed>) = 1 [pid 5782] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5781] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] <... futex resumed>) = 0 [pid 5781] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5782] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5781] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5781] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5781] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5800 attached => {parent_tid=[5800]}, 88) = 5800 [pid 5781] rt_sigprocmask(SIG_SETMASK, [], [pid 5800] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5800] <... rseq resumed>) = 0 [pid 5781] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5800] set_robust_list(0x7f65a9df89a0, 24 [pid 5781] <... futex resumed>) = 0 [pid 5800] <... set_robust_list resumed>) = 0 [pid 5781] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5800] openat(AT_FDCWD, ".", O_RDONLY) = 5 [ 114.666423][ T5782] BTRFS info (device loop0): balance: start -d -m [ 114.676872][ T5782] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 114.704197][ T5782] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5800] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] <... futex resumed>) = 0 [pid 5800] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5781] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5781] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5781] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5781] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5801]}, 88) = 5801 [pid 5781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5781] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5801 attached [pid 5801] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5801] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5801] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5801] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5801] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] <... futex resumed>) = 0 [ 114.810489][ T5782] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5801] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5800] <... ioctl resumed>) = 0 [pid 5800] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5800] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5782] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5782] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5782] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5781] exit_group(0 [pid 5801] <... futex resumed>) = ? [pid 5800] <... futex resumed>) = ? [pid 5782] <... futex resumed>) = ? [pid 5781] <... exit_group resumed>) = ? [pid 5801] +++ exited with 0 +++ [pid 5782] +++ exited with 0 +++ [pid 5800] +++ exited with 0 +++ [pid 5781] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5781, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=42 /* 0.42 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 114.909884][ T5782] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 114.936197][ T5782] BTRFS info (device loop0): balance: ended with status: 0 [ 114.981986][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5803 attached , child_tidptr=0x5555561f7690) = 5803 [pid 5803] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5803] chdir("./35") = 0 [pid 5803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5803] setpgid(0, 0) = 0 [pid 5803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5803] write(3, "1000", 4) = 4 [pid 5803] close(3) = 0 [pid 5803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5803] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5803] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5803] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5803] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5804 attached [pid 5804] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5803] <... clone3 resumed> => {parent_tid=[5804]}, 88) = 5804 [pid 5804] set_robust_list(0x7f65a9e199a0, 24 [pid 5803] rt_sigprocmask(SIG_SETMASK, [], [pid 5804] <... set_robust_list resumed>) = 0 [pid 5803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5803] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] memfd_create("syzkaller", 0 [pid 5803] <... futex resumed>) = 0 [pid 5803] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5804] <... memfd_create resumed>) = 3 [pid 5804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5804] munmap(0x7f65a1800000, 138412032) = 0 [pid 5804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5804] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5804] close(3) = 0 [pid 5804] mkdir("./file0", 0777) = 0 [ 115.469046][ T5804] loop0: detected capacity change from 0 to 32768 [ 115.494806][ T5804] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5804) [ 115.512233][ T5804] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 115.522442][ T5804] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 115.531770][ T5804] BTRFS info (device loop0): disk space caching is enabled [ 115.555505][ T5804] BTRFS info (device loop0): rebuilding free space tree [pid 5804] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5804] chdir("./file0") = 0 [pid 5804] ioctl(4, LOOP_CLR_FD) = 0 [pid 5804] close(4) = 0 [pid 5804] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5803] <... futex resumed>) = 0 [pid 5804] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5803] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] <... futex resumed>) = 0 [pid 5803] <... futex resumed>) = 1 [pid 5804] open("./file0", O_RDONLY [pid 5803] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5804] <... open resumed>) = 4 [ 115.567566][ T5804] BTRFS info (device loop0): disabling free space tree [ 115.574632][ T5804] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 115.584313][ T5804] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 115.601769][ T5804] BTRFS info (device loop0): checking UUID tree [pid 5804] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5803] <... futex resumed>) = 0 [pid 5803] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5803] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5804] <... ioctl resumed>) = 0 [pid 5804] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] <... futex resumed>) = 0 [pid 5803] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] <... futex resumed>) = 1 [pid 5803] <... futex resumed>) = 0 [pid 5804] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 115.670286][ T5804] BTRFS info (device loop0): balance: start -d -m [ 115.681807][ T5804] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5803] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5803] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5803] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5822 attached => {parent_tid=[5822]}, 88) = 5822 [pid 5803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5822] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5803] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... rseq resumed>) = 0 [pid 5803] <... futex resumed>) = 0 [pid 5822] set_robust_list(0x7f65a9df89a0, 24 [pid 5803] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... set_robust_list resumed>) = 0 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5822] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5822] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5803] <... futex resumed>) = 0 [pid 5822] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5803] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5803] <... futex resumed>) = 0 [pid 5822] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 115.715665][ T5804] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5803] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5803] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5803] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5823]}, 88) = 5823 [pid 5803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5803] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5823 attached ) = 0 [pid 5823] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5803] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... rseq resumed>) = 0 [pid 5823] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5823] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5823] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5803] <... futex resumed>) = 0 [pid 5823] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... ioctl resumed>) = 0 [pid 5822] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 115.896122][ T5804] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 115.922536][ T5804] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5822] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5804] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] exit_group(0 [pid 5823] <... futex resumed>) = ? [pid 5822] <... futex resumed>) = ? [pid 5804] <... futex resumed>) = ? [pid 5803] <... exit_group resumed>) = ? [pid 5823] +++ exited with 0 +++ [pid 5822] +++ exited with 0 +++ [pid 5804] +++ exited with 0 +++ [pid 5803] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5803, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 115.943218][ T5804] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 116.026251][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5825 attached , child_tidptr=0x5555561f7690) = 5825 [pid 5825] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5825] chdir("./36") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5825] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5825] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5826 attached [pid 5826] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5825] <... clone3 resumed> => {parent_tid=[5826]}, 88) = 5826 [pid 5826] <... rseq resumed>) = 0 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] set_robust_list(0x7f65a9e199a0, 24 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] <... set_robust_list resumed>) = 0 [pid 5826] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5825] <... futex resumed>) = 0 [pid 5826] memfd_create("syzkaller", 0 [pid 5825] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5826] <... memfd_create resumed>) = 3 [pid 5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5826] munmap(0x7f65a1800000, 138412032) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5826] close(3) = 0 [pid 5826] mkdir("./file0", 0777) = 0 [ 116.500816][ T5826] loop0: detected capacity change from 0 to 32768 [ 116.520725][ T5826] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5826) [ 116.540367][ T5826] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 116.550611][ T5826] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 116.559883][ T5826] BTRFS info (device loop0): disk space caching is enabled [ 116.583756][ T5826] BTRFS info (device loop0): rebuilding free space tree [pid 5826] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5826] chdir("./file0") = 0 [pid 5826] ioctl(4, LOOP_CLR_FD) = 0 [pid 5826] close(4) = 0 [pid 5826] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5826] <... futex resumed>) = 1 [pid 5825] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] open("./file0", O_RDONLY [pid 5825] <... futex resumed>) = 0 [pid 5826] <... open resumed>) = 4 [pid 5825] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5826] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... futex resumed>) = 0 [pid 5826] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5825] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... ioctl resumed>) = 0 [ 116.596865][ T5826] BTRFS info (device loop0): disabling free space tree [ 116.604261][ T5826] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 116.614432][ T5826] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 116.629261][ T5826] BTRFS info (device loop0): checking UUID tree [pid 5826] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5826] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... futex resumed>) = 0 [pid 5826] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 116.688166][ T5826] BTRFS info (device loop0): balance: start -d -m [ 116.699299][ T5826] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5825] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5825] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5825] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5844]}, 88) = 5844 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5825] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5844 attached [pid 5844] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5844] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5844] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5844] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... futex resumed>) = 1 [ 116.731824][ T5826] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5844] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5825] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5825] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5825] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5845 attached => {parent_tid=[5845]}, 88) = 5845 [pid 5845] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] <... rseq resumed>) = 0 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5845] set_robust_list(0x7f65a9dd79a0, 24 [pid 5825] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5845] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5845] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5845] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] <... ioctl resumed>) = 0 [pid 5844] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 116.918792][ T5826] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 116.944667][ T5826] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5844] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5826] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] exit_group(0 [pid 5845] <... futex resumed>) = ? [pid 5845] +++ exited with 0 +++ [pid 5825] <... exit_group resumed>) = ? [pid 5826] <... futex resumed>) = ? [pid 5826] +++ exited with 0 +++ [pid 5844] <... futex resumed>) = ? [pid 5844] +++ exited with 0 +++ [pid 5825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5825, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=39 /* 0.39 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 [ 116.967403][ T5826] BTRFS info (device loop0): balance: ended with status: 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 117.065634][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached , child_tidptr=0x5555561f7690) = 5849 [pid 5849] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5849] chdir("./37") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5849] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5850 attached [pid 5850] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5849] <... clone3 resumed> => {parent_tid=[5850]}, 88) = 5850 [pid 5850] set_robust_list(0x7f65a9e199a0, 24 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] <... set_robust_list resumed>) = 0 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] <... futex resumed>) = 0 [pid 5850] memfd_create("syzkaller", 0 [pid 5849] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5850] <... memfd_create resumed>) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5850] munmap(0x7f65a1800000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] mkdir("./file0", 0777) = 0 [ 117.555182][ T5850] loop0: detected capacity change from 0 to 32768 [ 117.581329][ T5850] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5850) [ 117.596800][ T5850] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 117.607078][ T5850] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 117.616391][ T5850] BTRFS info (device loop0): disk space caching is enabled [ 117.639417][ T5850] BTRFS info (device loop0): rebuilding free space tree [pid 5850] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./file0") = 0 [pid 5850] ioctl(4, LOOP_CLR_FD) = 0 [pid 5850] close(4) = 0 [pid 5850] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5850] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5849] <... futex resumed>) = 0 [pid 5850] open("./file0", O_RDONLY [pid 5849] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... open resumed>) = 4 [ 117.652229][ T5850] BTRFS info (device loop0): disabling free space tree [ 117.659259][ T5850] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 117.669119][ T5850] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 117.682479][ T5850] BTRFS info (device loop0): checking UUID tree [pid 5850] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5850] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5849] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... ioctl resumed>) = 0 [pid 5850] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5849] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5849] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5849] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 117.746547][ T5850] BTRFS info (device loop0): balance: start -d -m [ 117.758704][ T5850] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5868]}, 88) = 5868 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5868 attached NULL, 8) = 0 [pid 5868] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5849] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... rseq resumed>) = 0 [pid 5868] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5868] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5868] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 1 [pid 5868] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 117.796151][ T5850] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5849] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5849] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5849] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5849] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5849] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5869]}, 88) = 5869 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5849] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5869 attached [pid 5869] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5869] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5869] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5869] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... ioctl resumed>) = 0 [pid 5868] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 117.990778][ T5850] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 118.026188][ T5850] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5868] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5850] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5850] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5850] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] exit_group(0 [pid 5869] <... futex resumed>) = ? [pid 5868] <... futex resumed>) = ? [pid 5850] <... futex resumed>) = ? [pid 5849] <... exit_group resumed>) = ? [pid 5869] +++ exited with 0 +++ [pid 5868] +++ exited with 0 +++ [pid 5850] +++ exited with 0 +++ [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- [ 118.046438][ T5850] BTRFS info (device loop0): balance: ended with status: 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 118.192891][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached , child_tidptr=0x5555561f7690) = 5871 [pid 5871] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5871] chdir("./38") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5871] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5872 attached [pid 5872] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5871] <... clone3 resumed> => {parent_tid=[5872]}, 88) = 5872 [pid 5872] set_robust_list(0x7f65a9e199a0, 24 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... set_robust_list resumed>) = 0 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5871] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] memfd_create("syzkaller", 0 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] <... memfd_create resumed>) = 3 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5872] munmap(0x7f65a1800000, 138412032) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [pid 5872] mkdir("./file0", 0777) = 0 [ 118.642573][ T5872] loop0: detected capacity change from 0 to 32768 [ 118.667357][ T5872] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5872) [ 118.682651][ T5872] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 118.692879][ T5872] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 118.702153][ T5872] BTRFS info (device loop0): disk space caching is enabled [ 118.725194][ T5872] BTRFS info (device loop0): rebuilding free space tree [pid 5872] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] chdir("./file0") = 0 [pid 5872] ioctl(4, LOOP_CLR_FD) = 0 [pid 5872] close(4) = 0 [pid 5872] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] open("./file0", O_RDONLY [pid 5871] <... futex resumed>) = 0 [pid 5872] <... open resumed>) = 4 [ 118.737565][ T5872] BTRFS info (device loop0): disabling free space tree [ 118.745555][ T5872] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 118.755515][ T5872] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 118.769013][ T5872] BTRFS info (device loop0): checking UUID tree [pid 5871] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5872] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5871] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... ioctl resumed>) = 0 [pid 5872] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5872] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5872] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5871] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5871] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5871] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5890]}, 88) = 5890 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5890 attached [pid 5890] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5871] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... rseq resumed>) = 0 [pid 5890] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... futex resumed>) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] openat(AT_FDCWD, ".", O_RDONLY [pid 5871] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] <... openat resumed>) = 5 [pid 5890] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = 0 [pid 5871] <... futex resumed>) = 1 [pid 5890] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 118.846917][ T5872] BTRFS info (device loop0): balance: start -d -m [ 118.858415][ T5872] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 118.886995][ T5872] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5871] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5871] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5871] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5891 attached [pid 5891] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5891] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5871] <... clone3 resumed> => {parent_tid=[5891]}, 88) = 5891 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5891] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5871] <... futex resumed>) = 0 [pid 5891] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5891] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... ioctl resumed>) = 0 [pid 5890] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 119.066680][ T5872] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 119.093890][ T5872] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5890] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5872] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] exit_group(0 [pid 5872] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] <... futex resumed>) = ? [pid 5890] <... futex resumed>) = ? [pid 5872] <... futex resumed>) = ? [pid 5871] <... exit_group resumed>) = ? [pid 5891] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ [pid 5872] +++ exited with 0 +++ [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 119.121174][ T5872] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 119.216672][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5892 attached , child_tidptr=0x5555561f7690) = 5892 [pid 5892] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5892] chdir("./39") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5892] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5892] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5893 attached => {parent_tid=[5893]}, 88) = 5893 [pid 5893] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] <... rseq resumed>) = 0 [pid 5892] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] set_robust_list(0x7f65a9e199a0, 24 [pid 5892] <... futex resumed>) = 0 [pid 5893] <... set_robust_list resumed>) = 0 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5892] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] memfd_create("syzkaller", 0) = 3 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5893] munmap(0x7f65a1800000, 138412032) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5893] close(3) = 0 [pid 5893] mkdir("./file0", 0777) = 0 [ 119.753640][ T5893] loop0: detected capacity change from 0 to 32768 [ 119.767117][ T5893] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5893) [ 119.785805][ T5893] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 119.796309][ T5893] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 119.805694][ T5893] BTRFS info (device loop0): disk space caching is enabled [ 119.830283][ T5893] BTRFS info (device loop0): rebuilding free space tree [ 119.842738][ T5893] BTRFS info (device loop0): disabling free space tree [pid 5893] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5893] chdir("./file0") = 0 [pid 5893] ioctl(4, LOOP_CLR_FD) = 0 [pid 5893] close(4) = 0 [pid 5893] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5892] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] open("./file0", O_RDONLY) = 4 [pid 5893] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [ 119.849717][ T5893] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 119.859623][ T5893] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 119.872962][ T5893] BTRFS info (device loop0): checking UUID tree [pid 5893] <... futex resumed>) = 1 [pid 5892] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5892] <... futex resumed>) = 0 [pid 5893] <... ioctl resumed>) = 0 [pid 5892] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5892] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5892] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5892] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[5911]}, 88) = 5911 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5892] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5911 attached [pid 5892] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5911] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5911] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5911] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5911] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5892] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 119.939657][ T5893] BTRFS info (device loop0): balance: start -d -m [ 119.951513][ T5893] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 119.978067][ T5893] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5892] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5892] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5892] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5892] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5912 attached [pid 5912] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5892] <... clone3 resumed> => {parent_tid=[5912]}, 88) = 5912 [pid 5912] <... rseq resumed>) = 0 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], [pid 5912] set_robust_list(0x7f65a9dd79a0, 24 [pid 5892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5912] <... set_robust_list resumed>) = 0 [pid 5892] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], [pid 5892] <... futex resumed>) = 0 [pid 5912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5912] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5912] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] <... ioctl resumed>) = 0 [pid 5911] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 120.160504][ T5893] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 120.186058][ T5893] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5911] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5893] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] exit_group(0 [pid 5912] <... futex resumed>) = ? [pid 5912] +++ exited with 0 +++ [pid 5911] <... futex resumed>) = ? [pid 5911] +++ exited with 0 +++ [pid 5892] <... exit_group resumed>) = ? [pid 5893] <... futex resumed>) = ? [pid 5893] +++ exited with 0 +++ [pid 5892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [ 120.207073][ T5893] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 120.313992][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5913 attached , child_tidptr=0x5555561f7690) = 5913 [pid 5913] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5913] chdir("./40") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5913] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5913] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5914 attached [pid 5914] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5913] <... clone3 resumed> => {parent_tid=[5914]}, 88) = 5914 [pid 5914] <... rseq resumed>) = 0 [pid 5914] set_robust_list(0x7f65a9e199a0, 24 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] <... set_robust_list resumed>) = 0 [pid 5913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], [pid 5913] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5913] <... futex resumed>) = 0 [pid 5914] memfd_create("syzkaller", 0 [pid 5913] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5914] <... memfd_create resumed>) = 3 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5914] munmap(0x7f65a1800000, 138412032) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5914] close(3) = 0 [pid 5914] mkdir("./file0", 0777) = 0 [ 120.787857][ T5914] loop0: detected capacity change from 0 to 32768 [ 120.812693][ T5914] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5914) [ 120.829496][ T5914] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 120.839694][ T5914] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 120.848958][ T5914] BTRFS info (device loop0): disk space caching is enabled [ 120.872251][ T5914] BTRFS info (device loop0): rebuilding free space tree [pid 5914] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5914] chdir("./file0") = 0 [pid 5914] ioctl(4, LOOP_CLR_FD) = 0 [pid 5914] close(4) = 0 [pid 5914] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 0 [pid 5913] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5914] open("./file0", O_RDONLY [pid 5913] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] <... open resumed>) = 4 [pid 5914] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5913] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5913] <... futex resumed>) = 0 [pid 5914] <... ioctl resumed>) = 0 [pid 5913] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5913] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 120.884572][ T5914] BTRFS info (device loop0): disabling free space tree [ 120.892147][ T5914] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 120.901940][ T5914] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 120.915419][ T5914] BTRFS info (device loop0): checking UUID tree [ 120.963858][ T5914] BTRFS info (device loop0): balance: start -d -m [ 120.973387][ T5914] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 5914] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5913] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5913] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5913] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5932 attached => {parent_tid=[5932]}, 88) = 5932 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 5932] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5932] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5932] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5932] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5913] <... futex resumed>) = 0 [pid 5932] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 121.005682][ T5914] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5913] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5913] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5913] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5933 attached [pid 5933] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5933] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] <... clone3 resumed> => {parent_tid=[5933]}, 88) = 5933 [pid 5933] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = 0 [pid 5913] <... futex resumed>) = 1 [pid 5933] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5913] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5933] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] <... ioctl resumed>) = 0 [pid 5932] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 121.205847][ T5914] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 121.230687][ T5914] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5932] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5914] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] exit_group(0 [pid 5933] <... futex resumed>) = ? [pid 5932] <... futex resumed>) = ? [pid 5913] <... exit_group resumed>) = ? [pid 5933] +++ exited with 0 +++ [pid 5914] <... futex resumed>) = ? [pid 5932] +++ exited with 0 +++ [pid 5914] +++ exited with 0 +++ [pid 5913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 121.251352][ T5914] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 121.318125][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5934 attached , child_tidptr=0x5555561f7690) = 5934 [pid 5934] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5934] chdir("./41") = 0 [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5934] setpgid(0, 0) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5934] write(3, "1000", 4) = 4 [pid 5934] close(3) = 0 [pid 5934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5934] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5934] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5934] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5934] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5935 attached [pid 5935] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5934] <... clone3 resumed> => {parent_tid=[5935]}, 88) = 5935 [pid 5935] set_robust_list(0x7f65a9e199a0, 24 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] <... set_robust_list resumed>) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5934] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] memfd_create("syzkaller", 0 [pid 5934] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5935] <... memfd_create resumed>) = 3 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5935] munmap(0x7f65a1800000, 138412032) = 0 [pid 5935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5935] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5935] close(3) = 0 [pid 5935] mkdir("./file0", 0777) = 0 [ 121.850218][ T5935] loop0: detected capacity change from 0 to 32768 [ 121.874860][ T5935] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5935) [ 121.891006][ T5935] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 121.901241][ T5935] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 121.910492][ T5935] BTRFS info (device loop0): disk space caching is enabled [ 121.933527][ T5935] BTRFS info (device loop0): rebuilding free space tree [pid 5935] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5935] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5935] chdir("./file0") = 0 [pid 5935] ioctl(4, LOOP_CLR_FD) = 0 [pid 5935] close(4) = 0 [pid 5935] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] <... futex resumed>) = 0 [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] open("./file0", O_RDONLY [pid 5934] <... futex resumed>) = 0 [pid 5935] <... open resumed>) = 4 [ 121.945666][ T5935] BTRFS info (device loop0): disabling free space tree [ 121.953040][ T5935] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 121.962805][ T5935] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 121.976954][ T5935] BTRFS info (device loop0): checking UUID tree [pid 5934] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5934] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5934] <... futex resumed>) = 0 [pid 5934] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... ioctl resumed>) = 0 [pid 5935] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5934] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5934] <... futex resumed>) = 0 [pid 5934] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5934] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5934] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5953 attached => {parent_tid=[5953]}, 88) = 5953 [pid 5953] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] <... rseq resumed>) = 0 [pid 5934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5953] set_robust_list(0x7f65a9df89a0, 24 [pid 5934] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5934] <... futex resumed>) = 0 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5934] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5953] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5953] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5953] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5953] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 122.054360][ T5935] BTRFS info (device loop0): balance: start -d -m [ 122.065061][ T5935] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 122.091869][ T5935] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5934] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5934] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5934] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5934] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[5954]}, 88) = 5954 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5934] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5934] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5954 attached [pid 5954] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5954] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5954] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5954] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] <... futex resumed>) = 0 [pid 5953] <... ioctl resumed>) = 0 [pid 5953] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 122.282918][ T5935] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 122.308960][ T5935] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 5953] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5935] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] exit_group(0 [pid 5954] <... futex resumed>) = ? [pid 5953] <... futex resumed>) = ? [pid 5935] <... futex resumed>) = ? [pid 5934] <... exit_group resumed>) = ? [pid 5954] +++ exited with 0 +++ [pid 5953] +++ exited with 0 +++ [pid 5935] +++ exited with 0 +++ [pid 5934] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 122.329977][ T5935] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 122.416308][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5955 attached , child_tidptr=0x5555561f7690) = 5955 [pid 5955] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5955] chdir("./42") = 0 [pid 5955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5955] setpgid(0, 0) = 0 [pid 5955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5955] write(3, "1000", 4) = 4 [pid 5955] close(3) = 0 [pid 5955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5955] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5955] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5955] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5956 attached [pid 5956] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5955] <... clone3 resumed> => {parent_tid=[5956]}, 88) = 5956 [pid 5956] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] rt_sigprocmask(SIG_SETMASK, [], [pid 5955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5955] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] memfd_create("syzkaller", 0 [pid 5955] <... futex resumed>) = 0 [pid 5955] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5956] <... memfd_create resumed>) = 3 [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5956] munmap(0x7f65a1800000, 138412032) = 0 [pid 5956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5956] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5956] close(3) = 0 [pid 5956] mkdir("./file0", 0777) = 0 [ 122.900434][ T5956] loop0: detected capacity change from 0 to 32768 [ 122.915883][ T5956] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5956) [ 122.931211][ T5956] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 122.941447][ T5956] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 122.950722][ T5956] BTRFS info (device loop0): disk space caching is enabled [ 122.976929][ T5956] BTRFS info (device loop0): rebuilding free space tree [ 122.991324][ T5956] BTRFS info (device loop0): disabling free space tree [pid 5956] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5956] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5956] chdir("./file0") = 0 [pid 5956] ioctl(4, LOOP_CLR_FD) = 0 [pid 5956] close(4) = 0 [pid 5956] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] <... futex resumed>) = 0 [pid 5955] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = 0 [pid 5955] <... futex resumed>) = 1 [pid 5956] open("./file0", O_RDONLY [pid 5955] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5956] <... open resumed>) = 4 [pid 5956] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] <... futex resumed>) = 0 [pid 5956] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5955] <... futex resumed>) = 0 [pid 5956] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 5955] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5956] <... ioctl resumed>) = 0 [pid 5956] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] <... futex resumed>) = 0 [pid 5956] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5955] <... futex resumed>) = 0 [pid 5956] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 122.998327][ T5956] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 123.008119][ T5956] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 123.021817][ T5956] BTRFS info (device loop0): checking UUID tree [pid 5955] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5955] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5955] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5974 attached => {parent_tid=[5974]}, 88) = 5974 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5955] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [ 123.073759][ T5956] BTRFS info (device loop0): balance: start -d -m [ 123.083431][ T5956] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 123.110485][ T5956] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5955] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5974] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5974] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5974] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] <... futex resumed>) = 0 [pid 5974] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5955] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5955] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5955] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5975 attached [pid 5975] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5955] <... clone3 resumed> => {parent_tid=[5975]}, 88) = 5975 [pid 5975] <... rseq resumed>) = 0 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], [pid 5975] set_robust_list(0x7f65a9dd79a0, 24 [pid 5955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5975] <... set_robust_list resumed>) = 0 [pid 5955] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] rt_sigprocmask(SIG_SETMASK, [], [pid 5955] <... futex resumed>) = 0 [pid 5975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5955] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5975] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] <... futex resumed>) = 0 [ 123.242436][ T5956] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5975] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] <... ioctl resumed>) = 0 [pid 5974] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5956] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] exit_group(0 [pid 5975] <... futex resumed>) = ? [pid 5974] <... futex resumed>) = ? [pid 5975] +++ exited with 0 +++ [pid 5974] +++ exited with 0 +++ [pid 5956] <... futex resumed>) = ? [pid 5956] +++ exited with 0 +++ [pid 5955] <... exit_group resumed>) = ? [pid 5955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5955, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=39 /* 0.39 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 123.333267][ T5956] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 123.353353][ T5956] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 123.449103][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5976 attached , child_tidptr=0x5555561f7690) = 5976 [pid 5976] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5976] chdir("./43") = 0 [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5976] setpgid(0, 0) = 0 [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5976] write(3, "1000", 4) = 4 [pid 5976] close(3) = 0 [pid 5976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5976] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5976] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5976] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5977 attached => {parent_tid=[5977]}, 88) = 5977 [pid 5977] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], [pid 5977] <... rseq resumed>) = 0 [pid 5976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5977] set_robust_list(0x7f65a9e199a0, 24 [pid 5976] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... set_robust_list resumed>) = 0 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], [pid 5976] <... futex resumed>) = 0 [pid 5977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5976] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5977] memfd_create("syzkaller", 0) = 3 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5977] munmap(0x7f65a1800000, 138412032) = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5977] close(3) = 0 [pid 5977] mkdir("./file0", 0777) = 0 [ 123.945198][ T5977] loop0: detected capacity change from 0 to 32768 [ 123.970487][ T5977] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5977) [ 123.986758][ T5977] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 123.996975][ T5977] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 124.006218][ T5977] BTRFS info (device loop0): disk space caching is enabled [ 124.029797][ T5977] BTRFS info (device loop0): rebuilding free space tree [pid 5977] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5977] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5977] chdir("./file0") = 0 [pid 5977] ioctl(4, LOOP_CLR_FD) = 0 [pid 5977] close(4) = 0 [pid 5977] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] open("./file0", O_RDONLY [pid 5976] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] <... open resumed>) = 4 [pid 5976] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 124.043171][ T5977] BTRFS info (device loop0): disabling free space tree [ 124.050259][ T5977] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 124.059970][ T5977] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 124.073957][ T5977] BTRFS info (device loop0): checking UUID tree [pid 5977] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5976] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5977] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5977] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5976] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5976] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5976] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 5995 attached => {parent_tid=[5995]}, 88) = 5995 [pid 5995] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], [pid 5995] <... rseq resumed>) = 0 [pid 5976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5995] set_robust_list(0x7f65a9df89a0, 24 [pid 5976] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... set_robust_list resumed>) = 0 [pid 5976] <... futex resumed>) = 0 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5976] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5995] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [ 124.171797][ T5977] BTRFS info (device loop0): balance: start -d -m [ 124.182774][ T5977] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 124.211351][ T5977] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5995] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5976] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5976] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5976] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 5996 attached => {parent_tid=[5996]}, 88) = 5996 [pid 5996] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 5996] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 5996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5996] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5976] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5996] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5976] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5996] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [ 124.319743][ T5977] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 5996] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] <... ioctl resumed>) = 0 [pid 5995] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5977] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] exit_group(0 [pid 5996] <... futex resumed>) = ? [pid 5996] +++ exited with 0 +++ [pid 5995] <... futex resumed>) = ? [pid 5977] <... futex resumed>) = ? [pid 5995] +++ exited with 0 +++ [pid 5976] <... exit_group resumed>) = ? [pid 5977] +++ exited with 0 +++ [pid 5976] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=39 /* 0.39 s */} --- [ 124.400225][ T5977] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 124.427619][ T5977] BTRFS info (device loop0): balance: ended with status: 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 124.535375][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5997 attached , child_tidptr=0x5555561f7690) = 5997 [pid 5997] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5997] chdir("./44") = 0 [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5997] setpgid(0, 0) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5997] write(3, "1000", 4) = 4 [pid 5997] close(3) = 0 [pid 5997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5997] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 5997] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 5997] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 5998 attached [pid 5998] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 5997] <... clone3 resumed> => {parent_tid=[5998]}, 88) = 5998 [pid 5998] set_robust_list(0x7f65a9e199a0, 24 [pid 5997] rt_sigprocmask(SIG_SETMASK, [], [pid 5998] <... set_robust_list resumed>) = 0 [pid 5997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], [pid 5997] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5997] <... futex resumed>) = 0 [pid 5998] memfd_create("syzkaller", 0 [pid 5997] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5998] <... memfd_create resumed>) = 3 [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 5998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5998] munmap(0x7f65a1800000, 138412032) = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5998] close(3) = 0 [pid 5998] mkdir("./file0", 0777) = 0 [ 125.079806][ T5998] loop0: detected capacity change from 0 to 32768 [ 125.095136][ T5998] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (5998) [ 125.111288][ T5998] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 125.121671][ T5998] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 125.130926][ T5998] BTRFS info (device loop0): disk space caching is enabled [ 125.155914][ T5998] BTRFS info (device loop0): rebuilding free space tree [ 125.168152][ T5998] BTRFS info (device loop0): disabling free space tree [pid 5998] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 5998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5998] chdir("./file0") = 0 [pid 5998] ioctl(4, LOOP_CLR_FD) = 0 [pid 5998] close(4) = 0 [pid 5998] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] open("./file0", O_RDONLY) = 4 [ 125.175314][ T5998] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 125.184996][ T5998] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 125.198444][ T5998] BTRFS info (device loop0): checking UUID tree [pid 5997] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] <... futex resumed>) = 0 [pid 5997] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 5997] <... futex resumed>) = 0 [pid 5998] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5998] <... futex resumed>) = 0 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5998] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 5997] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5997] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 5997] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6016 attached => {parent_tid=[6016]}, 88) = 6016 [pid 6016] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 5997] rt_sigprocmask(SIG_SETMASK, [], [pid 6016] <... rseq resumed>) = 0 [pid 5997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6016] set_robust_list(0x7f65a9df89a0, 24 [pid 5997] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... set_robust_list resumed>) = 0 [pid 5997] <... futex resumed>) = 0 [pid 6016] rt_sigprocmask(SIG_SETMASK, [], [pid 5997] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6016] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6016] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5997] <... futex resumed>) = 0 [pid 6016] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 5997] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 125.274321][ T5998] BTRFS info (device loop0): balance: start -d -m [ 125.284521][ T5998] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 125.309884][ T5998] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 5997] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5997] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 5997] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6017 attached => {parent_tid=[6017]}, 88) = 6017 [pid 6017] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 5997] rt_sigprocmask(SIG_SETMASK, [], [pid 6017] <... rseq resumed>) = 0 [pid 5997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6017] set_robust_list(0x7f65a9dd79a0, 24 [pid 5997] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... set_robust_list resumed>) = 0 [pid 5997] <... futex resumed>) = 0 [pid 6017] rt_sigprocmask(SIG_SETMASK, [], [pid 5997] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6017] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6017] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 6017] <... futex resumed>) = 1 [pid 6017] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6016] <... ioctl resumed>) = 0 [pid 6016] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 125.497406][ T5998] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 125.523540][ T5998] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6016] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5998] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 5998] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] exit_group(0 [pid 6017] <... futex resumed>) = ? [pid 5998] <... futex resumed>) = ? [pid 6017] +++ exited with 0 +++ [pid 6016] <... futex resumed>) = ? [pid 5998] +++ exited with 0 +++ [pid 5997] <... exit_group resumed>) = ? [pid 6016] +++ exited with 0 +++ [pid 5997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 125.543853][ T5998] BTRFS info (device loop0): balance: ended with status: 0 [ 125.583104][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6018 attached , child_tidptr=0x5555561f7690) = 6018 [pid 6018] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6018] chdir("./45") = 0 [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0) = 0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6018] write(3, "1000", 4) = 4 [pid 6018] close(3) = 0 [pid 6018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6018] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6018] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6019 attached [pid 6019] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6018] <... clone3 resumed> => {parent_tid=[6019]}, 88) = 6019 [pid 6019] set_robust_list(0x7f65a9e199a0, 24 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6019] <... set_robust_list resumed>) = 0 [pid 6018] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6019] memfd_create("syzkaller", 0) = 3 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6019] munmap(0x7f65a1800000, 138412032) = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6019] close(3) = 0 [pid 6019] mkdir("./file0", 0777) = 0 [ 126.026644][ T6019] loop0: detected capacity change from 0 to 32768 [ 126.041739][ T6019] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6019) [ 126.057498][ T6019] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 126.067854][ T6019] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 126.077222][ T6019] BTRFS info (device loop0): disk space caching is enabled [ 126.100948][ T6019] BTRFS info (device loop0): rebuilding free space tree [ 126.113926][ T6019] BTRFS info (device loop0): disabling free space tree [pid 6019] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6019] chdir("./file0") = 0 [pid 6019] ioctl(4, LOOP_CLR_FD) = 0 [pid 6019] close(4) = 0 [pid 6019] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = 1 [pid 6018] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 126.121033][ T6019] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 126.130818][ T6019] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 126.144300][ T6019] BTRFS info (device loop0): checking UUID tree [pid 6019] open("./file0", O_RDONLY) = 4 [pid 6019] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6019] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6018] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] <... ioctl resumed>) = 0 [pid 6018] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6019] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6018] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6018] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6037 attached [ 126.220312][ T6019] BTRFS info (device loop0): balance: start -d -m [ 126.228528][ T6019] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 126.259153][ T6019] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata => {parent_tid=[6037]}, 88) = 6037 [pid 6037] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], [pid 6037] <... rseq resumed>) = 0 [pid 6037] set_robust_list(0x7f65a9df89a0, 24 [pid 6018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6037] <... set_robust_list resumed>) = 0 [pid 6037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6037] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = 1 [pid 6037] openat(AT_FDCWD, ".", O_RDONLY [pid 6018] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... openat resumed>) = 5 [pid 6037] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6037] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 6037] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6018] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6018] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6018] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6038 attached => {parent_tid=[6038]}, 88) = 6038 [pid 6038] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], [pid 6038] set_robust_list(0x7f65a9dd79a0, 24 [pid 6018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6038] <... set_robust_list resumed>) = 0 [pid 6018] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] <... futex resumed>) = 0 [pid 6038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6038] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [ 126.365296][ T6019] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6038] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] <... ioctl resumed>) = 0 [pid 6037] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6019] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] exit_group(0 [pid 6038] <... futex resumed>) = ? [pid 6037] <... futex resumed>) = ? [pid 6038] +++ exited with 0 +++ [pid 6037] +++ exited with 0 +++ [pid 6019] <... futex resumed>) = ? [pid 6018] <... exit_group resumed>) = ? [pid 6019] +++ exited with 0 +++ [pid 6018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=42 /* 0.42 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 126.477772][ T6019] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 126.498556][ T6019] BTRFS info (device loop0): balance: ended with status: 0 [ 126.531975][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6039 attached , child_tidptr=0x5555561f7690) = 6039 [pid 6039] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6039] chdir("./46") = 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6039] setpgid(0, 0) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6039] write(3, "1000", 4) = 4 [pid 6039] close(3) = 0 [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6039] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6039] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6040 attached [pid 6040] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6039] <... clone3 resumed> => {parent_tid=[6040]}, 88) = 6040 [pid 6040] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6039] rt_sigprocmask(SIG_SETMASK, [], [pid 6040] rt_sigprocmask(SIG_SETMASK, [], [pid 6039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6039] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] memfd_create("syzkaller", 0 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] <... memfd_create resumed>) = 3 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6040] munmap(0x7f65a1800000, 138412032) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6040] close(3) = 0 [pid 6040] mkdir("./file0", 0777) = 0 [ 127.032750][ T6040] loop0: detected capacity change from 0 to 32768 [ 127.057675][ T6040] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6040) [ 127.073876][ T6040] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 127.084332][ T6040] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 127.093651][ T6040] BTRFS info (device loop0): disk space caching is enabled [ 127.116795][ T6040] BTRFS info (device loop0): rebuilding free space tree [pid 6040] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6040] chdir("./file0") = 0 [pid 6040] ioctl(4, LOOP_CLR_FD) = 0 [pid 6040] close(4) = 0 [pid 6040] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6040] <... futex resumed>) = 1 [pid 6039] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] open("./file0", O_RDONLY [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... open resumed>) = 4 [pid 6040] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6040] <... futex resumed>) = 1 [pid 6039] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6040] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... futex resumed>) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6040] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 127.129424][ T6040] BTRFS info (device loop0): disabling free space tree [ 127.136433][ T6040] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 127.146227][ T6040] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 127.159849][ T6040] BTRFS info (device loop0): checking UUID tree [pid 6039] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6039] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6039] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[6058]}, 88) = 6058 [pid 6039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6039] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6058 attached [pid 6058] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6058] set_robust_list(0x7f65a9df89a0, 24) = 0 [ 127.212341][ T6040] BTRFS info (device loop0): balance: start -d -m [ 127.221835][ T6040] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 127.246456][ T6040] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6058] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6058] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6058] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] <... futex resumed>) = 0 [pid 6039] <... futex resumed>) = 1 [pid 6058] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6039] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6039] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6039] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[6059]}, 88) = 6059 [pid 6039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6039] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6059 attached ) = 0 [pid 6059] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6039] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6059] <... rseq resumed>) = 0 [pid 6059] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6059] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6059] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6059] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] <... futex resumed>) = 0 [ 127.370997][ T6040] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6058] <... ioctl resumed>) = 0 [pid 6058] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6058] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6040] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] exit_group(0 [pid 6059] <... futex resumed>) = ? [pid 6058] <... futex resumed>) = ? [pid 6040] <... futex resumed>) = ? [pid 6039] <... exit_group resumed>) = ? [pid 6059] +++ exited with 0 +++ [pid 6058] +++ exited with 0 +++ [pid 6040] +++ exited with 0 +++ [pid 6039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=41 /* 0.41 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 127.480417][ T6040] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 127.501602][ T6040] BTRFS info (device loop0): balance: ended with status: 0 [ 127.528103][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6060 attached , child_tidptr=0x5555561f7690) = 6060 [pid 6060] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6060] chdir("./47") = 0 [pid 6060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6060] setpgid(0, 0) = 0 [pid 6060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6060] write(3, "1000", 4) = 4 [pid 6060] close(3) = 0 [pid 6060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6060] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6060] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6061 attached => {parent_tid=[6061]}, 88) = 6061 [pid 6060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6060] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6061] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6061] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6061] memfd_create("syzkaller", 0) = 3 [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6061] munmap(0x7f65a1800000, 138412032) = 0 [pid 6061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6061] close(3) = 0 [pid 6061] mkdir("./file0", 0777) = 0 [ 127.997263][ T6061] loop0: detected capacity change from 0 to 32768 [ 128.021253][ T6061] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6061) [ 128.037236][ T6061] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 128.048128][ T6061] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 128.057463][ T6061] BTRFS info (device loop0): disk space caching is enabled [ 128.080260][ T6061] BTRFS info (device loop0): rebuilding free space tree [pid 6061] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6061] chdir("./file0") = 0 [pid 6061] ioctl(4, LOOP_CLR_FD) = 0 [pid 6061] close(4) = 0 [pid 6061] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] <... futex resumed>) = 0 [pid 6061] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6060] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6060] <... futex resumed>) = 0 [pid 6060] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] open("./file0", O_RDONLY) = 4 [ 128.092923][ T6061] BTRFS info (device loop0): disabling free space tree [ 128.099998][ T6061] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 128.110370][ T6061] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 128.124396][ T6061] BTRFS info (device loop0): checking UUID tree [pid 6061] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] <... futex resumed>) = 0 [pid 6060] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6060] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... ioctl resumed>) = 0 [pid 6061] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] <... futex resumed>) = 0 [pid 6061] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6060] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 128.195827][ T6061] BTRFS info (device loop0): balance: start -d -m [ 128.204933][ T6061] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6060] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6060] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6060] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6079 attached => {parent_tid=[6079]}, 88) = 6079 [pid 6060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6060] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6079] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6079] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6079] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] <... futex resumed>) = 0 [pid 6060] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6060] <... futex resumed>) = 0 [ 128.237061][ T6061] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6060] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6060] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6060] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6080 attached [pid 6080] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6060] <... clone3 resumed> => {parent_tid=[6080]}, 88) = 6080 [pid 6060] rt_sigprocmask(SIG_SETMASK, [], [pid 6080] <... rseq resumed>) = 0 [pid 6060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6080] set_robust_list(0x7f65a9dd79a0, 24 [pid 6060] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... set_robust_list resumed>) = 0 [pid 6060] <... futex resumed>) = 0 [pid 6080] rt_sigprocmask(SIG_SETMASK, [], [pid 6060] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6080] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6080] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] <... futex resumed>) = 0 [pid 6080] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6079] <... ioctl resumed>) = 0 [pid 6079] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 128.443455][ T6061] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 128.473968][ T6061] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6079] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6061] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] exit_group(0 [pid 6061] ???( [pid 6080] <... futex resumed>) = ? [pid 6079] <... futex resumed>) = ? [pid 6061] <... ??? resumed>) = ? [pid 6060] <... exit_group resumed>) = ? [pid 6080] +++ exited with 0 +++ [pid 6079] +++ exited with 0 +++ [pid 6061] +++ exited with 0 +++ [pid 6060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6060, si_uid=0, si_status=0, si_utime=0, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 128.494757][ T6061] BTRFS info (device loop0): balance: ended with status: 0 [ 128.551677][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6081 attached , child_tidptr=0x5555561f7690) = 6081 [pid 6081] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6081] chdir("./48") = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0) = 0 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6081] write(3, "1000", 4) = 4 [pid 6081] close(3) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6081] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6081] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6082 attached [pid 6082] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6081] <... clone3 resumed> => {parent_tid=[6082]}, 88) = 6082 [pid 6082] set_robust_list(0x7f65a9e199a0, 24 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], [pid 6082] <... set_robust_list resumed>) = 0 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], [pid 6081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6081] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] memfd_create("syzkaller", 0 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6082] <... memfd_create resumed>) = 3 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6082] munmap(0x7f65a1800000, 138412032) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6082] close(3) = 0 [pid 6082] mkdir("./file0", 0777) = 0 [ 128.947960][ T6082] loop0: detected capacity change from 0 to 32768 [ 128.957798][ T6082] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6082) [ 128.974787][ T6082] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 128.985423][ T6082] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 128.994955][ T6082] BTRFS info (device loop0): disk space caching is enabled [ 129.017615][ T6082] BTRFS info (device loop0): rebuilding free space tree [ 129.030032][ T6082] BTRFS info (device loop0): disabling free space tree [ 129.036996][ T6082] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6082] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6082] chdir("./file0") = 0 [pid 6082] ioctl(4, LOOP_CLR_FD) = 0 [pid 6082] close(4) = 0 [pid 6082] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = 1 [ 129.046783][ T6082] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 129.060862][ T6082] BTRFS info (device loop0): checking UUID tree [pid 6082] open("./file0", O_RDONLY) = 4 [pid 6081] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = 1 [pid 6081] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6082] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6082] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] <... futex resumed>) = 0 [pid 6081] <... futex resumed>) = 1 [pid 6082] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6081] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6081] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6081] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6100 attached => {parent_tid=[6100]}, 88) = 6100 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6081] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6100] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6100] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6100] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6100] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6081] <... futex resumed>) = 0 [pid 6100] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 129.142122][ T6082] BTRFS info (device loop0): balance: start -d -m [ 129.152312][ T6082] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 129.181805][ T6082] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6081] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6081] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6081] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6101 attached [pid 6101] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6081] <... clone3 resumed> => {parent_tid=[6101]}, 88) = 6101 [pid 6101] <... rseq resumed>) = 0 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], [pid 6101] set_robust_list(0x7f65a9dd79a0, 24 [pid 6081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] <... set_robust_list resumed>) = 0 [pid 6081] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6101] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6101] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6100] <... ioctl resumed>) = 0 [pid 6100] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.355222][ T6082] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 129.380731][ T6082] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6100] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6082] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] exit_group(0 [pid 6101] <... futex resumed>) = ? [pid 6100] <... futex resumed>) = ? [pid 6081] <... exit_group resumed>) = ? [pid 6082] +++ exited with 0 +++ [pid 6101] +++ exited with 0 +++ [pid 6100] +++ exited with 0 +++ [pid 6081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- [ 129.401058][ T6082] BTRFS info (device loop0): balance: ended with status: 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 129.539165][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6102 attached , child_tidptr=0x5555561f7690) = 6102 [pid 6102] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6102] chdir("./49") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6102] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6102] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6103 attached [pid 6103] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6102] <... clone3 resumed> => {parent_tid=[6103]}, 88) = 6103 [pid 6103] set_robust_list(0x7f65a9e199a0, 24 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], [pid 6103] <... set_robust_list resumed>) = 0 [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6103] rt_sigprocmask(SIG_SETMASK, [], [pid 6102] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6102] <... futex resumed>) = 0 [pid 6103] memfd_create("syzkaller", 0 [pid 6102] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6103] <... memfd_create resumed>) = 3 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6103] munmap(0x7f65a1800000, 138412032) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6103] close(3) = 0 [pid 6103] mkdir("./file0", 0777) = 0 [ 129.970212][ T6103] loop0: detected capacity change from 0 to 32768 [ 129.981529][ T6103] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6103) [ 129.997411][ T6103] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 130.007956][ T6103] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 130.017305][ T6103] BTRFS info (device loop0): disk space caching is enabled [ 130.040010][ T6103] BTRFS info (device loop0): rebuilding free space tree [ 130.053051][ T6103] BTRFS info (device loop0): disabling free space tree [ 130.060152][ T6103] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6103] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6103] chdir("./file0") = 0 [pid 6103] ioctl(4, LOOP_CLR_FD) = 0 [pid 6103] close(4) = 0 [pid 6103] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... futex resumed>) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] open("./file0", O_RDONLY [pid 6102] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... open resumed>) = 4 [ 130.069880][ T6103] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 130.083394][ T6103] BTRFS info (device loop0): checking UUID tree [pid 6103] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6102] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.143418][ T6103] BTRFS info (device loop0): balance: start -d -m [ 130.154005][ T6103] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6102] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6102] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6102] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6121 attached => {parent_tid=[6121]}, 88) = 6121 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6121] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6102] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6121] <... rseq resumed>) = 0 [pid 6102] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6121] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6121] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6121] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] <... futex resumed>) = 0 [pid 6121] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 130.187267][ T6103] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6102] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6102] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6102] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6122 attached [pid 6122] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6102] <... clone3 resumed> => {parent_tid=[6122]}, 88) = 6122 [pid 6122] <... rseq resumed>) = 0 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], [pid 6122] set_robust_list(0x7f65a9dd79a0, 24 [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6122] <... set_robust_list resumed>) = 0 [pid 6102] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] rt_sigprocmask(SIG_SETMASK, [], [pid 6102] <... futex resumed>) = 0 [pid 6122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6102] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6122] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6122] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6122] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] <... ioctl resumed>) = 0 [pid 6121] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.384471][ T6103] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 130.415140][ T6103] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6121] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6103] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] exit_group(0 [pid 6103] <... futex resumed>) = 0 [pid 6103] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] <... futex resumed>) = ? [pid 6121] <... futex resumed>) = ? [pid 6122] +++ exited with 0 +++ [pid 6121] +++ exited with 0 +++ [pid 6102] <... exit_group resumed>) = ? [pid 6103] <... futex resumed>) = ? [pid 6103] +++ exited with 0 +++ [pid 6102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=41 /* 0.41 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 130.436603][ T6103] BTRFS info (device loop0): balance: ended with status: 0 unlink("./49/binderfs") = 0 [ 130.501249][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6123 attached , child_tidptr=0x5555561f7690) = 6123 [pid 6123] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6123] chdir("./50") = 0 [pid 6123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6123] setpgid(0, 0) = 0 [pid 6123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6123] write(3, "1000", 4) = 4 [pid 6123] close(3) = 0 [pid 6123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6123] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6123] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6124 attached [pid 6124] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6123] <... clone3 resumed> => {parent_tid=[6124]}, 88) = 6124 [pid 6124] <... rseq resumed>) = 0 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6123] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6124] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6124] memfd_create("syzkaller", 0) = 3 [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6124] munmap(0x7f65a1800000, 138412032) = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6124] close(3) = 0 [pid 6124] mkdir("./file0", 0777) = 0 [ 131.014658][ T6124] loop0: detected capacity change from 0 to 32768 [ 131.039729][ T6124] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6124) [ 131.055883][ T6124] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 131.066410][ T6124] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 131.075684][ T6124] BTRFS info (device loop0): disk space caching is enabled [ 131.098310][ T6124] BTRFS info (device loop0): rebuilding free space tree [pid 6124] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6124] chdir("./file0") = 0 [pid 6124] ioctl(4, LOOP_CLR_FD) = 0 [pid 6124] close(4) = 0 [pid 6124] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] <... futex resumed>) = 0 [pid 6124] open("./file0", O_RDONLY) = 4 [pid 6124] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6123] <... futex resumed>) = 0 [pid 6124] <... ioctl resumed>) = 0 [pid 6123] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6124] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] <... futex resumed>) = 0 [pid 6124] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 131.113755][ T6124] BTRFS info (device loop0): disabling free space tree [ 131.120791][ T6124] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 131.130489][ T6124] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 131.144088][ T6124] BTRFS info (device loop0): checking UUID tree [pid 6123] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6123] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6123] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6142 attached [pid 6142] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6142] set_robust_list(0x7f65a9df89a0, 24 [pid 6123] <... clone3 resumed> => {parent_tid=[6142]}, 88) = 6142 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6123] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... set_robust_list resumed>) = 0 [pid 6142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6142] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6142] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 131.187224][ T6124] BTRFS info (device loop0): balance: start -d -m [ 131.197027][ T6124] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 131.226685][ T6124] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6142] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6142] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6123] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6123] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6123] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6143 attached [pid 6143] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6123] <... clone3 resumed> => {parent_tid=[6143]}, 88) = 6143 [pid 6143] <... rseq resumed>) = 0 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], [pid 6143] set_robust_list(0x7f65a9dd79a0, 24 [pid 6123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6143] <... set_robust_list resumed>) = 0 [pid 6143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6143] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6143] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6123] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6143] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 131.357988][ T6124] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6143] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6142] <... ioctl resumed>) = 0 [pid 6142] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6124] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] exit_group(0 [pid 6124] <... futex resumed>) = 0 [pid 6143] <... futex resumed>) = ? [pid 6142] <... futex resumed>) = ? [pid 6123] <... exit_group resumed>) = ? [pid 6143] +++ exited with 0 +++ [pid 6142] +++ exited with 0 +++ [pid 6124] +++ exited with 0 +++ [pid 6123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6123, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=45 /* 0.45 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 131.446545][ T6124] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 131.467434][ T6124] BTRFS info (device loop0): balance: ended with status: 0 [ 131.527183][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6144 attached , child_tidptr=0x5555561f7690) = 6144 [pid 6144] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6144] chdir("./51") = 0 [pid 6144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6144] setpgid(0, 0) = 0 [pid 6144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6144] write(3, "1000", 4) = 4 [pid 6144] close(3) = 0 [pid 6144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6144] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6144] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6145 attached [pid 6145] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6144] <... clone3 resumed> => {parent_tid=[6145]}, 88) = 6145 [pid 6145] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], [pid 6145] rt_sigprocmask(SIG_SETMASK, [], [pid 6144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6144] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] memfd_create("syzkaller", 0 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6145] <... memfd_create resumed>) = 3 [pid 6145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6145] munmap(0x7f65a1800000, 138412032) = 0 [pid 6145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6145] close(3) = 0 [pid 6145] mkdir("./file0", 0777) = 0 [ 132.011847][ T6145] loop0: detected capacity change from 0 to 32768 [ 132.026908][ T6145] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6145) [ 132.044535][ T6145] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 132.055101][ T6145] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 132.064360][ T6145] BTRFS info (device loop0): disk space caching is enabled [ 132.088187][ T6145] BTRFS info (device loop0): rebuilding free space tree [ 132.101566][ T6145] BTRFS info (device loop0): disabling free space tree [pid 6145] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6145] chdir("./file0") = 0 [pid 6145] ioctl(4, LOOP_CLR_FD) = 0 [pid 6145] close(4) = 0 [pid 6145] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6145] open("./file0", O_RDONLY [pid 6144] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] <... open resumed>) = 4 [pid 6145] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6145] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6145] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 132.108675][ T6145] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 132.118355][ T6145] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 132.132449][ T6145] BTRFS info (device loop0): checking UUID tree [pid 6145] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] <... futex resumed>) = 0 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6144] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6144] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[6163]}, 88) = 6163 ./strace-static-x86_64: Process 6163 attached [pid 6144] rt_sigprocmask(SIG_SETMASK, [], [pid 6163] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6163] <... rseq resumed>) = 0 [pid 6144] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] set_robust_list(0x7f65a9df89a0, 24 [pid 6144] <... futex resumed>) = 0 [pid 6163] <... set_robust_list resumed>) = 0 [pid 6144] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6163] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6163] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 132.214071][ T6145] BTRFS info (device loop0): balance: start -d -m [ 132.224514][ T6145] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 132.249098][ T6145] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6163] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6144] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6144] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[6164]}, 88) = 6164 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6144] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6164 attached [pid 6164] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6164] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6164] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6164] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6164] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6163] <... ioctl resumed>) = 0 [pid 6163] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 132.441384][ T6145] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 132.466343][ T6145] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6163] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6145] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] exit_group(0 [pid 6164] <... futex resumed>) = ? [pid 6163] <... futex resumed>) = ? [pid 6164] +++ exited with 0 +++ [pid 6145] <... futex resumed>) = ? [pid 6144] <... exit_group resumed>) = ? [pid 6163] +++ exited with 0 +++ [pid 6145] +++ exited with 0 +++ [pid 6144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6144, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- [ 132.488263][ T6145] BTRFS info (device loop0): balance: ended with status: 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 132.564651][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6165 attached , child_tidptr=0x5555561f7690) = 6165 [pid 6165] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6165] chdir("./52") = 0 [pid 6165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6165] setpgid(0, 0) = 0 [pid 6165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6165] write(3, "1000", 4) = 4 [pid 6165] close(3) = 0 [pid 6165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6165] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6165] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6166 attached [pid 6166] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6165] <... clone3 resumed> => {parent_tid=[6166]}, 88) = 6166 [pid 6166] <... rseq resumed>) = 0 [pid 6165] rt_sigprocmask(SIG_SETMASK, [], [pid 6166] set_robust_list(0x7f65a9e199a0, 24 [pid 6165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6166] <... set_robust_list resumed>) = 0 [pid 6165] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] rt_sigprocmask(SIG_SETMASK, [], [pid 6165] <... futex resumed>) = 0 [pid 6166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6165] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6166] memfd_create("syzkaller", 0) = 3 [pid 6166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6166] munmap(0x7f65a1800000, 138412032) = 0 [pid 6166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6166] close(3) = 0 [pid 6166] mkdir("./file0", 0777) = 0 [ 133.141518][ T6166] loop0: detected capacity change from 0 to 32768 [ 133.156140][ T6166] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6166) [ 133.171820][ T6166] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 133.182088][ T6166] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 133.191620][ T6166] BTRFS info (device loop0): disk space caching is enabled [ 133.217044][ T6166] BTRFS info (device loop0): rebuilding free space tree [ 133.229222][ T6166] BTRFS info (device loop0): disabling free space tree [pid 6166] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6166] chdir("./file0") = 0 [pid 6166] ioctl(4, LOOP_CLR_FD) = 0 [pid 6166] close(4) = 0 [pid 6166] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6166] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6165] <... futex resumed>) = 0 [pid 6166] open("./file0", O_RDONLY [pid 6165] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... open resumed>) = 4 [ 133.236291][ T6166] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 133.246054][ T6166] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 133.259938][ T6166] BTRFS info (device loop0): checking UUID tree [pid 6166] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6166] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6165] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... ioctl resumed>) = 0 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6166] <... futex resumed>) = 0 [pid 6165] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6165] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6165] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6184 attached => {parent_tid=[6184]}, 88) = 6184 [pid 6184] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6184] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6165] rt_sigprocmask(SIG_SETMASK, [], [pid 6184] rt_sigprocmask(SIG_SETMASK, [], [pid 6165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6184] openat(AT_FDCWD, ".", O_RDONLY [pid 6165] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 133.333657][ T6166] BTRFS info (device loop0): balance: start -d -m [ 133.344537][ T6166] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 133.373334][ T6166] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6165] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... openat resumed>) = 5 [pid 6184] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6184] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6165] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6165] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6165] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6185 attached => {parent_tid=[6185]}, 88) = 6185 [pid 6165] rt_sigprocmask(SIG_SETMASK, [], [pid 6185] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6185] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6185] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6185] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6185] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6185] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6184] <... ioctl resumed>) = 0 [pid 6184] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 133.558240][ T6166] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 133.585813][ T6166] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6184] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6166] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6166] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] exit_group(0 [pid 6184] <... futex resumed>) = ? [pid 6185] <... futex resumed>) = ? [pid 6166] <... futex resumed>) = ? [pid 6185] +++ exited with 0 +++ [pid 6184] +++ exited with 0 +++ [pid 6166] +++ exited with 0 +++ [pid 6165] <... exit_group resumed>) = ? [pid 6165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6165, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 133.606637][ T6166] BTRFS info (device loop0): balance: ended with status: 0 [ 133.632768][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6186 attached , child_tidptr=0x5555561f7690) = 6186 [pid 6186] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6186] chdir("./53") = 0 [pid 6186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6186] setpgid(0, 0) = 0 [pid 6186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6186] write(3, "1000", 4) = 4 [pid 6186] close(3) = 0 [pid 6186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6186] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6186] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6187 attached [pid 6187] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6186] <... clone3 resumed> => {parent_tid=[6187]}, 88) = 6187 [pid 6187] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6186] rt_sigprocmask(SIG_SETMASK, [], [pid 6187] rt_sigprocmask(SIG_SETMASK, [], [pid 6186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6186] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6186] <... futex resumed>) = 0 [pid 6187] memfd_create("syzkaller", 0 [pid 6186] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6187] <... memfd_create resumed>) = 3 [pid 6187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6187] munmap(0x7f65a1800000, 138412032) = 0 [pid 6187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6187] close(3) = 0 [pid 6187] mkdir("./file0", 0777) = 0 [ 134.072270][ T6187] loop0: detected capacity change from 0 to 32768 [ 134.097287][ T6187] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6187) [ 134.112948][ T6187] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 134.123201][ T6187] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 134.132573][ T6187] BTRFS info (device loop0): disk space caching is enabled [ 134.155207][ T6187] BTRFS info (device loop0): rebuilding free space tree [pid 6187] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6187] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6187] chdir("./file0") = 0 [pid 6187] ioctl(4, LOOP_CLR_FD) = 0 [pid 6187] close(4) = 0 [pid 6187] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [ 134.167396][ T6187] BTRFS info (device loop0): disabling free space tree [ 134.174484][ T6187] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.184197][ T6187] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 134.197405][ T6187] BTRFS info (device loop0): checking UUID tree [pid 6187] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6186] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6187] open("./file0", O_RDONLY [pid 6186] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... open resumed>) = 4 [pid 6187] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] <... futex resumed>) = 0 [pid 6186] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6187] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6187] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6186] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6186] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6186] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6205 attached [pid 6205] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6186] <... clone3 resumed> => {parent_tid=[6205]}, 88) = 6205 [pid 6205] <... rseq resumed>) = 0 [pid 6186] rt_sigprocmask(SIG_SETMASK, [], [pid 6205] set_robust_list(0x7f65a9df89a0, 24 [pid 6186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6205] <... set_robust_list resumed>) = 0 [pid 6186] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] rt_sigprocmask(SIG_SETMASK, [], [pid 6186] <... futex resumed>) = 0 [pid 6205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6186] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6205] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6205] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6186] <... futex resumed>) = 0 [pid 6205] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 134.311533][ T6187] BTRFS info (device loop0): balance: start -d -m [ 134.321811][ T6187] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 134.347508][ T6187] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6186] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6186] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6186] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[6206]}, 88) = 6206 [pid 6186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6186] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6206 attached [pid 6206] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6206] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6206] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6206] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6206] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] <... ioctl resumed>) = 0 [pid 6205] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 134.506615][ T6187] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 134.532591][ T6187] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6205] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6187] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6187] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] exit_group(0 [pid 6187] <... futex resumed>) = 0 [pid 6206] <... futex resumed>) = ? [pid 6205] <... futex resumed>) = ? [pid 6206] +++ exited with 0 +++ [pid 6205] +++ exited with 0 +++ [pid 6187] +++ exited with 0 +++ [pid 6186] <... exit_group resumed>) = ? [pid 6186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6186, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 134.553116][ T6187] BTRFS info (device loop0): balance: ended with status: 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 134.671133][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561f7690) = 6207 ./strace-static-x86_64: Process 6207 attached [pid 6207] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6207] chdir("./54") = 0 [pid 6207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6207] setpgid(0, 0) = 0 [pid 6207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6207] write(3, "1000", 4) = 4 [pid 6207] close(3) = 0 [pid 6207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6207] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6207] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6208 attached [pid 6208] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6207] <... clone3 resumed> => {parent_tid=[6208]}, 88) = 6208 [pid 6208] <... rseq resumed>) = 0 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], [pid 6208] set_robust_list(0x7f65a9e199a0, 24 [pid 6207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6208] <... set_robust_list resumed>) = 0 [pid 6207] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] rt_sigprocmask(SIG_SETMASK, [], [pid 6207] <... futex resumed>) = 0 [pid 6208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6207] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6208] memfd_create("syzkaller", 0) = 3 [pid 6208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6208] munmap(0x7f65a1800000, 138412032) = 0 [pid 6208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6208] close(3) = 0 [pid 6208] mkdir("./file0", 0777) = 0 [ 135.091678][ T6208] loop0: detected capacity change from 0 to 32768 [ 135.111839][ T6208] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6208) [ 135.129164][ T6208] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 135.139638][ T6208] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 135.149289][ T6208] BTRFS info (device loop0): disk space caching is enabled [ 135.173697][ T6208] BTRFS info (device loop0): rebuilding free space tree [pid 6208] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6208] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6208] chdir("./file0") = 0 [pid 6208] ioctl(4, LOOP_CLR_FD) = 0 [pid 6208] close(4) = 0 [pid 6208] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6208] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = 0 [pid 6207] <... futex resumed>) = 1 [pid 6208] open("./file0", O_RDONLY [pid 6207] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] <... open resumed>) = 4 [pid 6208] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6207] <... futex resumed>) = 0 [pid 6208] <... ioctl resumed>) = 0 [pid 6207] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6208] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6207] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 135.185805][ T6208] BTRFS info (device loop0): disabling free space tree [ 135.193234][ T6208] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 135.202953][ T6208] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 135.216644][ T6208] BTRFS info (device loop0): checking UUID tree [ 135.272194][ T6208] BTRFS info (device loop0): balance: start -d -m [ 135.281416][ T6208] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6207] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6207] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6207] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[6226]}, 88) = 6226 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6207] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6226 attached [pid 6226] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6226] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6226] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6226] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6226] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6207] <... futex resumed>) = 0 [pid 6226] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 135.316571][ T6208] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6207] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6207] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6207] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6207] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6227 attached => {parent_tid=[6227]}, 88) = 6227 [pid 6227] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], [pid 6227] <... rseq resumed>) = 0 [pid 6207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6227] set_robust_list(0x7f65a9dd79a0, 24 [pid 6207] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6227] <... set_robust_list resumed>) = 0 [pid 6207] <... futex resumed>) = 0 [pid 6227] rt_sigprocmask(SIG_SETMASK, [], [pid 6207] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6227] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6227] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = 0 [pid 6227] <... futex resumed>) = 1 [pid 6227] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6226] <... ioctl resumed>) = 0 [pid 6226] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 135.511732][ T6208] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 135.537478][ T6208] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6226] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6208] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6208] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] exit_group(0 [pid 6227] <... futex resumed>) = ? [pid 6226] <... futex resumed>) = ? [pid 6208] <... futex resumed>) = ? [pid 6207] <... exit_group resumed>) = ? [pid 6227] +++ exited with 0 +++ [pid 6226] +++ exited with 0 +++ [pid 6208] +++ exited with 0 +++ [pid 6207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6207, si_uid=0, si_status=0, si_utime=0, si_stime=42 /* 0.42 s */} --- [ 135.559185][ T6208] BTRFS info (device loop0): balance: ended with status: 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 135.673385][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6228 attached , child_tidptr=0x5555561f7690) = 6228 [pid 6228] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6228] chdir("./55") = 0 [pid 6228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6228] setpgid(0, 0) = 0 [pid 6228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6228] write(3, "1000", 4) = 4 [pid 6228] close(3) = 0 [pid 6228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6228] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6228] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6229 attached [pid 6229] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6228] <... clone3 resumed> => {parent_tid=[6229]}, 88) = 6229 [pid 6229] <... rseq resumed>) = 0 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], [pid 6229] set_robust_list(0x7f65a9e199a0, 24 [pid 6228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6229] <... set_robust_list resumed>) = 0 [pid 6229] rt_sigprocmask(SIG_SETMASK, [], [pid 6228] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6228] <... futex resumed>) = 0 [pid 6229] memfd_create("syzkaller", 0 [pid 6228] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6229] <... memfd_create resumed>) = 3 [pid 6229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6229] munmap(0x7f65a1800000, 138412032) = 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6229] close(3) = 0 [pid 6229] mkdir("./file0", 0777) = 0 [ 136.159152][ T6229] loop0: detected capacity change from 0 to 32768 [ 136.173528][ T6229] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6229) [ 136.189637][ T6229] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 136.200062][ T6229] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 136.209440][ T6229] BTRFS info (device loop0): disk space caching is enabled [ 136.234065][ T6229] BTRFS info (device loop0): rebuilding free space tree [ 136.246229][ T6229] BTRFS info (device loop0): disabling free space tree [pid 6229] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6229] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6229] chdir("./file0") = 0 [pid 6229] ioctl(4, LOOP_CLR_FD) = 0 [pid 6229] close(4) = 0 [pid 6229] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6229] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] open("./file0", O_RDONLY) = 4 [ 136.253987][ T6229] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 136.264009][ T6229] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 136.278052][ T6229] BTRFS info (device loop0): checking UUID tree [pid 6229] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6229] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6228] <... futex resumed>) = 0 [pid 6229] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6228] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... ioctl resumed>) = 0 [pid 6229] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6229] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6228] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6228] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6228] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6247 attached => {parent_tid=[6247]}, 88) = 6247 [pid 6247] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], [pid 6247] <... rseq resumed>) = 0 [pid 6228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6247] set_robust_list(0x7f65a9df89a0, 24 [pid 6228] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] <... set_robust_list resumed>) = 0 [pid 6228] <... futex resumed>) = 0 [pid 6247] rt_sigprocmask(SIG_SETMASK, [], [pid 6228] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6247] openat(AT_FDCWD, ".", O_RDONLY) = 5 [ 136.341387][ T6229] BTRFS info (device loop0): balance: start -d -m [ 136.352965][ T6229] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 136.380670][ T6229] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6247] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6228] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6228] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6228] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6248 attached [pid 6248] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6228] <... clone3 resumed> => {parent_tid=[6248]}, 88) = 6248 [pid 6248] <... rseq resumed>) = 0 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], [pid 6248] set_robust_list(0x7f65a9dd79a0, 24 [pid 6228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6248] <... set_robust_list resumed>) = 0 [pid 6228] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] rt_sigprocmask(SIG_SETMASK, [], [pid 6228] <... futex resumed>) = 0 [pid 6248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6228] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6248] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6248] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6248] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6247] <... ioctl resumed>) = 0 [pid 6247] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.563589][ T6229] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 136.592645][ T6229] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6247] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6229] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] exit_group(0 [pid 6248] <... futex resumed>) = ? [pid 6248] +++ exited with 0 +++ [pid 6247] <... futex resumed>) = ? [pid 6247] +++ exited with 0 +++ [pid 6228] <... exit_group resumed>) = ? [pid 6229] <... futex resumed>) = ? [pid 6229] +++ exited with 0 +++ [pid 6228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6228, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 [ 136.613204][ T6229] BTRFS info (device loop0): balance: ended with status: 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 136.696632][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6249 attached , child_tidptr=0x5555561f7690) = 6249 [pid 6249] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6249] chdir("./56") = 0 [pid 6249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6249] setpgid(0, 0) = 0 [pid 6249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6249] write(3, "1000", 4) = 4 [pid 6249] close(3) = 0 [pid 6249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6249] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6249] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6249] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6250 attached [pid 6250] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6249] <... clone3 resumed> => {parent_tid=[6250]}, 88) = 6250 [pid 6250] <... rseq resumed>) = 0 [pid 6249] rt_sigprocmask(SIG_SETMASK, [], [pid 6250] set_robust_list(0x7f65a9e199a0, 24 [pid 6249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6250] <... set_robust_list resumed>) = 0 [pid 6249] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6249] <... futex resumed>) = 0 [pid 6250] memfd_create("syzkaller", 0 [pid 6249] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6250] <... memfd_create resumed>) = 3 [pid 6250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6250] munmap(0x7f65a1800000, 138412032) = 0 [pid 6250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6250] close(3) = 0 [pid 6250] mkdir("./file0", 0777) = 0 [ 137.132429][ T6250] loop0: detected capacity change from 0 to 32768 [ 137.157450][ T6250] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6250) [ 137.173755][ T6250] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 137.184089][ T6250] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 137.193410][ T6250] BTRFS info (device loop0): disk space caching is enabled [ 137.216854][ T6250] BTRFS info (device loop0): rebuilding free space tree [pid 6250] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6250] chdir("./file0") = 0 [pid 6250] ioctl(4, LOOP_CLR_FD) = 0 [pid 6250] close(4) = 0 [pid 6250] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6249] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] open("./file0", O_RDONLY) = 4 [pid 6250] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6250] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 6249] <... futex resumed>) = 1 [pid 6250] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6249] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6250] <... futex resumed>) = 0 [pid 6250] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6249] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6250] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6250] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6249] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 137.229440][ T6250] BTRFS info (device loop0): disabling free space tree [ 137.236347][ T6250] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 137.246168][ T6250] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 137.260046][ T6250] BTRFS info (device loop0): checking UUID tree [ 137.293889][ T6250] BTRFS info (device loop0): balance: start -d -m [ 137.302579][ T6250] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6249] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6249] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6249] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6268 attached [pid 6268] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6268] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6249] <... clone3 resumed> => {parent_tid=[6268]}, 88) = 6268 [pid 6268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6249] rt_sigprocmask(SIG_SETMASK, [], [pid 6268] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6249] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6268] <... futex resumed>) = 0 [pid 6249] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6268] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6268] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] <... futex resumed>) = 0 [pid 6249] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... futex resumed>) = 0 [pid 6249] <... futex resumed>) = 1 [pid 6268] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 137.336576][ T6250] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6249] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6249] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6249] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6269 attached [pid 6269] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6249] <... clone3 resumed> => {parent_tid=[6269]}, 88) = 6269 [pid 6269] <... rseq resumed>) = 0 [pid 6249] rt_sigprocmask(SIG_SETMASK, [], [pid 6269] set_robust_list(0x7f65a9dd79a0, 24 [pid 6249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6269] <... set_robust_list resumed>) = 0 [pid 6249] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] rt_sigprocmask(SIG_SETMASK, [], [pid 6249] <... futex resumed>) = 0 [pid 6269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6249] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6269] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6269] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6249] <... futex resumed>) = 0 [pid 6269] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] <... ioctl resumed>) = 0 [pid 6268] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 137.551638][ T6250] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 137.577759][ T6250] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6268] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6250] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6250] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6250] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6249] exit_group(0 [pid 6269] <... futex resumed>) = ? [pid 6268] <... futex resumed>) = ? [pid 6269] +++ exited with 0 +++ [pid 6268] +++ exited with 0 +++ [pid 6250] <... futex resumed>) = ? [pid 6249] <... exit_group resumed>) = ? [pid 6250] +++ exited with 0 +++ [pid 6249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6249, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- [ 137.599625][ T6250] BTRFS info (device loop0): balance: ended with status: 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 137.705653][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6270 attached [pid 6270] set_robust_list(0x5555561f76a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555561f7690) = 6270 [pid 6270] <... set_robust_list resumed>) = 0 [pid 6270] chdir("./57") = 0 [pid 6270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6270] setpgid(0, 0) = 0 [pid 6270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6270] write(3, "1000", 4) = 4 [pid 6270] close(3) = 0 [pid 6270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6270] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6270] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6270] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6271 attached [pid 6271] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6270] <... clone3 resumed> => {parent_tid=[6271]}, 88) = 6271 [pid 6271] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6270] rt_sigprocmask(SIG_SETMASK, [], [pid 6271] rt_sigprocmask(SIG_SETMASK, [], [pid 6270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6270] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] memfd_create("syzkaller", 0 [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6271] <... memfd_create resumed>) = 3 [pid 6271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6271] munmap(0x7f65a1800000, 138412032) = 0 [pid 6271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6271] close(3) = 0 [pid 6271] mkdir("./file0", 0777) = 0 [ 138.091236][ T6271] loop0: detected capacity change from 0 to 32768 [ 138.107350][ T6271] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6271) [ 138.123105][ T6271] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 138.133414][ T6271] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 138.142792][ T6271] BTRFS info (device loop0): disk space caching is enabled [ 138.166711][ T6271] BTRFS info (device loop0): rebuilding free space tree [ 138.179246][ T6271] BTRFS info (device loop0): disabling free space tree [pid 6271] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6271] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6271] chdir("./file0") = 0 [pid 6271] ioctl(4, LOOP_CLR_FD) = 0 [pid 6271] close(4) = 0 [pid 6271] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] <... futex resumed>) = 0 [pid 6271] <... futex resumed>) = 1 [pid 6270] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] open("./file0", O_RDONLY [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] <... open resumed>) = 4 [ 138.186166][ T6271] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 138.195874][ T6271] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 138.209470][ T6271] BTRFS info (device loop0): checking UUID tree [pid 6271] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6270] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6270] <... futex resumed>) = 0 [pid 6271] <... ioctl resumed>) = 0 [pid 6270] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6271] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6270] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6270] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6270] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 138.262042][ T6271] BTRFS info (device loop0): balance: start -d -m [ 138.271278][ T6271] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 138.299849][ T6271] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6289 attached => {parent_tid=[6289]}, 88) = 6289 [pid 6289] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6289] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6289] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6270] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = 0 [pid 6270] <... futex resumed>) = 1 [pid 6289] openat(AT_FDCWD, ".", O_RDONLY [pid 6270] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... openat resumed>) = 5 [pid 6289] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6289] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6270] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6270] <... futex resumed>) = 0 [pid 6289] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 138.356412][ T6271] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6270] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6270] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6270] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6290 attached [pid 6290] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6270] <... clone3 resumed> => {parent_tid=[6290]}, 88) = 6290 [pid 6270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6290] <... rseq resumed>) = 0 [pid 6270] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] set_robust_list(0x7f65a9dd79a0, 24 [pid 6270] <... futex resumed>) = 0 [pid 6290] <... set_robust_list resumed>) = 0 [pid 6270] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6290] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6290] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6270] <... futex resumed>) = 0 [pid 6290] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] <... ioctl resumed>) = 0 [pid 6289] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6289] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6271] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6271] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6271] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6270] exit_group(0 [pid 6290] <... futex resumed>) = ? [pid 6289] <... futex resumed>) = ? [pid 6271] <... futex resumed>) = ? [pid 6290] +++ exited with 0 +++ [pid 6289] +++ exited with 0 +++ [pid 6270] <... exit_group resumed>) = ? [pid 6271] +++ exited with 0 +++ [pid 6270] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6270, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 138.531500][ T6271] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 138.554232][ T6271] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 138.620526][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6291 attached , child_tidptr=0x5555561f7690) = 6291 [pid 6291] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6291] chdir("./58") = 0 [pid 6291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6291] setpgid(0, 0) = 0 [pid 6291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6291] write(3, "1000", 4) = 4 [pid 6291] close(3) = 0 [pid 6291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6291] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6291] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6291] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6292 attached => {parent_tid=[6292]}, 88) = 6292 [pid 6292] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6291] rt_sigprocmask(SIG_SETMASK, [], [pid 6292] <... rseq resumed>) = 0 [pid 6292] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6292] rt_sigprocmask(SIG_SETMASK, [], [pid 6291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6292] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6291] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] <... futex resumed>) = 0 [pid 6291] <... futex resumed>) = 1 [pid 6291] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6292] memfd_create("syzkaller", 0) = 3 [pid 6292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6292] munmap(0x7f65a1800000, 138412032) = 0 [pid 6292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6292] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6292] close(3) = 0 [pid 6292] mkdir("./file0", 0777) = 0 [ 139.063818][ T6292] loop0: detected capacity change from 0 to 32768 [ 139.088555][ T6292] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6292) [ 139.104837][ T6292] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 139.115106][ T6292] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 139.124383][ T6292] BTRFS info (device loop0): disk space caching is enabled [ 139.148490][ T6292] BTRFS info (device loop0): rebuilding free space tree [pid 6292] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6292] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6292] chdir("./file0") = 0 [pid 6292] ioctl(4, LOOP_CLR_FD) = 0 [pid 6292] close(4) = 0 [pid 6292] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] <... futex resumed>) = 0 [ 139.161045][ T6292] BTRFS info (device loop0): disabling free space tree [ 139.167975][ T6292] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 139.177690][ T6292] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 139.191398][ T6292] BTRFS info (device loop0): checking UUID tree [pid 6292] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6291] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] open("./file0", O_RDONLY) = 4 [pid 6292] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] <... futex resumed>) = 0 [pid 6292] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6291] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] <... ioctl resumed>) = 0 [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] <... futex resumed>) = 0 [pid 6292] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6291] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6291] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6291] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[6310]}, 88) = 6310 [ 139.288434][ T6292] BTRFS info (device loop0): balance: start -d -m [ 139.297676][ T6292] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 139.328343][ T6292] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6291] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6310 attached NULL, 8) = 0 [pid 6310] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6310] set_robust_list(0x7f65a9df89a0, 24 [pid 6291] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... set_robust_list resumed>) = 0 [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6310] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6310] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6291] <... futex resumed>) = 0 [pid 6310] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6291] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6310] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6291] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6291] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6291] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6291] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6291] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6311 attached => {parent_tid=[6311]}, 88) = 6311 [pid 6311] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6291] rt_sigprocmask(SIG_SETMASK, [], [pid 6311] <... rseq resumed>) = 0 [pid 6291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6311] set_robust_list(0x7f65a9dd79a0, 24 [pid 6291] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... set_robust_list resumed>) = 0 [pid 6311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6291] <... futex resumed>) = 0 [pid 6291] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6311] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6311] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6311] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6291] <... futex resumed>) = 0 [pid 6310] <... ioctl resumed>) = 0 [pid 6310] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 139.445158][ T6292] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6310] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6292] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6292] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6292] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6291] exit_group(0 [pid 6311] <... futex resumed>) = ? [pid 6311] +++ exited with 0 +++ [pid 6310] <... futex resumed>) = ? [pid 6292] <... futex resumed>) = ? [pid 6310] +++ exited with 0 +++ [pid 6292] +++ exited with 0 +++ [pid 6291] <... exit_group resumed>) = ? [ 139.516365][ T6292] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 139.537185][ T6292] BTRFS info (device loop0): balance: ended with status: 0 [pid 6291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6291, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 139.653974][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6312 attached , child_tidptr=0x5555561f7690) = 6312 [pid 6312] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6312] chdir("./59") = 0 [pid 6312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6312] setpgid(0, 0) = 0 [pid 6312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6312] write(3, "1000", 4) = 4 [pid 6312] close(3) = 0 [pid 6312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6312] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6312] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6313 attached [pid 6313] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6312] <... clone3 resumed> => {parent_tid=[6313]}, 88) = 6313 [pid 6313] <... rseq resumed>) = 0 [pid 6312] rt_sigprocmask(SIG_SETMASK, [], [pid 6313] set_robust_list(0x7f65a9e199a0, 24 [pid 6312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6313] <... set_robust_list resumed>) = 0 [pid 6312] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] rt_sigprocmask(SIG_SETMASK, [], [pid 6312] <... futex resumed>) = 0 [pid 6313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6312] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6313] memfd_create("syzkaller", 0) = 3 [pid 6313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6313] munmap(0x7f65a1800000, 138412032) = 0 [pid 6313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6313] close(3) = 0 [pid 6313] mkdir("./file0", 0777) = 0 [ 140.139277][ T6313] loop0: detected capacity change from 0 to 32768 [ 140.166107][ T6313] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6313) [ 140.183803][ T6313] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 140.194252][ T6313] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 140.203559][ T6313] BTRFS info (device loop0): disk space caching is enabled [ 140.227311][ T6313] BTRFS info (device loop0): rebuilding free space tree [pid 6313] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6313] chdir("./file0") = 0 [pid 6313] ioctl(4, LOOP_CLR_FD) = 0 [pid 6313] close(4) = 0 [ 140.239559][ T6313] BTRFS info (device loop0): disabling free space tree [ 140.246730][ T6313] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 140.256824][ T6313] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 140.270277][ T6313] BTRFS info (device loop0): checking UUID tree [pid 6313] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6313] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6313] open("./file0", O_RDONLY) = 4 [pid 6313] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6312] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6312] <... futex resumed>) = 0 [pid 6313] <... ioctl resumed>) = 0 [pid 6312] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6313] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] <... futex resumed>) = 0 [pid 6312] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6312] <... futex resumed>) = 0 [pid 6313] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 140.370013][ T6313] BTRFS info (device loop0): balance: start -d -m [ 140.379452][ T6313] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6312] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6312] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6312] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6331 attached [pid 6331] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6331] set_robust_list(0x7f65a9df89a0, 24 [pid 6312] <... clone3 resumed> => {parent_tid=[6331]}, 88) = 6331 [pid 6331] <... set_robust_list resumed>) = 0 [pid 6331] rt_sigprocmask(SIG_SETMASK, [], [pid 6312] rt_sigprocmask(SIG_SETMASK, [], [pid 6331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6331] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = 0 [pid 6312] <... futex resumed>) = 1 [pid 6331] openat(AT_FDCWD, ".", O_RDONLY [pid 6312] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6331] <... openat resumed>) = 5 [pid 6331] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6331] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6312] <... futex resumed>) = 0 [pid 6331] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 140.413308][ T6313] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6312] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6312] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6312] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6332 attached [pid 6332] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6312] <... clone3 resumed> => {parent_tid=[6332]}, 88) = 6332 [pid 6332] <... rseq resumed>) = 0 [pid 6312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6332] set_robust_list(0x7f65a9dd79a0, 24 [pid 6312] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... set_robust_list resumed>) = 0 [pid 6312] <... futex resumed>) = 0 [pid 6332] rt_sigprocmask(SIG_SETMASK, [], [pid 6312] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6332] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6332] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] <... futex resumed>) = 0 [pid 6332] <... futex resumed>) = 1 [pid 6332] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] <... ioctl resumed>) = 0 [pid 6331] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 140.573319][ T6313] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 140.600282][ T6313] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6331] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6313] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6313] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] exit_group(0 [pid 6332] <... futex resumed>) = ? [pid 6331] <... futex resumed>) = ? [pid 6312] <... exit_group resumed>) = ? [pid 6332] +++ exited with 0 +++ [pid 6331] +++ exited with 0 +++ [pid 6313] +++ exited with 0 +++ [pid 6312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6312, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 140.620943][ T6313] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 140.686190][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6333 attached [pid 6333] set_robust_list(0x5555561f76a0, 24 [pid 5064] <... clone resumed>, child_tidptr=0x5555561f7690) = 6333 [pid 6333] <... set_robust_list resumed>) = 0 [pid 6333] chdir("./60") = 0 [pid 6333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6333] setpgid(0, 0) = 0 [pid 6333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6333] write(3, "1000", 4) = 4 [pid 6333] close(3) = 0 [pid 6333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6333] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6333] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6333] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6334 attached => {parent_tid=[6334]}, 88) = 6334 [pid 6334] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6334] set_robust_list(0x7f65a9e199a0, 24 [pid 6333] rt_sigprocmask(SIG_SETMASK, [], [pid 6334] <... set_robust_list resumed>) = 0 [pid 6334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6333] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6334] memfd_create("syzkaller", 0 [pid 6333] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6334] <... memfd_create resumed>) = 3 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6334] munmap(0x7f65a1800000, 138412032) = 0 [pid 6334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6334] close(3) = 0 [pid 6334] mkdir("./file0", 0777) = 0 [ 141.206598][ T6334] loop0: detected capacity change from 0 to 32768 [ 141.232326][ T6334] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6334) [ 141.247695][ T6334] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 141.257970][ T6334] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 141.267254][ T6334] BTRFS info (device loop0): disk space caching is enabled [ 141.290997][ T6334] BTRFS info (device loop0): rebuilding free space tree [pid 6334] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6334] chdir("./file0") = 0 [pid 6334] ioctl(4, LOOP_CLR_FD) = 0 [pid 6334] close(4) = 0 [pid 6334] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6334] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 1 [pid 6334] open("./file0", O_RDONLY [pid 6333] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] <... open resumed>) = 4 [pid 6334] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6334] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6334] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6333] <... futex resumed>) = 0 [pid 6333] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] <... ioctl resumed>) = 0 [pid 6334] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6334] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6334] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6333] <... futex resumed>) = 0 [ 141.303454][ T6334] BTRFS info (device loop0): disabling free space tree [ 141.310408][ T6334] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 141.320129][ T6334] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 141.333712][ T6334] BTRFS info (device loop0): checking UUID tree [ 141.383710][ T6334] BTRFS info (device loop0): balance: start -d -m [ 141.392928][ T6334] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6333] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6333] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6333] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6352 attached => {parent_tid=[6352]}, 88) = 6352 [pid 6333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6333] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6352] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6352] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6352] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6352] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6333] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 141.425704][ T6334] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6333] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6333] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6333] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6353 attached => {parent_tid=[6353]}, 88) = 6353 [pid 6333] rt_sigprocmask(SIG_SETMASK, [], [pid 6353] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6353] <... rseq resumed>) = 0 [pid 6333] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] set_robust_list(0x7f65a9dd79a0, 24 [pid 6333] <... futex resumed>) = 0 [pid 6353] <... set_robust_list resumed>) = 0 [pid 6333] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6353] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6353] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [ 141.515156][ T6334] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6353] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6352] <... ioctl resumed>) = 0 [pid 6352] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6334] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6334] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6334] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] exit_group(0 [pid 6353] <... futex resumed>) = ? [pid 6352] <... futex resumed>) = ? [pid 6334] <... futex resumed>) = ? [pid 6333] <... exit_group resumed>) = ? [pid 6353] +++ exited with 0 +++ [pid 6352] +++ exited with 0 +++ [pid 6334] +++ exited with 0 +++ [pid 6333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6333, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=43 /* 0.43 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 141.647341][ T6334] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 141.670603][ T6334] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 141.760719][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6354 attached , child_tidptr=0x5555561f7690) = 6354 [pid 6354] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6354] chdir("./61") = 0 [pid 6354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6354] setpgid(0, 0) = 0 [pid 6354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6354] write(3, "1000", 4) = 4 [pid 6354] close(3) = 0 [pid 6354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6354] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6354] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6355 attached [pid 6355] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6354] <... clone3 resumed> => {parent_tid=[6355]}, 88) = 6355 [pid 6355] set_robust_list(0x7f65a9e199a0, 24 [pid 6354] rt_sigprocmask(SIG_SETMASK, [], [pid 6355] <... set_robust_list resumed>) = 0 [pid 6355] rt_sigprocmask(SIG_SETMASK, [], [pid 6354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6354] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] memfd_create("syzkaller", 0 [pid 6354] <... futex resumed>) = 0 [pid 6355] <... memfd_create resumed>) = 3 [pid 6354] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6355] munmap(0x7f65a1800000, 138412032) = 0 [pid 6355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6355] close(3) = 0 [pid 6355] mkdir("./file0", 0777) = 0 [ 142.278067][ T6355] loop0: detected capacity change from 0 to 32768 [ 142.293603][ T6355] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6355) [ 142.310331][ T6355] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 142.320594][ T6355] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 142.329903][ T6355] BTRFS info (device loop0): disk space caching is enabled [ 142.353052][ T6355] BTRFS info (device loop0): rebuilding free space tree [ 142.365847][ T6355] BTRFS info (device loop0): disabling free space tree [pid 6355] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6355] chdir("./file0") = 0 [pid 6355] ioctl(4, LOOP_CLR_FD) = 0 [pid 6355] close(4) = 0 [ 142.372900][ T6355] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 142.382676][ T6355] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 142.396181][ T6355] BTRFS info (device loop0): checking UUID tree [pid 6355] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6355] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6354] <... futex resumed>) = 0 [pid 6355] open("./file0", O_RDONLY [pid 6354] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6355] <... open resumed>) = 4 [pid 6355] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6355] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... futex resumed>) = 0 [pid 6354] <... futex resumed>) = 1 [pid 6355] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6354] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6355] <... ioctl resumed>) = 0 [pid 6355] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6355] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6355] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6354] <... futex resumed>) = 0 [ 142.466566][ T6355] BTRFS info (device loop0): balance: start -d -m [ 142.474682][ T6355] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6354] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6354] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6354] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6373 attached => {parent_tid=[6373]}, 88) = 6373 [pid 6373] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6373] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6373] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6354] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... futex resumed>) = 0 [pid 6373] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6373] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6373] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6354] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 142.511696][ T6355] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6354] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6354] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6354] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6374 attached [pid 6374] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6354] <... clone3 resumed> => {parent_tid=[6374]}, 88) = 6374 [pid 6374] <... rseq resumed>) = 0 [pid 6354] rt_sigprocmask(SIG_SETMASK, [], [pid 6374] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6374] rt_sigprocmask(SIG_SETMASK, [], [pid 6354] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6354] <... futex resumed>) = 0 [pid 6374] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 6354] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6374] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6374] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] <... futex resumed>) = 0 [pid 6374] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6373] <... ioctl resumed>) = 0 [pid 6373] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 142.691389][ T6355] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 142.717545][ T6355] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6373] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6355] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6355] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6354] exit_group(0 [pid 6374] <... futex resumed>) = ? [pid 6373] <... futex resumed>) = ? [pid 6355] <... futex resumed>) = ? [pid 6354] <... exit_group resumed>) = ? [pid 6374] +++ exited with 0 +++ [pid 6373] +++ exited with 0 +++ [pid 6355] +++ exited with 0 +++ [ 142.738020][ T6355] BTRFS info (device loop0): balance: ended with status: 0 [pid 6354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6354, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 142.824303][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6375 attached , child_tidptr=0x5555561f7690) = 6375 [pid 6375] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6375] chdir("./62") = 0 [pid 6375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6375] setpgid(0, 0) = 0 [pid 6375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6375] write(3, "1000", 4) = 4 [pid 6375] close(3) = 0 [pid 6375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6375] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6375] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6376 attached [pid 6376] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6375] <... clone3 resumed> => {parent_tid=[6376]}, 88) = 6376 [pid 6376] <... rseq resumed>) = 0 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], [pid 6376] set_robust_list(0x7f65a9e199a0, 24 [pid 6375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6376] <... set_robust_list resumed>) = 0 [pid 6375] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] rt_sigprocmask(SIG_SETMASK, [], [pid 6375] <... futex resumed>) = 0 [pid 6376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6375] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6376] memfd_create("syzkaller", 0) = 3 [pid 6376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6376] munmap(0x7f65a1800000, 138412032) = 0 [pid 6376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6376] close(3) = 0 [pid 6376] mkdir("./file0", 0777) = 0 [ 143.310470][ T6376] loop0: detected capacity change from 0 to 32768 [ 143.325789][ T6376] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6376) [ 143.342333][ T6376] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 143.352550][ T6376] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 143.361830][ T6376] BTRFS info (device loop0): disk space caching is enabled [ 143.384957][ T6376] BTRFS info (device loop0): rebuilding free space tree [ 143.397172][ T6376] BTRFS info (device loop0): disabling free space tree [pid 6376] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6376] chdir("./file0") = 0 [pid 6376] ioctl(4, LOOP_CLR_FD) = 0 [pid 6376] close(4) = 0 [pid 6376] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6376] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] <... futex resumed>) = 0 [ 143.404170][ T6376] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 143.413869][ T6376] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 143.427229][ T6376] BTRFS info (device loop0): checking UUID tree [pid 6375] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6376] <... futex resumed>) = 0 [pid 6376] open("./file0", O_RDONLY [pid 6375] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] <... open resumed>) = 4 [pid 6376] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6376] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = 0 [pid 6375] <... futex resumed>) = 1 [pid 6376] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6375] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6376] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] <... futex resumed>) = 0 [pid 6376] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 143.511866][ T6376] BTRFS info (device loop0): balance: start -d -m [ 143.520762][ T6376] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6375] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6375] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6375] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6394 attached => {parent_tid=[6394]}, 88) = 6394 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6375] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6394] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6394] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6394] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6394] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] <... futex resumed>) = 0 [pid 6394] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 143.552072][ T6376] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6375] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6375] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6375] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6395 attached [pid 6395] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6375] <... clone3 resumed> => {parent_tid=[6395]}, 88) = 6395 [pid 6395] <... rseq resumed>) = 0 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], [pid 6395] set_robust_list(0x7f65a9dd79a0, 24 [pid 6375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6395] <... set_robust_list resumed>) = 0 [pid 6375] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6395] rt_sigprocmask(SIG_SETMASK, [], [pid 6375] <... futex resumed>) = 0 [pid 6395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6375] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6395] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6395] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6395] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6394] <... ioctl resumed>) = 0 [pid 6394] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 143.718330][ T6376] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 143.744121][ T6376] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6394] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6376] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6376] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6376] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] exit_group(0 [pid 6395] <... futex resumed>) = ? [pid 6394] <... futex resumed>) = ? [pid 6376] <... futex resumed>) = ? [pid 6375] <... exit_group resumed>) = ? [pid 6395] +++ exited with 0 +++ [pid 6376] +++ exited with 0 +++ [pid 6394] +++ exited with 0 +++ [pid 6375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6375, si_uid=0, si_status=0, si_utime=0, si_stime=42 /* 0.42 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 143.764918][ T6376] BTRFS info (device loop0): balance: ended with status: 0 [ 143.801717][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6396 attached , child_tidptr=0x5555561f7690) = 6396 [pid 6396] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6396] chdir("./63") = 0 [pid 6396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6396] setpgid(0, 0) = 0 [pid 6396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6396] write(3, "1000", 4) = 4 [pid 6396] close(3) = 0 [pid 6396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6396] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6396] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6397 attached [pid 6397] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6396] <... clone3 resumed> => {parent_tid=[6397]}, 88) = 6397 [pid 6397] set_robust_list(0x7f65a9e199a0, 24 [pid 6396] rt_sigprocmask(SIG_SETMASK, [], [pid 6397] <... set_robust_list resumed>) = 0 [pid 6396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6397] rt_sigprocmask(SIG_SETMASK, [], [pid 6396] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6396] <... futex resumed>) = 0 [pid 6397] memfd_create("syzkaller", 0 [pid 6396] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6397] <... memfd_create resumed>) = 3 [pid 6397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6397] munmap(0x7f65a1800000, 138412032) = 0 [pid 6397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6397] close(3) = 0 [pid 6397] mkdir("./file0", 0777) = 0 [ 144.270263][ T6397] loop0: detected capacity change from 0 to 32768 [ 144.286918][ T6397] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6397) [ 144.302512][ T6397] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 144.312711][ T6397] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 144.321970][ T6397] BTRFS info (device loop0): disk space caching is enabled [ 144.345787][ T6397] BTRFS info (device loop0): rebuilding free space tree [ 144.357982][ T6397] BTRFS info (device loop0): disabling free space tree [pid 6397] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6397] chdir("./file0") = 0 [pid 6397] ioctl(4, LOOP_CLR_FD) = 0 [pid 6397] close(4) = 0 [pid 6397] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] open("./file0", O_RDONLY) = 4 [pid 6397] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6396] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] <... ioctl resumed>) = 0 [pid 6397] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [ 144.365211][ T6397] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 144.374958][ T6397] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 144.388978][ T6397] BTRFS info (device loop0): checking UUID tree [pid 6397] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6396] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6396] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6396] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6396] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[6415]}, 88) = 6415 [pid 6396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6396] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6415 attached [pid 6415] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6415] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6415] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6415] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6415] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 144.438444][ T6397] BTRFS info (device loop0): balance: start -d -m [ 144.447212][ T6397] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 144.477146][ T6397] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6396] <... futex resumed>) = 0 [pid 6415] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6396] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6396] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6396] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6416 attached => {parent_tid=[6416]}, 88) = 6416 [pid 6416] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6396] rt_sigprocmask(SIG_SETMASK, [], [pid 6416] <... rseq resumed>) = 0 [pid 6396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6416] set_robust_list(0x7f65a9dd79a0, 24 [pid 6396] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6416] <... set_robust_list resumed>) = 0 [pid 6396] <... futex resumed>) = 0 [pid 6416] rt_sigprocmask(SIG_SETMASK, [], [pid 6396] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6416] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6416] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6416] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6415] <... ioctl resumed>) = 0 [pid 6415] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 144.681912][ T6397] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 144.707920][ T6397] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6415] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6397] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] exit_group(0 [pid 6416] <... futex resumed>) = ? [pid 6415] <... futex resumed>) = ? [pid 6397] <... futex resumed>) = ? [pid 6396] <... exit_group resumed>) = ? [pid 6416] +++ exited with 0 +++ [pid 6415] +++ exited with 0 +++ [pid 6397] +++ exited with 0 +++ [pid 6396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6396, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 144.729071][ T6397] BTRFS info (device loop0): balance: ended with status: 0 [ 144.756589][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6417 attached , child_tidptr=0x5555561f7690) = 6417 [pid 6417] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6417] chdir("./64") = 0 [pid 6417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6417] setpgid(0, 0) = 0 [pid 6417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6417] write(3, "1000", 4) = 4 [pid 6417] close(3) = 0 [pid 6417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6417] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6417] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6417] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6418 attached [pid 6418] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6417] <... clone3 resumed> => {parent_tid=[6418]}, 88) = 6418 [pid 6418] set_robust_list(0x7f65a9e199a0, 24 [pid 6417] rt_sigprocmask(SIG_SETMASK, [], [pid 6418] <... set_robust_list resumed>) = 0 [pid 6417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6418] rt_sigprocmask(SIG_SETMASK, [], [pid 6417] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6417] <... futex resumed>) = 0 [pid 6418] memfd_create("syzkaller", 0 [pid 6417] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6418] <... memfd_create resumed>) = 3 [pid 6418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6418] munmap(0x7f65a1800000, 138412032) = 0 [pid 6418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6418] close(3) = 0 [pid 6418] mkdir("./file0", 0777) = 0 [ 145.246106][ T6418] loop0: detected capacity change from 0 to 32768 [ 145.261879][ T6418] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6418) [ 145.279416][ T6418] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 145.289681][ T6418] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 145.299118][ T6418] BTRFS info (device loop0): disk space caching is enabled [ 145.323418][ T6418] BTRFS info (device loop0): rebuilding free space tree [ 145.335848][ T6418] BTRFS info (device loop0): disabling free space tree [pid 6418] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6418] chdir("./file0") = 0 [pid 6418] ioctl(4, LOOP_CLR_FD) = 0 [pid 6418] close(4) = 0 [pid 6418] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6418] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6417] <... futex resumed>) = 0 [pid 6418] open("./file0", O_RDONLY [pid 6417] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... open resumed>) = 4 [pid 6418] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6418] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6417] <... futex resumed>) = 0 [pid 6418] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6417] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... ioctl resumed>) = 0 [pid 6418] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6418] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6417] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 145.343165][ T6418] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 145.353521][ T6418] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 145.367479][ T6418] BTRFS info (device loop0): checking UUID tree [ 145.413240][ T6418] BTRFS info (device loop0): balance: start -d -m [ 145.424193][ T6418] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6417] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6417] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6417] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6436 attached [pid 6436] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6436] set_robust_list(0x7f65a9df89a0, 24 [pid 6417] <... clone3 resumed> => {parent_tid=[6436]}, 88) = 6436 [pid 6436] <... set_robust_list resumed>) = 0 [pid 6417] rt_sigprocmask(SIG_SETMASK, [], [pid 6436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6436] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6417] <... futex resumed>) = 0 [pid 6417] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6436] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6436] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6436] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6417] <... futex resumed>) = 0 [pid 6417] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = 0 [pid 6417] <... futex resumed>) = 1 [pid 6417] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 145.460569][ T6418] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6436] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6417] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6417] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6417] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[6437]}, 88) = 6437 [pid 6417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6417] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6437 attached [pid 6437] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6437] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6437] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6437] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6437] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6436] <... ioctl resumed>) = 0 [pid 6436] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 145.642793][ T6418] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 145.680786][ T6418] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6436] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6418] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6418] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] exit_group(0 [pid 6418] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6436] <... futex resumed>) = ? [pid 6437] <... futex resumed>) = ? [pid 6436] +++ exited with 0 +++ [pid 6437] +++ exited with 0 +++ [pid 6417] <... exit_group resumed>) = ? [pid 6418] <... futex resumed>) = ? [pid 6418] +++ exited with 0 +++ [pid 6417] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6417, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=41 /* 0.41 s */} --- [ 145.702685][ T6418] BTRFS info (device loop0): balance: ended with status: 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 [ 145.812673][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6438 attached , child_tidptr=0x5555561f7690) = 6438 [pid 6438] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6438] chdir("./65") = 0 [pid 6438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6438] setpgid(0, 0) = 0 [pid 6438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6438] write(3, "1000", 4) = 4 [pid 6438] close(3) = 0 [pid 6438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6438] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6438] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6438] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6438] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6439 attached [pid 6439] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6438] <... clone3 resumed> => {parent_tid=[6439]}, 88) = 6439 [pid 6439] <... rseq resumed>) = 0 [pid 6438] rt_sigprocmask(SIG_SETMASK, [], [pid 6439] set_robust_list(0x7f65a9e199a0, 24 [pid 6438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6439] <... set_robust_list resumed>) = 0 [pid 6438] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] rt_sigprocmask(SIG_SETMASK, [], [pid 6438] <... futex resumed>) = 0 [pid 6439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6438] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6439] memfd_create("syzkaller", 0) = 3 [pid 6439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6439] munmap(0x7f65a1800000, 138412032) = 0 [pid 6439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6439] close(3) = 0 [pid 6439] mkdir("./file0", 0777) = 0 [ 146.148554][ T6439] loop0: detected capacity change from 0 to 32768 [ 146.168954][ T6439] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6439) [ 146.184243][ T6439] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 146.194517][ T6439] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 146.203821][ T6439] BTRFS info (device loop0): disk space caching is enabled [ 146.227499][ T6439] BTRFS info (device loop0): rebuilding free space tree [ 146.239953][ T6439] BTRFS info (device loop0): disabling free space tree [pid 6439] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6439] chdir("./file0") = 0 [pid 6439] ioctl(4, LOOP_CLR_FD) = 0 [pid 6439] close(4) = 0 [pid 6439] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6438] <... futex resumed>) = 0 [pid 6438] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6438] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... futex resumed>) = 1 [pid 6439] open("./file0", O_RDONLY) = 4 [pid 6439] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6438] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6438] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6439] <... ioctl resumed>) = 0 [pid 6439] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6438] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6438] <... futex resumed>) = 0 [ 146.246889][ T6439] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 146.256931][ T6439] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 146.270982][ T6439] BTRFS info (device loop0): checking UUID tree [pid 6438] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6438] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6438] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6457 attached [pid 6457] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6438] <... clone3 resumed> => {parent_tid=[6457]}, 88) = 6457 [pid 6457] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6438] rt_sigprocmask(SIG_SETMASK, [], [pid 6457] rt_sigprocmask(SIG_SETMASK, [], [pid 6438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6438] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] openat(AT_FDCWD, ".", O_RDONLY [pid 6438] <... futex resumed>) = 0 [pid 6457] <... openat resumed>) = 5 [pid 6438] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6457] <... futex resumed>) = 0 [pid 6438] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6438] <... futex resumed>) = 0 [ 146.313863][ T6439] BTRFS info (device loop0): balance: start -d -m [ 146.323166][ T6439] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 146.351875][ T6439] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6438] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6438] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6438] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6458 attached => {parent_tid=[6458]}, 88) = 6458 [pid 6438] rt_sigprocmask(SIG_SETMASK, [], [pid 6458] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6458] <... rseq resumed>) = 0 [pid 6438] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] set_robust_list(0x7f65a9dd79a0, 24 [pid 6438] <... futex resumed>) = 0 [pid 6458] <... set_robust_list resumed>) = 0 [pid 6438] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6458] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6458] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6458] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6457] <... ioctl resumed>) = 0 [pid 6457] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6439] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 6439] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] exit_group(0 [pid 6458] <... futex resumed>) = ? [pid 6457] <... futex resumed>) = ? [pid 6439] <... futex resumed>) = ? [pid 6438] <... exit_group resumed>) = ? [pid 6458] +++ exited with 0 +++ [pid 6457] +++ exited with 0 +++ [pid 6439] +++ exited with 0 +++ [pid 6438] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6438, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 146.551346][ T6439] BTRFS info (device loop0): 1 enospc errors during balance [ 146.559527][ T6439] BTRFS info (device loop0): balance: ended with status: -28 [ 146.586964][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6459 attached , child_tidptr=0x5555561f7690) = 6459 [pid 6459] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6459] chdir("./66") = 0 [pid 6459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6459] setpgid(0, 0) = 0 [pid 6459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6459] write(3, "1000", 4) = 4 [pid 6459] close(3) = 0 [pid 6459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6459] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6459] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6460 attached [pid 6460] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6459] <... clone3 resumed> => {parent_tid=[6460]}, 88) = 6460 [pid 6460] set_robust_list(0x7f65a9e199a0, 24 [pid 6459] rt_sigprocmask(SIG_SETMASK, [], [pid 6460] <... set_robust_list resumed>) = 0 [pid 6459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6460] rt_sigprocmask(SIG_SETMASK, [], [pid 6459] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6459] <... futex resumed>) = 0 [pid 6460] memfd_create("syzkaller", 0 [pid 6459] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6460] <... memfd_create resumed>) = 3 [pid 6460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6460] munmap(0x7f65a1800000, 138412032) = 0 [pid 6460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6460] close(3) = 0 [pid 6460] mkdir("./file0", 0777) = 0 [ 147.053885][ T6460] loop0: detected capacity change from 0 to 32768 [ 147.079290][ T6460] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6460) [ 147.095447][ T6460] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 147.105722][ T6460] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 147.115435][ T6460] BTRFS info (device loop0): disk space caching is enabled [ 147.140018][ T6460] BTRFS info (device loop0): rebuilding free space tree [pid 6460] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6460] chdir("./file0") = 0 [pid 6460] ioctl(4, LOOP_CLR_FD) = 0 [pid 6460] close(4) = 0 [pid 6460] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6460] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6459] <... futex resumed>) = 1 [pid 6460] open("./file0", O_RDONLY [pid 6459] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] <... open resumed>) = 4 [ 147.153749][ T6460] BTRFS info (device loop0): disabling free space tree [ 147.161021][ T6460] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 147.170731][ T6460] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 147.184030][ T6460] BTRFS info (device loop0): checking UUID tree [pid 6460] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6460] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6460] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6459] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] <... ioctl resumed>) = 0 [pid 6460] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6460] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6459] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6459] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6459] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[6478]}, 88) = 6478 [pid 6459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6459] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6478 attached [pid 6478] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6478] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6478] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6478] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6478] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6459] <... futex resumed>) = 0 [pid 6478] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 147.273674][ T6460] BTRFS info (device loop0): balance: start -d -m [ 147.284538][ T6460] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 147.310080][ T6460] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6459] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6459] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6459] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[6479]}, 88) = 6479 [pid 6459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6459] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6479 attached [pid 6479] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6479] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6479] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6479] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6479] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6478] <... ioctl resumed>) = 0 [pid 6478] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 147.507934][ T6460] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 147.534911][ T6460] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6478] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6460] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6460] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] exit_group(0 [pid 6479] <... futex resumed>) = ? [pid 6478] <... futex resumed>) = ? [pid 6460] <... futex resumed>) = ? [pid 6459] <... exit_group resumed>) = ? [pid 6479] +++ exited with 0 +++ [pid 6478] +++ exited with 0 +++ [pid 6460] +++ exited with 0 +++ [pid 6459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6459, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- [ 147.555936][ T6460] BTRFS info (device loop0): balance: ended with status: 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 [ 147.672507][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6480 attached , child_tidptr=0x5555561f7690) = 6480 [pid 6480] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6480] chdir("./67") = 0 [pid 6480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6480] setpgid(0, 0) = 0 [pid 6480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6480] write(3, "1000", 4) = 4 [pid 6480] close(3) = 0 [pid 6480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6480] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6480] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6481 attached => {parent_tid=[6481]}, 88) = 6481 [pid 6480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6481] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6480] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] set_robust_list(0x7f65a9e199a0, 24 [pid 6480] <... futex resumed>) = 0 [pid 6481] <... set_robust_list resumed>) = 0 [pid 6480] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6481] memfd_create("syzkaller", 0) = 3 [pid 6481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6481] munmap(0x7f65a1800000, 138412032) = 0 [pid 6481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6481] close(3) = 0 [pid 6481] mkdir("./file0", 0777) = 0 [ 148.179136][ T6481] loop0: detected capacity change from 0 to 32768 [ 148.193964][ T6481] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6481) [ 148.210401][ T6481] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 148.220767][ T6481] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 148.230687][ T6481] BTRFS info (device loop0): disk space caching is enabled [ 148.254883][ T6481] BTRFS info (device loop0): rebuilding free space tree [ 148.267632][ T6481] BTRFS info (device loop0): disabling free space tree [pid 6481] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6481] chdir("./file0") = 0 [pid 6481] ioctl(4, LOOP_CLR_FD) = 0 [pid 6481] close(4) = 0 [ 148.274629][ T6481] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 148.284334][ T6481] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 148.297402][ T6481] BTRFS info (device loop0): checking UUID tree [pid 6481] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6481] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6480] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] open("./file0", O_RDONLY) = 4 [pid 6481] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6480] <... futex resumed>) = 0 [pid 6481] <... ioctl resumed>) = 0 [pid 6480] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6481] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6481] <... futex resumed>) = 0 [pid 6480] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6480] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6480] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6480] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6499 attached [pid 6499] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6480] <... clone3 resumed> => {parent_tid=[6499]}, 88) = 6499 [pid 6499] <... rseq resumed>) = 0 [pid 6480] rt_sigprocmask(SIG_SETMASK, [], [pid 6499] set_robust_list(0x7f65a9df89a0, 24 [pid 6480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6499] <... set_robust_list resumed>) = 0 [pid 6480] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] rt_sigprocmask(SIG_SETMASK, [], [pid 6480] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6499] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6499] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6499] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6480] <... futex resumed>) = 0 [pid 6499] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 148.387957][ T6481] BTRFS info (device loop0): balance: start -d -m [ 148.396520][ T6481] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 148.422656][ T6481] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6480] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6480] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6480] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[6500]}, 88) = 6500 [pid 6480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6480] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6500 attached [pid 6500] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6500] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6500] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6500] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6500] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6499] <... ioctl resumed>) = 0 [pid 6499] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 148.600514][ T6481] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 148.630383][ T6481] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6499] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6481] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6481] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] exit_group(0 [pid 6500] <... futex resumed>) = ? [pid 6499] <... futex resumed>) = ? [pid 6500] +++ exited with 0 +++ [pid 6499] +++ exited with 0 +++ [pid 6480] <... exit_group resumed>) = ? [pid 6481] <... futex resumed>) = ? [pid 6481] +++ exited with 0 +++ [pid 6480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6480, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=37 /* 0.37 s */} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 148.651238][ T6481] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 148.729924][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6501 attached , child_tidptr=0x5555561f7690) = 6501 [pid 6501] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6501] chdir("./68") = 0 [pid 6501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6501] setpgid(0, 0) = 0 [pid 6501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6501] write(3, "1000", 4) = 4 [pid 6501] close(3) = 0 [pid 6501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6501] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6501] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0} => {parent_tid=[6502]}, 88) = 6502 ./strace-static-x86_64: Process 6502 attached [pid 6501] rt_sigprocmask(SIG_SETMASK, [], [pid 6502] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6502] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6501] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] rt_sigprocmask(SIG_SETMASK, [], [pid 6501] <... futex resumed>) = 0 [pid 6502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6501] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6502] memfd_create("syzkaller", 0) = 3 [pid 6502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6502] munmap(0x7f65a1800000, 138412032) = 0 [pid 6502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6502] close(3) = 0 [pid 6502] mkdir("./file0", 0777) = 0 [ 149.362287][ T6502] loop0: detected capacity change from 0 to 32768 [ 149.372322][ T6502] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6502) [ 149.387194][ T6502] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 149.397531][ T6502] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 149.406836][ T6502] BTRFS info (device loop0): disk space caching is enabled [ 149.430242][ T6502] BTRFS info (device loop0): rebuilding free space tree [ 149.443713][ T6502] BTRFS info (device loop0): disabling free space tree [ 149.450725][ T6502] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6502] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6502] chdir("./file0") = 0 [pid 6502] ioctl(4, LOOP_CLR_FD) = 0 [pid 6502] close(4) = 0 [pid 6502] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] open("./file0", O_RDONLY [pid 6501] <... futex resumed>) = 0 [pid 6502] <... open resumed>) = 4 [ 149.461035][ T6502] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 149.474341][ T6502] BTRFS info (device loop0): checking UUID tree [pid 6502] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... futex resumed>) = 0 [pid 6501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6502] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6501] <... futex resumed>) = 0 [pid 6502] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6501] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... ioctl resumed>) = 0 [pid 6502] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6502] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] <... futex resumed>) = 0 [pid 6501] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] <... futex resumed>) = 0 [pid 6501] <... futex resumed>) = 1 [pid 6502] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6501] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6501] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6501] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6520 attached => {parent_tid=[6520]}, 88) = 6520 [ 149.549544][ T6502] BTRFS info (device loop0): balance: start -d -m [ 149.561418][ T6502] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 149.586613][ T6502] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6520] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6520] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6520] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6501] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6520] <... futex resumed>) = 0 [pid 6501] <... futex resumed>) = 1 [pid 6520] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6520] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] <... futex resumed>) = 0 [pid 6520] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6501] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6501] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6520] <... futex resumed>) = 0 [pid 6520] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6501] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6501] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6501] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [ 149.641812][ T6502] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[6521]}, 88) = 6521 [pid 6501] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6521 attached NULL, 8) = 0 [pid 6521] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6521] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6501] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6521] rt_sigprocmask(SIG_SETMASK, [], [pid 6501] <... futex resumed>) = 0 [pid 6521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6521] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 6501] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6521] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6521] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6501] <... futex resumed>) = 0 [pid 6521] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6520] <... ioctl resumed>) = 0 [pid 6520] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6520] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6502] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6502] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6502] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6501] exit_group(0 [pid 6521] <... futex resumed>) = ? [pid 6520] <... futex resumed>) = ? [pid 6521] +++ exited with 0 +++ [pid 6520] +++ exited with 0 +++ [pid 6502] <... futex resumed>) = ? [pid 6501] <... exit_group resumed>) = ? [pid 6502] +++ exited with 0 +++ [pid 6501] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6501, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=45 /* 0.45 s */} --- [ 149.803876][ T6502] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 149.824935][ T6502] BTRFS info (device loop0): balance: ended with status: 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 [ 149.961046][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6522 attached , child_tidptr=0x5555561f7690) = 6522 [pid 6522] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6522] chdir("./69") = 0 [pid 6522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6522] setpgid(0, 0) = 0 [pid 6522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6522] write(3, "1000", 4) = 4 [pid 6522] close(3) = 0 [pid 6522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6522] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6522] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6522] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6523 attached [pid 6523] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6523] set_robust_list(0x7f65a9e199a0, 24 [pid 6522] <... clone3 resumed> => {parent_tid=[6523]}, 88) = 6523 [pid 6523] <... set_robust_list resumed>) = 0 [pid 6522] rt_sigprocmask(SIG_SETMASK, [], [pid 6523] rt_sigprocmask(SIG_SETMASK, [], [pid 6522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6522] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] memfd_create("syzkaller", 0 [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6523] <... memfd_create resumed>) = 3 [pid 6523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6523] munmap(0x7f65a1800000, 138412032) = 0 [pid 6523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6523] close(3) = 0 [pid 6523] mkdir("./file0", 0777) = 0 [ 150.423200][ T6523] loop0: detected capacity change from 0 to 32768 [ 150.438677][ T6523] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6523) [ 150.454685][ T6523] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 150.464921][ T6523] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 150.474492][ T6523] BTRFS info (device loop0): disk space caching is enabled [ 150.497484][ T6523] BTRFS info (device loop0): rebuilding free space tree [ 150.510251][ T6523] BTRFS info (device loop0): disabling free space tree [pid 6523] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6523] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6523] chdir("./file0") = 0 [pid 6523] ioctl(4, LOOP_CLR_FD) = 0 [pid 6523] close(4) = 0 [pid 6523] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 150.517192][ T6523] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 150.527152][ T6523] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 150.540699][ T6523] BTRFS info (device loop0): checking UUID tree [pid 6523] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] <... futex resumed>) = 0 [pid 6522] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] <... futex resumed>) = 0 [pid 6522] <... futex resumed>) = 1 [pid 6523] open("./file0", O_RDONLY [pid 6522] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6523] <... open resumed>) = 4 [pid 6523] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6522] <... futex resumed>) = 0 [pid 6523] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6522] <... futex resumed>) = 0 [pid 6523] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6522] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6523] <... ioctl resumed>) = 0 [pid 6523] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6522] <... futex resumed>) = 0 [pid 6523] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6522] <... futex resumed>) = 0 [pid 6523] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6522] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6522] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6522] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6541 attached => {parent_tid=[6541]}, 88) = 6541 [pid 6522] rt_sigprocmask(SIG_SETMASK, [], [pid 6541] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6541] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6541] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6522] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6541] <... futex resumed>) = 0 [pid 6541] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6541] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6541] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 150.633649][ T6523] BTRFS info (device loop0): balance: start -d -m [ 150.646224][ T6523] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 150.673206][ T6523] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6522] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6541] <... futex resumed>) = 0 [pid 6522] <... futex resumed>) = 1 [pid 6541] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6522] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6522] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6522] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6542 attached => {parent_tid=[6542]}, 88) = 6542 [pid 6522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6522] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6522] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6542] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6542] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6542] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6542] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6522] <... futex resumed>) = 0 [ 150.781367][ T6523] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6542] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6541] <... ioctl resumed>) = 0 [pid 6541] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6541] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6523] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6523] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] exit_group(0 [pid 6542] <... futex resumed>) = ? [pid 6541] <... futex resumed>) = ? [pid 6522] <... exit_group resumed>) = ? [pid 6542] +++ exited with 0 +++ [pid 6541] +++ exited with 0 +++ [pid 6523] <... futex resumed>) = ? [pid 6523] +++ exited with 0 +++ [pid 6522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6522, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=43 /* 0.43 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 150.870892][ T6523] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 150.892054][ T6523] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 [ 150.986727][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6543 attached , child_tidptr=0x5555561f7690) = 6543 [pid 6543] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6543] chdir("./70") = 0 [pid 6543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6543] setpgid(0, 0) = 0 [pid 6543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6543] write(3, "1000", 4) = 4 [pid 6543] close(3) = 0 [pid 6543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6543] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6543] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6543] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6544 attached [pid 6544] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6543] <... clone3 resumed> => {parent_tid=[6544]}, 88) = 6544 [pid 6544] set_robust_list(0x7f65a9e199a0, 24 [pid 6543] rt_sigprocmask(SIG_SETMASK, [], [pid 6544] <... set_robust_list resumed>) = 0 [pid 6543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6544] rt_sigprocmask(SIG_SETMASK, [], [pid 6543] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6543] <... futex resumed>) = 0 [pid 6544] memfd_create("syzkaller", 0 [pid 6543] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6544] <... memfd_create resumed>) = 3 [pid 6544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6544] munmap(0x7f65a1800000, 138412032) = 0 [pid 6544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6544] close(3) = 0 [pid 6544] mkdir("./file0", 0777) = 0 [ 151.416924][ T6544] loop0: detected capacity change from 0 to 32768 [ 151.442491][ T6544] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6544) [ 151.459821][ T6544] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 151.470628][ T6544] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 151.480041][ T6544] BTRFS info (device loop0): disk space caching is enabled [ 151.503106][ T6544] BTRFS info (device loop0): rebuilding free space tree [pid 6544] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6544] chdir("./file0") = 0 [pid 6544] ioctl(4, LOOP_CLR_FD) = 0 [pid 6544] close(4) = 0 [pid 6544] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6544] open("./file0", O_RDONLY [pid 6543] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] <... open resumed>) = 4 [pid 6544] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6543] <... futex resumed>) = 0 [pid 6544] <... futex resumed>) = 1 [pid 6543] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6544] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6543] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6544] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6544] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6543] <... futex resumed>) = 0 [pid 6544] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 151.515873][ T6544] BTRFS info (device loop0): disabling free space tree [ 151.523098][ T6544] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 151.532795][ T6544] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 151.546152][ T6544] BTRFS info (device loop0): checking UUID tree [pid 6543] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6543] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6543] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[6562]}, 88) = 6562 [pid 6543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6543] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6562 attached [pid 6562] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6562] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6562] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6562] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 151.599891][ T6544] BTRFS info (device loop0): balance: start -d -m [ 151.611460][ T6544] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 151.638017][ T6544] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6562] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6543] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6543] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6543] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6543] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[6563]}, 88) = 6563 [pid 6543] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6563 attached NULL, 8) = 0 [pid 6563] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6543] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6563] <... rseq resumed>) = 0 [pid 6543] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6563] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6563] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6563] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6563] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6562] <... ioctl resumed>) = 0 [pid 6562] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 151.840938][ T6544] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 151.875187][ T6544] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6562] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6544] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6544] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6543] exit_group(0 [pid 6544] <... futex resumed>) = 0 [pid 6563] <... futex resumed>) = ? [pid 6562] <... futex resumed>) = ? [pid 6543] <... exit_group resumed>) = ? [pid 6563] +++ exited with 0 +++ [pid 6562] +++ exited with 0 +++ [pid 6544] +++ exited with 0 +++ [pid 6543] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6543, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 [ 151.896027][ T6544] BTRFS info (device loop0): balance: ended with status: 0 [ 151.953685][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6564 attached , child_tidptr=0x5555561f7690) = 6564 [pid 6564] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6564] chdir("./71") = 0 [pid 6564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6564] setpgid(0, 0) = 0 [pid 6564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6564] write(3, "1000", 4) = 4 [pid 6564] close(3) = 0 [pid 6564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6564] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6564] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6564] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6565 attached => {parent_tid=[6565]}, 88) = 6565 [pid 6565] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6565] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6564] rt_sigprocmask(SIG_SETMASK, [], [pid 6565] rt_sigprocmask(SIG_SETMASK, [], [pid 6564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6564] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] memfd_create("syzkaller", 0 [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6565] <... memfd_create resumed>) = 3 [pid 6565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6565] munmap(0x7f65a1800000, 138412032) = 0 [pid 6565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6565] close(3) = 0 [pid 6565] mkdir("./file0", 0777) = 0 [ 152.374973][ T6565] loop0: detected capacity change from 0 to 32768 [ 152.389906][ T6565] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6565) [ 152.406562][ T6565] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 152.416808][ T6565] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 152.426083][ T6565] BTRFS info (device loop0): disk space caching is enabled [ 152.448751][ T6565] BTRFS info (device loop0): rebuilding free space tree [ 152.463942][ T6565] BTRFS info (device loop0): disabling free space tree [pid 6565] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6565] chdir("./file0") = 0 [pid 6565] ioctl(4, LOOP_CLR_FD) = 0 [pid 6565] close(4) = 0 [pid 6565] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] open("./file0", O_RDONLY [pid 6564] <... futex resumed>) = 0 [pid 6565] <... open resumed>) = 4 [pid 6564] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6565] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6564] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] <... ioctl resumed>) = 0 [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6565] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6564] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6565] <... futex resumed>) = 0 [ 152.470918][ T6565] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 152.480892][ T6565] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 152.494849][ T6565] BTRFS info (device loop0): checking UUID tree [pid 6564] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6564] <... futex resumed>) = 0 [pid 6564] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6564] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6564] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6583 attached => {parent_tid=[6583]}, 88) = 6583 [pid 6564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 152.568405][ T6565] BTRFS info (device loop0): balance: start -d -m [ 152.580628][ T6565] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6564] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6583] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6564] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6583] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6583] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] <... futex resumed>) = 0 [pid 6583] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6564] <... futex resumed>) = 0 [pid 6583] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 152.618290][ T6565] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6564] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6564] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6564] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6584 attached [pid 6584] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6564] <... clone3 resumed> => {parent_tid=[6584]}, 88) = 6584 [pid 6584] <... rseq resumed>) = 0 [pid 6564] rt_sigprocmask(SIG_SETMASK, [], [pid 6584] set_robust_list(0x7f65a9dd79a0, 24 [pid 6564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6584] <... set_robust_list resumed>) = 0 [pid 6564] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] rt_sigprocmask(SIG_SETMASK, [], [pid 6564] <... futex resumed>) = 0 [pid 6584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6564] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6584] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6584] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] <... futex resumed>) = 0 [pid 6584] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6583] <... ioctl resumed>) = 0 [pid 6583] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6583] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6565] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 6565] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6564] exit_group(0 [pid 6584] <... futex resumed>) = ? [pid 6583] <... futex resumed>) = ? [pid 6565] <... futex resumed>) = ? [pid 6564] <... exit_group resumed>) = ? [pid 6584] +++ exited with 0 +++ [pid 6583] +++ exited with 0 +++ [pid 6565] +++ exited with 0 +++ [pid 6564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6564, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 152.803995][ T6565] BTRFS info (device loop0): 1 enospc errors during balance [ 152.811471][ T6565] BTRFS info (device loop0): balance: ended with status: -28 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 152.890900][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6585 attached , child_tidptr=0x5555561f7690) = 6585 [pid 6585] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6585] chdir("./72") = 0 [pid 6585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6585] setpgid(0, 0) = 0 [pid 6585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6585] write(3, "1000", 4) = 4 [pid 6585] close(3) = 0 [pid 6585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6585] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6585] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6585] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6586 attached [pid 6586] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6585] <... clone3 resumed> => {parent_tid=[6586]}, 88) = 6586 [pid 6586] <... rseq resumed>) = 0 [pid 6585] rt_sigprocmask(SIG_SETMASK, [], [pid 6586] set_robust_list(0x7f65a9e199a0, 24 [pid 6585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6586] <... set_robust_list resumed>) = 0 [pid 6585] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] rt_sigprocmask(SIG_SETMASK, [], [pid 6585] <... futex resumed>) = 0 [pid 6586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6585] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6586] memfd_create("syzkaller", 0) = 3 [pid 6586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6586] munmap(0x7f65a1800000, 138412032) = 0 [pid 6586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6586] close(3) = 0 [pid 6586] mkdir("./file0", 0777) = 0 [ 153.362780][ T6586] loop0: detected capacity change from 0 to 32768 [ 153.377769][ T6586] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6586) [ 153.394445][ T6586] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 153.404735][ T6586] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 153.414058][ T6586] BTRFS info (device loop0): disk space caching is enabled [ 153.437612][ T6586] BTRFS info (device loop0): rebuilding free space tree [ 153.451459][ T6586] BTRFS info (device loop0): disabling free space tree [pid 6586] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6586] chdir("./file0") = 0 [pid 6586] ioctl(4, LOOP_CLR_FD) = 0 [pid 6586] close(4) = 0 [ 153.458384][ T6586] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 153.468178][ T6586] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 153.481792][ T6586] BTRFS info (device loop0): checking UUID tree [pid 6586] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6586] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] <... futex resumed>) = 0 [pid 6585] <... futex resumed>) = 1 [pid 6585] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6586] open("./file0", O_RDONLY) = 4 [pid 6586] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6586] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6586] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6585] <... futex resumed>) = 0 [pid 6586] <... ioctl resumed>) = 0 [pid 6585] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6586] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6586] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6585] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 153.533712][ T6586] BTRFS info (device loop0): balance: start -d -m [ 153.545310][ T6586] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 153.570111][ T6586] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6585] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6585] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6585] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6604 attached => {parent_tid=[6604]}, 88) = 6604 [pid 6585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6585] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6585] <... futex resumed>) = 0 [pid 6585] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6604] <... rseq resumed>) = 0 [pid 6604] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6604] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6604] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6604] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6585] <... futex resumed>) = 0 [pid 6604] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 153.622235][ T6586] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6585] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6585] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6585] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6585] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[6605]}, 88) = 6605 [pid 6585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6585] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6605 attached [pid 6605] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6605] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6605] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6605] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6605] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 0 [pid 6605] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6604] <... ioctl resumed>) = 0 [pid 6604] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6604] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6586] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6586] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6586] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6585] exit_group(0 [pid 6604] <... futex resumed>) = ? [pid 6604] +++ exited with 0 +++ [pid 6605] <... futex resumed>) = ? [pid 6605] +++ exited with 0 +++ [pid 6585] <... exit_group resumed>) = ? [pid 6586] <... futex resumed>) = ? [pid 6586] +++ exited with 0 +++ [pid 6585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6585, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=36 /* 0.36 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 153.786268][ T6586] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 153.817060][ T6586] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 [ 153.911438][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6606 attached [pid 6606] set_robust_list(0x5555561f76a0, 24) = 0 [pid 5064] <... clone resumed>, child_tidptr=0x5555561f7690) = 6606 [pid 6606] chdir("./73") = 0 [pid 6606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6606] setpgid(0, 0) = 0 [pid 6606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6606] write(3, "1000", 4) = 4 [pid 6606] close(3) = 0 [pid 6606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6606] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6606] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6607 attached => {parent_tid=[6607]}, 88) = 6607 [pid 6606] rt_sigprocmask(SIG_SETMASK, [], [pid 6607] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6607] set_robust_list(0x7f65a9e199a0, 24 [pid 6606] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... set_robust_list resumed>) = 0 [pid 6606] <... futex resumed>) = 0 [pid 6607] rt_sigprocmask(SIG_SETMASK, [], [pid 6606] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6607] memfd_create("syzkaller", 0) = 3 [pid 6607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6607] munmap(0x7f65a1800000, 138412032) = 0 [pid 6607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6607] close(3) = 0 [pid 6607] mkdir("./file0", 0777) = 0 [ 154.365237][ T6607] loop0: detected capacity change from 0 to 32768 [ 154.389600][ T6607] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6607) [ 154.405493][ T6607] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 154.415772][ T6607] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 154.425052][ T6607] BTRFS info (device loop0): disk space caching is enabled [ 154.448602][ T6607] BTRFS info (device loop0): rebuilding free space tree [pid 6607] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6607] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6607] chdir("./file0") = 0 [pid 6607] ioctl(4, LOOP_CLR_FD) = 0 [pid 6607] close(4) = 0 [pid 6607] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6606] <... futex resumed>) = 0 [pid 6607] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6607] open("./file0", O_RDONLY) = 4 [pid 6607] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6606] <... futex resumed>) = 0 [pid 6607] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6606] <... futex resumed>) = 0 [pid 6607] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6606] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6607] <... ioctl resumed>) = 0 [pid 6607] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6606] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6606] <... futex resumed>) = 0 [ 154.460954][ T6607] BTRFS info (device loop0): disabling free space tree [ 154.468010][ T6607] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 154.477939][ T6607] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 154.491610][ T6607] BTRFS info (device loop0): checking UUID tree [pid 6606] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6606] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6606] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6625 attached [pid 6625] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6606] <... clone3 resumed> => {parent_tid=[6625]}, 88) = 6625 [pid 6606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6606] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] <... rseq resumed>) = 0 [pid 6625] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6625] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6625] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6606] <... futex resumed>) = 0 [pid 6625] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6606] <... futex resumed>) = 0 [pid 6625] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 154.527473][ T6607] BTRFS info (device loop0): balance: start -d -m [ 154.537864][ T6607] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 154.564198][ T6607] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6606] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6606] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6606] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6626 attached [pid 6626] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6606] <... clone3 resumed> => {parent_tid=[6626]}, 88) = 6626 [pid 6626] <... rseq resumed>) = 0 [pid 6606] rt_sigprocmask(SIG_SETMASK, [], [pid 6626] set_robust_list(0x7f65a9dd79a0, 24 [pid 6606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6626] <... set_robust_list resumed>) = 0 [pid 6626] rt_sigprocmask(SIG_SETMASK, [], [pid 6606] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6606] <... futex resumed>) = 0 [pid 6626] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6626] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6626] <... futex resumed>) = 0 [pid 6626] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6625] <... ioctl resumed>) = 0 [pid 6625] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 154.751769][ T6607] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6625] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6607] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6607] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6607] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6606] exit_group(0 [pid 6626] <... futex resumed>) = ? [pid 6625] <... futex resumed>) = ? [pid 6607] <... futex resumed>) = ? [pid 6626] +++ exited with 0 +++ [pid 6625] +++ exited with 0 +++ [pid 6607] +++ exited with 0 +++ [pid 6606] <... exit_group resumed>) = ? [pid 6606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6606, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=42 /* 0.42 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 154.800566][ T6607] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 154.822160][ T6607] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 [ 154.894830][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6627 attached , child_tidptr=0x5555561f7690) = 6627 [pid 6627] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6627] chdir("./74") = 0 [pid 6627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6627] setpgid(0, 0) = 0 [pid 6627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6627] write(3, "1000", 4) = 4 [pid 6627] close(3) = 0 [pid 6627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6627] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6627] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0} => {parent_tid=[6628]}, 88) = 6628 [pid 6627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6628 attached [pid 6628] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6627] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... rseq resumed>) = 0 [pid 6627] <... futex resumed>) = 0 [pid 6628] set_robust_list(0x7f65a9e199a0, 24 [pid 6627] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6628] <... set_robust_list resumed>) = 0 [pid 6628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6628] memfd_create("syzkaller", 0) = 3 [pid 6628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6628] munmap(0x7f65a1800000, 138412032) = 0 [pid 6628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6628] close(3) = 0 [pid 6628] mkdir("./file0", 0777) = 0 [ 155.322032][ T6628] loop0: detected capacity change from 0 to 32768 [ 155.335783][ T6628] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6628) [ 155.352743][ T6628] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 155.363066][ T6628] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 155.372341][ T6628] BTRFS info (device loop0): disk space caching is enabled [ 155.395896][ T6628] BTRFS info (device loop0): rebuilding free space tree [ 155.408403][ T6628] BTRFS info (device loop0): disabling free space tree [pid 6628] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6628] chdir("./file0") = 0 [pid 6628] ioctl(4, LOOP_CLR_FD) = 0 [pid 6628] close(4) = 0 [pid 6628] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6628] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6628] open("./file0", O_RDONLY [pid 6627] <... futex resumed>) = 0 [pid 6627] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] <... open resumed>) = 4 [ 155.415439][ T6628] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 155.425223][ T6628] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 155.438708][ T6628] BTRFS info (device loop0): checking UUID tree [pid 6628] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6628] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6627] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... ioctl resumed>) = 0 [pid 6627] <... futex resumed>) = 0 [pid 6627] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6627] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6628] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6627] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6627] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6627] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[6646]}, 88) = 6646 [pid 6627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6627] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6646 attached [pid 6646] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [ 155.513632][ T6628] BTRFS info (device loop0): balance: start -d -m [ 155.529582][ T6628] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6646] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6646] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6646] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] <... futex resumed>) = 0 [pid 6646] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 155.560038][ T6628] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6646] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6627] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6627] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6627] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6647 attached [pid 6647] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6647] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6627] <... clone3 resumed> => {parent_tid=[6647]}, 88) = 6647 [pid 6627] rt_sigprocmask(SIG_SETMASK, [], [pid 6647] rt_sigprocmask(SIG_SETMASK, [], [pid 6627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6627] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6647] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 6627] <... futex resumed>) = 1 [pid 6647] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6646] <... ioctl resumed>) = 0 [pid 6646] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 155.738069][ T6628] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 155.763625][ T6628] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6646] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6628] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6628] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6627] exit_group(0 [pid 6647] <... futex resumed>) = ? [pid 6628] <... futex resumed>) = ? [pid 6627] <... exit_group resumed>) = ? [pid 6647] +++ exited with 0 +++ [pid 6646] <... futex resumed>) = ? [pid 6628] +++ exited with 0 +++ [pid 6646] +++ exited with 0 +++ [pid 6627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6627, si_uid=0, si_status=0, si_utime=0, si_stime=44 /* 0.44 s */} --- [ 155.785171][ T6628] BTRFS info (device loop0): balance: ended with status: 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 [ 155.881100][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6648 attached , child_tidptr=0x5555561f7690) = 6648 [pid 6648] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6648] chdir("./75") = 0 [pid 6648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6648] setpgid(0, 0) = 0 [pid 6648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6648] write(3, "1000", 4) = 4 [pid 6648] close(3) = 0 [pid 6648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6648] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6648] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6649 attached [pid 6649] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6648] <... clone3 resumed> => {parent_tid=[6649]}, 88) = 6649 [pid 6649] set_robust_list(0x7f65a9e199a0, 24 [pid 6648] rt_sigprocmask(SIG_SETMASK, [], [pid 6649] <... set_robust_list resumed>) = 0 [pid 6648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6649] rt_sigprocmask(SIG_SETMASK, [], [pid 6648] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6649] memfd_create("syzkaller", 0) = 3 [pid 6649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6649] munmap(0x7f65a1800000, 138412032) = 0 [pid 6649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6649] close(3) = 0 [pid 6649] mkdir("./file0", 0777) = 0 [ 156.399072][ T6649] loop0: detected capacity change from 0 to 32768 [ 156.419711][ T6649] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6649) [ 156.435537][ T6649] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 156.445825][ T6649] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 156.455130][ T6649] BTRFS info (device loop0): disk space caching is enabled [ 156.480518][ T6649] BTRFS info (device loop0): rebuilding free space tree [pid 6649] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6649] chdir("./file0") = 0 [pid 6649] ioctl(4, LOOP_CLR_FD) = 0 [pid 6649] close(4) = 0 [pid 6649] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 156.493919][ T6649] BTRFS info (device loop0): disabling free space tree [ 156.501085][ T6649] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 156.510810][ T6649] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 156.524510][ T6649] BTRFS info (device loop0): checking UUID tree [pid 6649] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6649] <... futex resumed>) = 0 [pid 6648] <... futex resumed>) = 1 [pid 6649] open("./file0", O_RDONLY [pid 6648] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] <... open resumed>) = 4 [pid 6649] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6649] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6649] <... futex resumed>) = 0 [pid 6649] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6648] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6649] <... ioctl resumed>) = 0 [pid 6649] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] <... futex resumed>) = 0 [pid 6649] <... futex resumed>) = 1 [pid 6649] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6648] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 156.644385][ T6649] BTRFS info (device loop0): balance: start -d -m [ 156.655330][ T6649] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6648] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6648] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6648] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6648] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6667 attached [pid 6667] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6667] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6648] <... clone3 resumed> => {parent_tid=[6667]}, 88) = 6667 [pid 6667] rt_sigprocmask(SIG_SETMASK, [], [pid 6648] rt_sigprocmask(SIG_SETMASK, [], [pid 6667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6667] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6648] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6667] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6667] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6667] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... futex resumed>) = 0 [pid 6648] <... futex resumed>) = 1 [pid 6667] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 156.684859][ T6649] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6648] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6648] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6648] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6668 attached => {parent_tid=[6668]}, 88) = 6668 [pid 6648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6648] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6668] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6668] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6668] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6668] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6668] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6667] <... ioctl resumed>) = 0 [pid 6667] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 156.837737][ T6649] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 156.863941][ T6649] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6667] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6649] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6649] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6649] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6648] exit_group(0 [pid 6668] <... futex resumed>) = ? [pid 6667] <... futex resumed>) = ? [pid 6649] <... futex resumed>) = ? [pid 6648] <... exit_group resumed>) = ? [pid 6667] +++ exited with 0 +++ [pid 6649] +++ exited with 0 +++ [pid 6668] +++ exited with 0 +++ [pid 6648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6648, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=40 /* 0.40 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 156.885636][ T6649] BTRFS info (device loop0): balance: ended with status: 0 openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 [ 156.981385][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555561f7690) = 6669 ./strace-static-x86_64: Process 6669 attached [pid 6669] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6669] chdir("./76") = 0 [pid 6669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6669] setpgid(0, 0) = 0 [pid 6669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6669] write(3, "1000", 4) = 4 [pid 6669] close(3) = 0 [pid 6669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6669] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6669] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6669] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6670 attached => {parent_tid=[6670]}, 88) = 6670 [pid 6669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6670] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6669] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] set_robust_list(0x7f65a9e199a0, 24 [pid 6669] <... futex resumed>) = 0 [pid 6670] <... set_robust_list resumed>) = 0 [pid 6670] rt_sigprocmask(SIG_SETMASK, [], [pid 6669] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6670] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6670] memfd_create("syzkaller", 0) = 3 [pid 6670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6670] munmap(0x7f65a1800000, 138412032) = 0 [pid 6670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6670] close(3) = 0 [pid 6670] mkdir("./file0", 0777) = 0 [ 157.426835][ T6670] loop0: detected capacity change from 0 to 32768 [ 157.442386][ T6670] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6670) [ 157.458299][ T6670] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 157.468601][ T6670] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 157.477838][ T6670] BTRFS info (device loop0): disk space caching is enabled [ 157.503009][ T6670] BTRFS info (device loop0): rebuilding free space tree [ 157.515092][ T6670] BTRFS info (device loop0): disabling free space tree [pid 6670] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6670] chdir("./file0") = 0 [pid 6670] ioctl(4, LOOP_CLR_FD) = 0 [pid 6670] close(4) = 0 [pid 6670] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6670] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] <... futex resumed>) = 0 [pid 6669] <... futex resumed>) = 1 [pid 6669] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] open("./file0", O_RDONLY) = 4 [ 157.522139][ T6670] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 157.531834][ T6670] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 157.545514][ T6670] BTRFS info (device loop0): checking UUID tree [pid 6670] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6670] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6670] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] <... futex resumed>) = 0 [pid 6669] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] <... futex resumed>) = 0 [pid 6669] <... futex resumed>) = 1 [pid 6670] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 157.606073][ T6670] BTRFS info (device loop0): balance: start -d -m [ 157.614971][ T6670] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6669] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6669] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6669] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6669] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0} => {parent_tid=[6688]}, 88) = 6688 [pid 6669] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6688 attached NULL, 8) = 0 [pid 6688] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6669] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... rseq resumed>) = 0 [pid 6669] <... futex resumed>) = 0 [pid 6688] set_robust_list(0x7f65a9df89a0, 24 [pid 6669] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6688] <... set_robust_list resumed>) = 0 [pid 6688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6688] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6688] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6688] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6669] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 157.651000][ T6670] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6669] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6669] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6669] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6689 attached => {parent_tid=[6689]}, 88) = 6689 [pid 6689] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6669] rt_sigprocmask(SIG_SETMASK, [], [pid 6689] <... rseq resumed>) = 0 [pid 6669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6689] set_robust_list(0x7f65a9dd79a0, 24 [pid 6669] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... set_robust_list resumed>) = 0 [pid 6669] <... futex resumed>) = 0 [pid 6689] rt_sigprocmask(SIG_SETMASK, [], [pid 6669] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6689] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6689] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6689] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6688] <... ioctl resumed>) = 0 [pid 6688] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 157.852709][ T6670] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 157.877506][ T6670] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6688] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6670] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6670] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] exit_group(0 [pid 6689] <... futex resumed>) = ? [pid 6688] <... futex resumed>) = ? [pid 6670] <... futex resumed>) = ? [pid 6689] +++ exited with 0 +++ [pid 6688] +++ exited with 0 +++ [pid 6669] <... exit_group resumed>) = ? [pid 6670] +++ exited with 0 +++ [pid 6669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6669, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=43 /* 0.43 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 157.898097][ T6670] BTRFS info (device loop0): balance: ended with status: 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 [ 157.990150][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6690 attached , child_tidptr=0x5555561f7690) = 6690 [pid 6690] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6690] chdir("./77") = 0 [pid 6690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6690] setpgid(0, 0) = 0 [pid 6690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6690] write(3, "1000", 4) = 4 [pid 6690] close(3) = 0 [pid 6690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6690] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6690] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6690] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6690] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6690] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6691 attached [pid 6691] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6691] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6691] rt_sigprocmask(SIG_SETMASK, [], [pid 6690] <... clone3 resumed> => {parent_tid=[6691]}, 88) = 6691 [pid 6691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6690] rt_sigprocmask(SIG_SETMASK, [], [pid 6691] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6690] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6691] <... futex resumed>) = 0 [pid 6690] <... futex resumed>) = 1 [pid 6691] memfd_create("syzkaller", 0 [pid 6690] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6691] <... memfd_create resumed>) = 3 [pid 6691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6691] munmap(0x7f65a1800000, 138412032) = 0 [pid 6691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6691] close(3) = 0 [pid 6691] mkdir("./file0", 0777) = 0 [ 158.477861][ T6691] loop0: detected capacity change from 0 to 32768 [ 158.503776][ T6691] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6691) [ 158.519734][ T6691] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 158.529968][ T6691] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 158.539318][ T6691] BTRFS info (device loop0): disk space caching is enabled [ 158.564318][ T6691] BTRFS info (device loop0): rebuilding free space tree [pid 6691] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6691] chdir("./file0") = 0 [pid 6691] ioctl(4, LOOP_CLR_FD) = 0 [pid 6691] close(4) = 0 [pid 6691] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] <... futex resumed>) = 0 [pid 6691] <... futex resumed>) = 1 [pid 6690] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6691] open("./file0", O_RDONLY [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] <... open resumed>) = 4 [pid 6691] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] <... futex resumed>) = 0 [pid 6691] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [ 158.576442][ T6691] BTRFS info (device loop0): disabling free space tree [ 158.583529][ T6691] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 158.593286][ T6691] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 158.607484][ T6691] BTRFS info (device loop0): checking UUID tree [pid 6690] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6691] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6690] <... futex resumed>) = 0 [pid 6691] <... ioctl resumed>) = 0 [pid 6690] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6691] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6691] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6690] <... futex resumed>) = 0 [pid 6690] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6691] <... futex resumed>) = 0 [pid 6690] <... futex resumed>) = 1 [pid 6691] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 158.682108][ T6691] BTRFS info (device loop0): balance: start -d -m [ 158.691071][ T6691] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6690] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6690] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6690] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6690] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6690] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6709 attached => {parent_tid=[6709]}, 88) = 6709 [pid 6709] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6709] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6709] rt_sigprocmask(SIG_SETMASK, [], [pid 6690] rt_sigprocmask(SIG_SETMASK, [], [pid 6709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6709] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6690] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6709] <... futex resumed>) = 0 [pid 6690] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6709] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] <... futex resumed>) = 0 [pid 6709] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6690] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6690] <... futex resumed>) = 0 [pid 6709] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [ 158.727771][ T6691] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6690] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6690] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6690] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6690] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6690] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0} => {parent_tid=[6710]}, 88) = 6710 ./strace-static-x86_64: Process 6710 attached [pid 6690] rt_sigprocmask(SIG_SETMASK, [], [pid 6710] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6710] <... rseq resumed>) = 0 [pid 6690] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6710] set_robust_list(0x7f65a9dd79a0, 24 [pid 6690] <... futex resumed>) = 0 [pid 6710] <... set_robust_list resumed>) = 0 [pid 6710] rt_sigprocmask(SIG_SETMASK, [], [pid 6690] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6710] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6710] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] <... futex resumed>) = 0 [pid 6710] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6709] <... ioctl resumed>) = 0 [pid 6709] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 158.915033][ T6691] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 158.941856][ T6691] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6709] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6691] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6691] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6691] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6690] exit_group(0 [pid 6710] <... futex resumed>) = ? [pid 6709] <... futex resumed>) = ? [pid 6691] <... futex resumed>) = ? [pid 6690] <... exit_group resumed>) = ? [pid 6710] +++ exited with 0 +++ [pid 6709] +++ exited with 0 +++ [pid 6691] +++ exited with 0 +++ [pid 6690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6690, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=40 /* 0.40 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 [ 158.962280][ T6691] BTRFS info (device loop0): balance: ended with status: 0 [ 158.992167][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6711 attached , child_tidptr=0x5555561f7690) = 6711 [pid 6711] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6711] chdir("./78") = 0 [pid 6711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6711] setpgid(0, 0) = 0 [pid 6711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6711] write(3, "1000", 4) = 4 [pid 6711] close(3) = 0 [pid 6711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6711] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6711] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6711] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6712 attached [pid 6712] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053) = 0 [pid 6712] set_robust_list(0x7f65a9e199a0, 24 [pid 6711] <... clone3 resumed> => {parent_tid=[6712]}, 88) = 6712 [pid 6712] <... set_robust_list resumed>) = 0 [pid 6711] rt_sigprocmask(SIG_SETMASK, [], [pid 6712] rt_sigprocmask(SIG_SETMASK, [], [pid 6711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6712] memfd_create("syzkaller", 0 [pid 6711] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6712] <... memfd_create resumed>) = 3 [pid 6712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6712] munmap(0x7f65a1800000, 138412032) = 0 [pid 6712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6712] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6712] close(3) = 0 [pid 6712] mkdir("./file0", 0777) = 0 [ 159.487445][ T6712] loop0: detected capacity change from 0 to 32768 [ 159.504196][ T6712] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6712) [ 159.519456][ T6712] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 159.529651][ T6712] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 159.538947][ T6712] BTRFS info (device loop0): disk space caching is enabled [ 159.562588][ T6712] BTRFS info (device loop0): rebuilding free space tree [ 159.575277][ T6712] BTRFS info (device loop0): disabling free space tree [pid 6712] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6712] chdir("./file0") = 0 [pid 6712] ioctl(4, LOOP_CLR_FD) = 0 [pid 6712] close(4) = 0 [pid 6712] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6712] open("./file0", O_RDONLY [pid 6711] <... futex resumed>) = 0 [pid 6712] <... open resumed>) = 4 [pid 6711] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 159.582282][ T6712] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 159.592009][ T6712] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 159.606420][ T6712] BTRFS info (device loop0): checking UUID tree [pid 6712] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6712] <... futex resumed>) = 0 [pid 6711] <... futex resumed>) = 1 [pid 6712] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6711] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] <... ioctl resumed>) = 0 [pid 6712] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6711] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6711] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6711] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6730 attached => {parent_tid=[6730]}, 88) = 6730 [pid 6730] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6711] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] <... rseq resumed>) = 0 [pid 6730] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6730] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6730] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6730] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 159.657162][ T6712] BTRFS info (device loop0): balance: start -d -m [ 159.667238][ T6712] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 159.693592][ T6712] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6711] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6730] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6711] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6711] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6711] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6731 attached [pid 6731] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053 [pid 6711] <... clone3 resumed> => {parent_tid=[6731]}, 88) = 6731 [pid 6731] <... rseq resumed>) = 0 [pid 6711] rt_sigprocmask(SIG_SETMASK, [], [pid 6731] set_robust_list(0x7f65a9dd79a0, 24 [pid 6711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6731] <... set_robust_list resumed>) = 0 [pid 6711] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] rt_sigprocmask(SIG_SETMASK, [], [pid 6711] <... futex resumed>) = 0 [pid 6731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6711] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6731] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6731] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] <... futex resumed>) = 0 [ 159.817966][ T6712] BTRFS info (device loop0): found 9 extents, stage: move data extents [pid 6731] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6730] <... ioctl resumed>) = 0 [pid 6730] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6730] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6712] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6712] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] exit_group(0 [pid 6731] <... futex resumed>) = ? [pid 6730] <... futex resumed>) = ? [pid 6731] +++ exited with 0 +++ [pid 6712] <... futex resumed>) = ? [pid 6711] <... exit_group resumed>) = ? [pid 6730] +++ exited with 0 +++ [pid 6712] +++ exited with 0 +++ [pid 6711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6711, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 159.919794][ T6712] BTRFS info (device loop0): found 1 extents, stage: update data pointers [ 159.949795][ T6712] BTRFS info (device loop0): balance: ended with status: 0 newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 [ 160.015389][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6732 attached , child_tidptr=0x5555561f7690) = 6732 [pid 6732] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6732] chdir("./79") = 0 [pid 6732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6732] setpgid(0, 0) = 0 [pid 6732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6732] write(3, "1000", 4) = 4 [pid 6732] close(3) = 0 [pid 6732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6732] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6732] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6733 attached => {parent_tid=[6733]}, 88) = 6733 [pid 6733] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6732] rt_sigprocmask(SIG_SETMASK, [], [pid 6733] <... rseq resumed>) = 0 [pid 6733] set_robust_list(0x7f65a9e199a0, 24) = 0 [pid 6733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6733] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6732] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = 0 [pid 6732] <... futex resumed>) = 1 [pid 6733] memfd_create("syzkaller", 0 [pid 6732] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6733] <... memfd_create resumed>) = 3 [pid 6733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6733] munmap(0x7f65a1800000, 138412032) = 0 [pid 6733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6733] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6733] close(3) = 0 [pid 6733] mkdir("./file0", 0777) = 0 [ 160.534971][ T6733] loop0: detected capacity change from 0 to 32768 [ 160.560586][ T6733] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6733) [ 160.576703][ T6733] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 160.586965][ T6733] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 160.596425][ T6733] BTRFS info (device loop0): disk space caching is enabled [ 160.618735][ T6733] BTRFS info (device loop0): rebuilding free space tree [pid 6733] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6733] chdir("./file0") = 0 [pid 6733] ioctl(4, LOOP_CLR_FD) = 0 [pid 6733] close(4) = 0 [pid 6733] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6733] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6732] <... futex resumed>) = 0 [pid 6732] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] open("./file0", O_RDONLY) = 4 [ 160.632155][ T6733] BTRFS info (device loop0): disabling free space tree [ 160.639165][ T6733] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 160.649230][ T6733] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 160.663063][ T6733] BTRFS info (device loop0): checking UUID tree [pid 6733] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6733] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6733] <... futex resumed>) = 0 [pid 6733] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840) = 0 [pid 6733] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6732] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... futex resumed>) = 0 [pid 6732] <... futex resumed>) = 1 [pid 6733] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [ 160.726034][ T6733] BTRFS info (device loop0): balance: start -d -m [ 160.736195][ T6733] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [pid 6732] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6732] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6732] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6751 attached [pid 6751] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053) = 0 [pid 6751] set_robust_list(0x7f65a9df89a0, 24 [pid 6732] <... clone3 resumed> => {parent_tid=[6751]}, 88) = 6751 [pid 6751] <... set_robust_list resumed>) = 0 [pid 6751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6751] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6732] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] <... futex resumed>) = 0 [pid 6732] <... futex resumed>) = 1 [pid 6751] openat(AT_FDCWD, ".", O_RDONLY [pid 6732] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... openat resumed>) = 5 [pid 6751] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6751] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] <... futex resumed>) = 0 [pid 6732] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] <... futex resumed>) = 0 [ 160.770350][ T6733] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6751] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6732] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6732] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6732] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6752 attached => {parent_tid=[6752]}, 88) = 6752 [pid 6732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6732] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6732] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6752] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6752] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6752] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6752] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 [pid 6752] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6751] <... ioctl resumed>) = 0 [pid 6751] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 160.957861][ T6733] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 160.983353][ T6733] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6751] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6733] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6733] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6732] exit_group(0 [pid 6752] <... futex resumed>) = ? [pid 6752] +++ exited with 0 +++ [pid 6733] <... futex resumed>) = ? [pid 6751] <... futex resumed>) = ? [pid 6732] <... exit_group resumed>) = ? [pid 6751] +++ exited with 0 +++ [pid 6733] +++ exited with 0 +++ [ 161.004771][ T6733] BTRFS info (device loop0): balance: ended with status: 0 [pid 6732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6732, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=45 /* 0.45 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 [ 161.088254][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6753 attached , child_tidptr=0x5555561f7690) = 6753 [pid 6753] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6753] chdir("./80") = 0 [pid 6753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6753] setpgid(0, 0) = 0 [pid 6753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6753] write(3, "1000", 4) = 4 [pid 6753] close(3) = 0 [pid 6753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6753] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6753] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6753] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6754 attached [pid 6754] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6753] <... clone3 resumed> => {parent_tid=[6754]}, 88) = 6754 [pid 6754] <... rseq resumed>) = 0 [pid 6753] rt_sigprocmask(SIG_SETMASK, [], [pid 6754] set_robust_list(0x7f65a9e199a0, 24 [pid 6753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6754] <... set_robust_list resumed>) = 0 [pid 6753] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] rt_sigprocmask(SIG_SETMASK, [], [pid 6753] <... futex resumed>) = 0 [pid 6754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6753] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6754] memfd_create("syzkaller", 0) = 3 [pid 6754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6754] munmap(0x7f65a1800000, 138412032) = 0 [pid 6754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6754] close(3) = 0 [pid 6754] mkdir("./file0", 0777) = 0 [ 161.599511][ T6754] loop0: detected capacity change from 0 to 32768 [ 161.626444][ T6754] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6754) [ 161.641964][ T6754] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 161.652284][ T6754] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 161.661622][ T6754] BTRFS info (device loop0): disk space caching is enabled [ 161.685649][ T6754] BTRFS info (device loop0): rebuilding free space tree [pid 6754] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6754] chdir("./file0") = 0 [pid 6754] ioctl(4, LOOP_CLR_FD) = 0 [pid 6754] close(4) = 0 [pid 6754] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6754] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] <... futex resumed>) = 0 [pid 6754] open("./file0", O_RDONLY) = 4 [pid 6754] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6754] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6753] <... futex resumed>) = 0 [pid 6754] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6753] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] <... ioctl resumed>) = 0 [pid 6754] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6753] <... futex resumed>) = 0 [ 161.697985][ T6754] BTRFS info (device loop0): disabling free space tree [ 161.705058][ T6754] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 161.714776][ T6754] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 161.728214][ T6754] BTRFS info (device loop0): checking UUID tree [pid 6753] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6753] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6753] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6772 attached => {parent_tid=[6772]}, 88) = 6772 [pid 6772] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6753] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] <... rseq resumed>) = 0 [pid 6772] set_robust_list(0x7f65a9df89a0, 24) = 0 [ 161.782772][ T6754] BTRFS info (device loop0): balance: start -d -m [ 161.793768][ T6754] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 161.820676][ T6754] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6772] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6772] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6772] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] <... futex resumed>) = 0 [pid 6753] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] <... futex resumed>) = 0 [pid 6753] <... futex resumed>) = 1 [pid 6772] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6753] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6753] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6753] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6773 attached [pid 6773] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6753] <... clone3 resumed> => {parent_tid=[6773]}, 88) = 6773 [pid 6773] set_robust_list(0x7f65a9dd79a0, 24 [pid 6753] rt_sigprocmask(SIG_SETMASK, [], [pid 6773] <... set_robust_list resumed>) = 0 [pid 6753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6773] rt_sigprocmask(SIG_SETMASK, [], [pid 6753] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6753] <... futex resumed>) = 0 [pid 6773] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 6753] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6773] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 6773] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6773] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6772] <... ioctl resumed>) = 0 [pid 6772] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 162.013375][ T6754] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 162.040800][ T6754] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6772] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6754] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6754] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6753] exit_group(0 [pid 6773] <... futex resumed>) = ? [pid 6773] +++ exited with 0 +++ [pid 6772] <... futex resumed>) = ? [pid 6754] <... futex resumed>) = ? [pid 6753] <... exit_group resumed>) = ? [pid 6772] +++ exited with 0 +++ [pid 6754] +++ exited with 0 +++ [pid 6753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6753, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=42 /* 0.42 s */} --- [ 162.060775][ T6754] BTRFS info (device loop0): balance: ended with status: 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 [ 162.200135][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6774 attached , child_tidptr=0x5555561f7690) = 6774 [pid 6774] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6774] chdir("./81") = 0 [pid 6774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6774] setpgid(0, 0) = 0 [pid 6774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6774] write(3, "1000", 4) = 4 [pid 6774] close(3) = 0 [pid 6774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6774] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6774] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6774] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6775 attached [pid 6775] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6774] <... clone3 resumed> => {parent_tid=[6775]}, 88) = 6775 [pid 6775] <... rseq resumed>) = 0 [pid 6774] rt_sigprocmask(SIG_SETMASK, [], [pid 6775] set_robust_list(0x7f65a9e199a0, 24 [pid 6774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6775] <... set_robust_list resumed>) = 0 [pid 6774] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6774] <... futex resumed>) = 0 [pid 6775] memfd_create("syzkaller", 0 [pid 6774] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6775] <... memfd_create resumed>) = 3 [pid 6775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6775] munmap(0x7f65a1800000, 138412032) = 0 [pid 6775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6775] close(3) = 0 [pid 6775] mkdir("./file0", 0777) = 0 [ 162.667578][ T6775] loop0: detected capacity change from 0 to 32768 [ 162.677296][ T6775] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor163 (6775) [ 162.693389][ T6775] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 162.703611][ T6775] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 162.712872][ T6775] BTRFS info (device loop0): disk space caching is enabled [ 162.736330][ T6775] BTRFS info (device loop0): rebuilding free space tree [ 162.749097][ T6775] BTRFS info (device loop0): disabling free space tree [ 162.756112][ T6775] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [pid 6775] mount("/dev/loop0", "./file0", "btrfs", MS_NOEXEC|MS_STRICTATIME, "datacow,clear_cache,nodatasum,rescan_uuid_tree,degraded,space_cache=v1,") = 0 [pid 6775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6775] chdir("./file0") = 0 [pid 6775] ioctl(4, LOOP_CLR_FD) = 0 [pid 6775] close(4) = 0 [pid 6775] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6775] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... futex resumed>) = 0 [pid 6774] <... futex resumed>) = 1 [pid 6775] open("./file0", O_RDONLY [pid 6774] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] <... open resumed>) = 4 [pid 6775] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6775] ioctl(4, BTRFS_IOC_GET_SUBVOL_INFO, 0x20001840 [pid 6774] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] <... ioctl resumed>) = 0 [pid 6774] <... futex resumed>) = 0 [ 162.765831][ T6775] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 162.779257][ T6775] BTRFS info (device loop0): checking UUID tree [pid 6775] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6774] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] <... futex resumed>) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6775] ioctl(4, BTRFS_IOC_BALANCE_V2, {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}} [pid 6774] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6774] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9dd8000 [pid 6774] mprotect(0x7f65a9dd9000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9df8990, parent_tid=0x7f65a9df8990, exit_signal=0, stack=0x7f65a9dd8000, stack_size=0x20300, tls=0x7f65a9df86c0}./strace-static-x86_64: Process 6793 attached => {parent_tid=[6793]}, 88) = 6793 [pid 6774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6774] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] rseq(0x7f65a9df8fe0, 0x20, 0, 0x53053053 [pid 6774] <... futex resumed>) = 0 [pid 6793] <... rseq resumed>) = 0 [pid 6793] set_robust_list(0x7f65a9df89a0, 24) = 0 [pid 6793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 162.838059][ T6775] BTRFS info (device loop0): balance: start -d -m [ 162.846832][ T6775] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 162.875425][ T6775] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [pid 6793] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 6774] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6793] ioctl(5, FITRIM, {start=0x1, len=1783039598661162467, minlen=0} [pid 6774] futex(0x7f65a9ee96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f65a9ee96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6774] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9db7000 [pid 6774] mprotect(0x7f65a9db8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6774] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6774] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9dd7990, parent_tid=0x7f65a9dd7990, exit_signal=0, stack=0x7f65a9db7000, stack_size=0x20300, tls=0x7f65a9dd76c0}./strace-static-x86_64: Process 6794 attached => {parent_tid=[6794]}, 88) = 6794 [pid 6774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6794] rseq(0x7f65a9dd7fe0, 0x20, 0, 0x53053053) = 0 [pid 6794] set_robust_list(0x7f65a9dd79a0, 24) = 0 [pid 6794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6794] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] futex(0x7f65a9ee96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] <... futex resumed>) = 0 [pid 6774] <... futex resumed>) = 1 [pid 6794] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 6774] futex(0x7f65a9ee96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] futex(0x7f65a9ee96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6794] futex(0x7f65a9ee96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6793] <... ioctl resumed>) = 0 [pid 6793] futex(0x7f65a9ee96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 163.074787][ T6775] BTRFS info (device loop0): found 9 extents, stage: move data extents [ 163.100799][ T6775] BTRFS info (device loop0): found 1 extents, stage: update data pointers [pid 6793] futex(0x7f65a9ee96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] <... ioctl resumed> => {flags=BTRFS_BALANCE_DATA|BTRFS_BALANCE_METADATA, state=0, data={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}, meta={profiles=0, usage=0, devid=makedev(0, 0), pstart=0, pend=0, vstart=0, vend=0, target=0, flags=0}}) = 0 [pid 6775] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] futex(0x7f65a9ee96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] exit_group(0 [pid 6794] <... futex resumed>) = ? [pid 6793] <... futex resumed>) = ? [pid 6775] <... futex resumed>) = ? [pid 6774] <... exit_group resumed>) = ? [pid 6794] +++ exited with 0 +++ [pid 6793] +++ exited with 0 +++ [pid 6775] +++ exited with 0 +++ [pid 6774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6774, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=39 /* 0.39 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 163.121543][ T6775] BTRFS info (device loop0): balance: ended with status: 0 getdents64(3, 0x5555561f8730 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 [ 163.190989][ T5064] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556200770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556200770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x5555561f8730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6795 attached , child_tidptr=0x5555561f7690) = 6795 [pid 6795] set_robust_list(0x5555561f76a0, 24) = 0 [pid 6795] chdir("./82") = 0 [pid 6795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6795] setpgid(0, 0) = 0 [pid 6795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6795] write(3, "1000", 4) = 4 [pid 6795] close(3) = 0 [pid 6795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6795] futex(0x7f65a9ee96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] rt_sigaction(SIGRT_1, {sa_handler=0x7f65a9e83070, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65a9e74220}, NULL, 8) = 0 [pid 6795] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f65a9df9000 [pid 6795] mprotect(0x7f65a9dfa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f65a9e19990, parent_tid=0x7f65a9e19990, exit_signal=0, stack=0x7f65a9df9000, stack_size=0x20300, tls=0x7f65a9e196c0}./strace-static-x86_64: Process 6796 attached [pid 6796] rseq(0x7f65a9e19fe0, 0x20, 0, 0x53053053 [pid 6795] <... clone3 resumed> => {parent_tid=[6796]}, 88) = 6796 [pid 6796] <... rseq resumed>) = 0 [pid 6795] rt_sigprocmask(SIG_SETMASK, [], [pid 6796] set_robust_list(0x7f65a9e199a0, 24 [pid 6795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6796] <... set_robust_list resumed>) = 0 [pid 6795] futex(0x7f65a9ee96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] rt_sigprocmask(SIG_SETMASK, [], [pid 6795] <... futex resumed>) = 0 [pid 6796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6796] memfd_create("syzkaller", 0 [pid 6795] futex(0x7f65a9ee96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6796] <... memfd_create resumed>) = 3 [pid 6796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f65a1800000 [pid 6796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0